Security markings on the ballot (fwd)

From: David Mertz <voting-project_at_gnosis_dot_cx>
Date: Sat Oct 25 2003 - 21:55:28 CDT

>What gets STORED on the ballot, however, need not be all 160 bits of H.
>It can be the first 4 bits, or the first 32 bits, or the first 100 bits,
>or whatever you want. SHA has a uniform distribution, so that knowing B
>doesn't help you one whit in guessing those first 4 bits.

Chris Schaefer <> wrote:
| I'd still like to go with the emerging XML-Security Standard for
|the electronic versions of this stuff. No reason not to encrypt
|with that system and then use a subset of the signature on the

I have not looked at the XML security standard particularly, but I
imagine it provides the relevant primitives. And assuming so, I quite
agree that the electronic version can have the full 160 bits or
whatever, and the printed ballot just the portion we feel is sufficient.

But for the demo, we shouldn't specify this too much. I proposed a
specific protocol way back in July or August. But some other folks have
thought we need a public key system rather than a symmetric algorithm
with a key disclosure schedule. And there are probably other issues
that might come up in the full threat analysis.

That's why I've suggested just a placeholder security/hash code for the
demo. Exactly what it will finally does can be decided later... we
should just recognize (and show to our audience) an importance for
future cryptographic procedures (which nonetheless are going to amount
to a hash of some sort at the last step).

| Seems like we need to nail down more of the big picture. eg:
|I'm still not clear if alan wants the touch screen machines to
|collect the electronic ballots, of if a later scanner is supposed to
|do that work.

I understand the plan is for the machines to collect the electronic
results; the paper is there only for spot (statistical) validation and
in case of a challenge.

Yours, David...
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Fri Oct 31 23:17:04 2003

This archive was generated by hypermail 2.1.8 : Fri Oct 31 2003 - 23:17:07 CST