Re: Voting Crypto Contest held by ES&S

From: Rick Carback <rick_dot_carback_at_gmail_dot_com>
Date: Wed Jul 25 2007 - 14:53:01 CDT

Thats not really true as there's dozens of ways to spy on voters to
determine how they voted, and all of them are system independent. Destroying
one sheet of the ballot without recording what was there is part of the
process, obviously if you do something that's not part of the process it
might cause problems, and there needs to be protections against such things.
However, I guess what your argument boils down to is that the ballot ID and
unique configurations make it easier.

The privacy issue is complicated...a well hidden camera, fingerprint
scanner, or a bad scanner could all identify a voter on optical scan like
systems. Digital systems are worse because you can do it with tempest
attacks. There's also the issue of whether the privacy is voluntary or
involuntary (all of the issues I just described are involuntary issues,
yours is voluntary, or rather, the voter knows it's happening). There's also
other strange issues like if you allow write-ins on the same ballot, your
voluntary privacy is hosed (the coercer simply tells the voter to vote for a
unique write-in candidate, and even without write-ins -- an unlikely set of
candidates on other races, and then looks for it during the counting..).

Analogous to your attack in standard optical scan would be having voters
spoil the 2-3 ballots they are permitted to spoil and photographing each
one, or videotaping the whole process from voting to scanning (this is
actually a lot easier and cheaper than you would think, and it's only going
to get cheaper, so at best you can claim that it is temporarily infeasible).
If there's a computer and you have VVPAT, wait till the confirm process,
spoil a unique number of times or vote uniquely, then photograph the vote
you make afterwards, or just record the screen.

Anytime you let in a device that can take photos, you can give pretty good
proofs you voted the way the individual who wanted to buy your vote desired,
and if you do video, you can do a lot better of a job..however, todays
ability for the average person to forge these things can help.

For PS, there are things you can do to prevent this specific problem. You
could hide the ballot id's with scratch surface until after voters vote, and
that would make it much harder for the ballot to be uniquely identified,
another is to make the ballot id's for each sheet unique and randomly
combining the top and bottom sheets (which we can do). For regular optical
scan, the privacy booth could also just be a very tall table, making using a
recording device a little trickier..

Re: the shared secret -- The key is deterministically generated from entropy
given by each official then stored in an encrypted form that can only be
decrypted with a subset (m out of n) users present. While the program is
running, it would be possible to somehow leak that key with some spying
hardware, so you need to deal with that (as you would with any system that
depends on anything private). The "diskless workstation" in our ideal system
is a see-through, tempest protected box with only a video, keyboard/mouse,
and dumb rw-switch storage interfaces. Trustees then go through a protocol
to test each others storage devices to ensure they are the same, then they
perform the trusted operation. We're getting closer to that in the current
implementation..

Alternatively, you can do a teller model, but that's a different set of
problems and doesn't buy you very much.

-Rick

On 7/25/07, charlie strauss <cems@earthlink.net> wrote:
>
> Rick, thanks for the responses. I'm mulling them. I do have one
> follow-up on the first question and your answer seemed to misunderstand what
> I asked.
>
> -----Original Message-----
>
> >
> >1) How to prove your vote:
> >> take a picture of the completed ballot with your cell-phone camera
> >> before it is shredded. Take home the completed ballot.
> >> i) It would be improbably that one could accidentally find two
> >> pieces that matched correctly tht specified another vote pattern so
> >> the picture is proof
> >
> >
> >Obviously, if you can somehow be in the booth, looking over the voter's
> >shoulder, you have a problem.. This isn't really any different.
>
>
> To be more clear. I mean that if a voter wants to prove their vote, all
> they need to so is snap a picture of the filled out ballot pair. That
> picture plus the reciept (which is on line too and thus not forgable) would
> seem like a nearly certain proof of vote. For contrast the same is not true
> of the OVC or a paper ballot.
>
> As for the shared secret system of keeping the keys, as I understand it,
> and I confess I'm not fully understanding all the modulo arithmetic that
> gets done (wiki kinda is confusing). It seems to me that there is
> ultimately one key that you may choose to escrow as a shared secret. But
> someone could acquire that one key either during the key generation process,
> or any time after the key decoded from escrow. is this right?
>
>
>
> _______________________________________________
> OVC-discuss mailing list
> OVC-discuss@listman.sonic.net
> http://lists.sonic.net/mailman/listinfo/ovc-discuss
>

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss

==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Tue Jul 31 23:17:06 2007

This archive was generated by hypermail 2.1.8 : Tue Jul 31 2007 - 23:17:08 CDT