Re: What the voting experts think of bar codes

From: David Mertz <voting-project_at_gnosis_dot_cx>
Date: Wed Jun 02 2004 - 17:10:50 CDT

On Jun 2, 2004, at 4:03 PM, Stuart K Johnston wrote:
> About the bar codes / public trust issue: Would it be productive:
> If the poll worker could demo the interpretation of a scanned bar code

How do you demo/prove what ISN'T in there. Sure you can carry a
barcode to a BVA application (or some other custom app), but a
suspicious voter doesn't know that the app isn't programmed to only
read the non-leaky part of the barcode. I don't see poll workers
explaining the encoding for voters to decode by hand: "two narrow bars
followed by one wide bar represents the digit zero..." (or whatever it
actually is).

When I spoke to Ron Rivest--who was kinda pushing the Chaum scheme--I
asked him a rhetorical question: "How sure are you, the R in RSA, one
of the top dozen cryptographers in the world, that a Chaum ballot
doesn't contain a covert channel to leak voter information?" (not those
exact words :-)). Ron fudged his answer by saying that the Chaum
ballot system wasn't fully specified yet, so he couldn't answer. But
that misses the point IMO: even if it were fully implemented,
cryptosystems of comparable complexity are often broken only after
decades of study by people like Ron. Now if you happen to have a
system built with an in-house top cryptologist who's willing to insert
a backdoor for $20M (chump change compared to the amount spent on US
election campaigns)... it might well take the other 11 worlds-best
cryptographers a decade to find it.

Moreover, ordinary programmer me can already think of a likely covert
channel attack: don't generate the primes used in the vote encodings
truly at random. Be a little picky about which primes you choose for
which voters. Looking at just one--or probably even at a
million--ballots isn't enough to prove that those million primes are
non-random ones (it may actually be multiple primes per voters, but
just to illustrate). There are VERY sneaky ways to leak information.

Wanna make a (large) bet whether I can write a reasonable-looking vote
encoding algorithm that contains a covert channel that the rest of the
OVC list cannot detect? Say, I provide four hypothetical encodings,
each one close to optimality, and put a deliberate side channel in
exactly one of them. And I offer a large wager to anyone who thinks
they can guess which is which based on a complete specification of the
produced barcode for every vote combination.
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Wed Jun 30 23:17:03 2004

This archive was generated by hypermail 2.1.8 : Wed Jun 30 2004 - 23:17:29 CDT