Voting Crypto Contest held by ES&S

From: charlie strauss <cems_at_earthlink_dot_net>
Date: Wed Jul 25 2007 - 09:15:45 CDT

ES&S held a voting crypto contest. The winner was (nominally)
punchscan which is complicated fiddly voting scheme created by
mathematician david chaum. Chaum himself is quite good and has
proposed other related methods previously. I've not analyzed the
method for flaws in detail but if I recall correctly it has the same
achilles heel that Chaum's other method did. Namely someone has to
have the keys to the crypto, at least at some point in the process.
So if key security gets penetrated, the jig is up. This is a common
flaw with most crypto schemes: As the authority circle is shrunk to
guard the data handling paths, a point for a central attack is born,
ironically reducing the size of the conspiracy need to subvert the
election. (The notable exception being Rivest's Triple Ballot which
has different critical flaws but, brilliantly, no keys to control)

There a lot of aspects to this article I found interesting besides
the topic itself. First, if you read the comments you see that the
people reading this are informed enough to know what it's doing but
not understanding it's key point. For instance the first comment says
this receipt based system would allow vote selling. Actually that's
not true. It lets you prove to yourself that your ballot made it to
city hall but not how you voted. But if smart folks reading Wired
cant figure that out.... Well it's not very transparent and leaves
people worried to boot. So as usual it's the lack transparency that
makes crypto self defeating for public confidence.

The second item will warm the cockles of the heart of all open-source
enthusiasts. Namely, That the competing algorithm had a flaw deep in
it's random number generator. A quintessentially classic but hard to
find blunder in crypto. It's no shame since the this kind of blunder
has tripped up the best in the business over the years. In any case,
the ONLY reason it was found by the white-hats was because the source
was open and a clever, motivated, competitor looked at it.

Now let me unpack that last sentence further. Obviously the open
source part was crucial. But so was the motivated competitor. If
source is merely disclosed but is not open then usually one has to
sign Non-disclosure agreements to view it, and this scares away any
competitor from viewing the code. Thus the best eyes never look.
That's why open source trumps sequestered disclosed source (and both
trump closed source).

Finally, I note it's pretty common for hastily written software--
which is mostly what commercial election software appears to be-- to
delegate parts like say random number generation or windows
management to some piece of third party software or hardware. For
example, to the operating system or to some math-functions package
purchased as an add-on to speed the development process. So when one
says "open source", it's also important that ALL the source is open
not just the high level application layer.

Messages in this topic (1)Reply (via web post) | Start a new topic
More info on Verfied Voting New Mexico

Change settings via the Web (Yahoo! ID required)
Change settings via email: Switch delivery to Daily Digest | Switch
format to Traditional
Visit Your Group | Yahoo! Groups Terms of Use | Unsubscribe
Visit Your Group
Touch screen display
Touch screen
New mexico mortgage broker
New mexico bed breakfast
New mexico home loan
Yahoo! News
Sexual Health

Get important

sex health news

Yahoo! TV
Staying in tonight?

Check listings to

see what is on.

Yahoo! Groups
Moderator Central

Connecting a world

of moderators



OVC-discuss mailing list

= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Tue Jul 31 23:17:05 2007

This archive was generated by hypermail 2.1.8 : Tue Jul 31 2007 - 23:17:08 CDT