Re: Security markings on the ballot

From: Douglas W. Jones <jones_at_cs_dot_uiowa_dot_edu>
Date: Sat Oct 25 2003 - 22:27:09 CDT

On Saturday, October 25, 2003, at 07:59 PM, David Mertz wrote:

> Chris Schaefer <> wrote:
> |The cryptographic signature would likely be quite long... as long as or
> |longer than the vote information itself........
> No, no, no! I wrote a mention of this, but I guess you missed it:

> Most existing algorithms use long signatures because they want to be
> highly resistant to brute force attacks. But the attack model is very
> different here. It requires the attacker to produce a valid ballot, not
> decrypt a valid one.

Right. This is why I believe that 8 bits of trivial to identify visual
clues such as you could present with a pair of flags has real value, and
indeed, my 8 bit hash code could be derived from a 6 or 8 digit decimal

What we're doing is making forgery 256 times harder or 10,000 times
not trying to make, with this security code, a pefect barrier against
such things.

The same kind of argument allows you to get away with 1 bit checksums
on each ASCII digit in many data transmission applications. That one
bit is not all there is, you also have end-to-end checks.

                                Doug Jones
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Fri Oct 31 23:17:04 2003

This archive was generated by hypermail 2.1.8 : Fri Oct 31 2003 - 23:17:07 CST