Re: Voting Crypto Contest held by ES&S

From: Charlie Strauss <cems_at_earthlink_dot_net>
Date: Wed Jul 25 2007 - 10:54:42 CDT

On Jul 25, 2007, at 9:03 AM, Ben Adida wrote:

> charlie strauss wrote:
>> Namely someone has to have the keys to the crypto, at least
>> at some point in the process. So if key security gets penetrated, the
>> jig is up. This is a common flaw with most crypto schemes: As the
>> authority circle is shrunk to guard the data handling paths, a
>> point for
>> a central attack is born, ironically reducing the size of the
>> conspiracy
>> need to subvert the election.
> Charlie,
> This is, as I've mentioned before in discussions with you, false.
> In most cryptographic voting schemes, the "authority circle" can, if
> they all collude, discover how someone voted, but they cannot
> change the
> way that person voted or otherwise influence the result.

Okay Ben, I'm no crypto whiz. And I realize there are things like
codes that allow linear operations on the encoded data without the
keys. I realize thee are things like shared keys. But it's not as
far as I can tell, the case that every crypto system has every
attribute needed to secure the process. Thus when I make a casual
statement like "crytpto can't do X", it's not fair to argue well "yes
this this schem can", if that scheme gives up some other needed
attribute to achieve X.

Anyhow, I'm responding quickly here and Chaum's method is kinda mind
bending to follow in detail so I'm not perfectly certain about a lot
of things. Maybe you could help analyse it here.

Here are some speculations I have about how it might be vulnerable
that I can't be sure are right....

1) How to prove your vote:
take a picture of the completed ballot with your cell-phone camera
before it is shredded. Take home the completed ballot.
     i) It would be improbably that one could accidentally find two
pieces that matched correctly tht specified another vote pattern so
the picture is proof

2) Subverting the vote 1:
        If I have the keys I can decode the vote and know how you voted.
     i) if you can know how people voted it's not a secret ballot or
even an open ballot. Only the privledged know how you voted. That
alone is invaluable for vote suppression in future elections, and of
course there's the whole bit about coercion.

3) subverting the vote2:
        I may not even need to know the keys if I can manipulate
things at the time the ballot pairs are generated in chaum's scheme.
Chaum has two step were the labels on the candidates can be
inverted. This is the encoding. If I were able to add one more
completely random inversion in that pipeline, then I suspect I can
alter the vote outcome, yet the keys will appear to be perfectly
normal to all observers. And I won't even know what the keys are.
       i) the attack to change the election outcome is to only
scramble the inversions in precints where my candidate is going to
lose. If the pairs are radomized the election should head towards
50-50 and that meand my candidate picks up votes.

4) subverting the vote3:
       If I have the keys then can't I forge a set of ballots that 1)
match the recepits, 2) but change the votes?

Anyhow that's four quick questions. And if you have a better
explanation of chaum's method I'm all ears.

OVC-discuss mailing list
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Tue Jul 31 23:17:06 2007

This archive was generated by hypermail 2.1.8 : Tue Jul 31 2007 - 23:17:08 CDT