Crypto question: Hashing ultimate output for local use

From: David Mertz <voting-project_at_gnosis_dot_cx>
Date: Mon May 02 2005 - 00:57:02 CDT

> All very well and good. However, who would generate the Election Day
> startup hash of the whole disk if it must be customized for every
> election at every location? This introduces the need for another
> 'trusted' (read NOT) person in the administrative process and
> therefore another weak point.

Nah, it's much simpler than you suggest. And it's even more simpler
than Keith suggests with the whole PKI stuff (or at least it can be).

Let's try a timeline approach:

* January 1, 20??: OVC publishes "EVMix-base-3.1.4.ISO" and its
hash=12345abcde for potential use in the forthcoming November
elections. The hash can go in newspapers or whatever, worldwide. The
ISO is downloadable for, or by bit torrents, or

* January 2: A million programmers download the ISO, and each one runs
'sha EVMix-base-3.1.4.ISO'. The million all see that the ISO matches
the hash 12345abcde. (well, I guess 51,393 of them had corrupted
downloads, so they try again :-)).

* January 3: A bunch of certifying authorities, citizens groups, SoS's,
whatever, look over the contents of EVMix-base-3.1.4 for malicious
code, proper functionality, etc.

* March 1: Everyone rejoins that EVMix-base-3.1.4 is excellent code
with no security holes.

* June 1: All the local counties submit their ballot definitions to
their respective OVC-approved EVM vendors. Since all the counties use
the IEEE-1622 standard for ballot definitions, these are all submitted
as files named ballot-definition-county-precinct-party.xml

* June 2: Vendors add a couple such files to the ISO image previously
verified. For example, the company "Open Voting of Franklin County"
(OVFC) creates an ISO that consists of:

   EVMix-base-3.1.4.ISO +
   ballot-definition-Franklin:MA-1234-DEM.xml +

(it's easy to add a few files to an existing ISO).

* June 3: OVFC sends the file EVMix-Franklin:MA.ISO to the County Clerk
of Franklin Co. They also send a cover letter saying "The hash of this
file is 9876ffdd123."

* June 4, The Franklin County Clerk publishes on its website the


The hash, and maybe the XML files (which are human readable), are also
published in the _Greenfield Recorder_.

* June 5: There are not a million programmer in Franklin County to
care, but there are a thousand. These thousand people have already
downloaded EVMix-base-3.1.4.ISO back in January. So today they
download the XML files. They assemble the same revised ISO that OVFC
did. They run the hash on their home-built composite ISO, and find it
is 9876ffdd123.

* November 2-8: Poll workers get their shiny CDs at polling places.
The Republican poll watcher says: "I don't trust the authenticity of
that CD," and demands to run the hash on her Windows laptop (hash turns
out to be 9876ffdd123). The Democratic poll watcher says: "I don't
trust the authenticity of that CD," and demands to run the hash on her
MacOS machine (hash turns out to be 9876ffdd123). The Green poll
watcher says: "I don't trust the authenticity of that CD," and demands
to run the hash on her Linux machine (hash turns out to be

No one anywhere in the sequence trusts anyone else, nor should they,
nor do they need to.

Dred Scott 1857; Santa Clara 1886; Plessy 1892;
Korematsu 1944; Eldred 2003
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
Received on Tue May 31 23:17:10 2005

This archive was generated by hypermail 2.1.8 : Tue May 31 2005 - 23:17:52 CDT