Re: Report on EVM Rating Workshop

From: Joseph Lorenzo Hall <joehall_at_gmail_dot_com>
Date: Tue Jun 13 2006 - 13:09:47 CDT

Check out Chaum's punchscan scheme... while it's still not easily
explainable to election officials, it is the first encryption scheme
that many smart people (but not crypto-smart) have been able to grasp:


(Unfortunately, Josh Benaloh's new scheme involving mix-nets and
zero-knowledge proofs doesn't seem to be posted there yet.)


On 6/13/06, Ron Crane <> wrote:
> Alan Dechert wrote:
> Work at GW is focusing on comparing machines in terms of criteria
> such as integrity and privacy, showing tradeoffs and analyzing the
> conditions under which these criteria may be difficult to achieve-singly
> or together-due to electoral infrastructure issues.
> "The hot topic" at the workshop was encryption. Alan Sherman asked me
> a question about the OVC position and I pleaded ignorance, but my
> impression is that the OVC list has not included any discussion of this
> topic. If I am wrong, the OVC needs to take account of the recent work
> of David Chaum and Josh Benalosh taking a systems cryptographic
> approach to elections that may make concerns about election
> machines-as we know them-irrelevant. I realize that some of these
> ideas are not new, but they created a buzz at the meeting.
> We have talked quite a bit about encryption. We did not include encryption
> in our demo prototype. I think it's fair to say that we would include
> encryption in a production system. I think we'd say that encryption would
> provide a security layer for the OVC system, but would be only one of
> several layers. You could remove the encryption layer and the system would
> still work although it would be less secure. I believe this is the way
> security layers are supposed to work.
> The reference to encryption is to schemes (like VoteHere: Neff-Chaum) that
> use cryptography to -- proponents argue -- allow voters to determine whether
> their ballots are correctly included in the final tally without being able
> to prove to anyone else how they voted. I have significant doubts about
> Neff-Chaum's robustness against vendor-based vote-switching attacks.
> Further, none of the cryptographic schemes (that I know about) address
> presentation frauds, and none address (or can address)
> differential-reliability attacks. Finally, they're opaque as all get-out
> except to cryptographers. As such, they cannot effectively be supervised by
> the general public -- and therefore should not be used. All told, these
> schemes do not "make concerns about election machines-as we know
> them-irrelevant."
> -R
> _______________________________________________
> OVC-discuss mailing list

Joseph Lorenzo Hall
PhD Student, UC Berkeley, School of Information
OVC-discuss mailing list
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
Received on Fri Jun 30 23:17:05 2006

This archive was generated by hypermail 2.1.8 : Fri Jun 30 2006 - 23:17:12 CDT