Re: Renewed anonymity concern in OVC design

From: David Mertz <voting-project_at_gnosis_dot_cx>
Date: Thu Jul 08 2004 - 13:33:45 CDT

On Jul 8, 2004, at 1:59 PM, Joseph Lorenzo Hall wrote:
> It seems that the problem here is that the voter and colluder (that's
> not a word, is it?) can easily remember the numbers... how about
> chaning that? Make them 20-digit numbers or symbols that are hard to
> remember (I can't imagine what). Is the concern with 20-digit numbers
> that this constitutes another possible covert chanel?

I'm not necessarily worried about a covert channel in a 20-digit
ballot-ID. Obviously, that -is- an issue to contemplate, but I don't
find it a huge concern.

'Colluder', FWIW is a perfectly good word according to my dictionary.

However, a 20-digit ID does little to address the attack I raise. Few
people can easily remember 20 digits. But pencil and paper are rather
widespread technology, and easy to conceal inside a voting booth.
Depending on exactly how you imagine the colluder acting, the longer
number might frustrate "at-a-glance" recognition of ballot-IDs. But
even there, this is a weak protection.

For example, when I compare MD5 sums (say on an ISO download), I rarely
check all the digits; the first four or five hex digits are enough to
make sure it wasn't just noisy bits during download. I think a similar
at-a-glance recognition of the first 4 of 20 digits enables a similar
recognition of ballots. Collisions on the first four digits would be
rare, even if 20 digits are used... or if the first 4 are strongly
non-uniform, some other digits will be nearly unique per-ballot.

If you let a "ballot hash" act in the role of the ballot-ID, you avoid
disclosing ANYTHING other than the ballot content itself. Contrary to
Alan's generic (but incorrect) "there's no end", this is a provable and
absolute minimum of disclosure. The hash literally adds ZERO
information to the ballot, but is simply computed -from- it (i.e. by
the BRP application).
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Sat Jul 31 23:17:12 2004

This archive was generated by hypermail 2.1.8 : Sat Jul 31 2004 - 23:17:15 CDT