More on the Chaum System

From: David Mertz <voting-project_at_gnosis_dot_cx>
Date: Tue May 04 2004 - 11:54:38 CDT

I know we've discussed it before, but we have newcomers and the topic
of anonymity and guarantees has come up yet again. I don't support
Chaum's system, for the reasons I present below. But I think it is
important in the special sense of occupying a position in the
conceptual space of validation options.

In brief, here's the system: Voter goes to polling place, and when
they leave they take with them a special receipt. This receipt--which
might be represented in a barcode that had been part of attached
transparencies (with one destroyed at poll)--is basically just a big
number. When the elections officials create the aggregate vote, they
do it in a special way that produces another big number. Through the
magic of cryptographic math, the aggregation number has a provable
connection to the voter's receipt number. The way the mojo works, the
math demonstrates the FACT that voter's vote was incorporated into the
aggregate, but not the specific CONTENT of the incorporated vote.

The Chaum system is a way to prove that a vote was not discarded
between the time it was cast and the time an aggregate result of the
election is published.

Here is the critique:

There are about 100 million voters in the USA.

Of those, perhaps 10,000 of them would be *capable* of understanding
the math behind Chaum's system. So the system is IN-PRINCIPLE
uncheckable for 99.99% of all voters. For what it's worth, I can
proudly but accurately claim that I am among those 10K people who could
manage to understand Chaum's math... if I were to spend a week or two
carefully studying it (and doing little else).

Of those 10K people who could in-principle get a grip on the math,
certainly fewer than 100 of them are professional cryptographers of a
quality to meaningfully evaluate Chaum's system for weaknesses. I
might be able to *learn* the rules, but I don't come anywhere close to
being able to really state that it doesn't subtly leak information
about individual votes; or that it is not perhaps somehow breakable by
an attacker who uses a fast computer to forge keys (and therefore
votes); or similar attacks. Of those 100 people (but probably fewer)
who have a meaningful opinion on the guarantees in Chaum's system, I
think OVC can say with some pride that we have two of them pretty much
"on board" (Amit Sahai and David Jefferson). And maybe three or four
of the other people who could really judge Chaum's system (if they
wanted to spend the time, most haven't) have said things supportive of
OVC. Probably about 20 more of the 100 work for the NSA, and none of
us here know their names.

So maybe Chaum's system works like it's supposed to. None of those 100
cryptographers have yet published an attack on it. Of course, 90 of
them of not bothered looking at it in enough detail to contemplate
specific attacks. And it is quite possible that not one of the 100
best cryptographers accepted a ten million dollar bribe to keep an
attack private ($10M would be a dirt-cheap price for the RNC or DNC to
have a way to undetectably change votes, should the Chaum system be
widely adopted).

What's the experience of us 99.999% of voters, were Chaum's system to
be widely adopted? Well, we'd go to the polls, cast some votes, get a
receipt with funny numbers on it. We would go home to our computer,
and punch in those numbers. The computer would happily proclaim, "Yep,
your vote was counted! (and we didn't even leak any information on your
individual votes)" Sure, we're welcome to trust those handful of
mathematicians who understand what went into generating that message
(both their integrity and their correctness). But it sure looks like a
black-box where the guarantee is "just trust us."

In my mind, I would much rather rely on trusting a bunch of ordinary
people carrying out procedures that I can easily comprehend. Poll
watchers from opposing parties (I could be one of them if I wanted to)
both observe the unlocking of the ballot box. Two elections volunteers
independently count and sort a stack of ballots. The ballots and disks
are driven to county HQ in a cop car with a Democrat and Republican
rider. And so on. Yes, these steps need to be taken, and if they
aren't, your vote could fail to be counted. But the steps are
documented, mandated, open to public criticism, subject to independent
observation, easy to understand, and generally carried out by
well-meaning and conscientious people.

OVC doesn't rely on magic and elite expertise, it just makes all the
steps transparent and observable.

Yours, David...
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Mon May 31 23:17:10 2004

This archive was generated by hypermail 2.1.8 : Mon May 31 2004 - 23:18:15 CDT