Re: Three Ballot Voting System - Comments Appreciated

From: Ron Crane <voting_at_lastland_dot_net>
Date: Wed Sep 27 2006 - 22:17:12 CDT

I've sent the following attack summary to Prof. Rivest:

...This attack operates against the integrated checker machine/copier
and the tabulator, and would most easily be conducted by a vendor's
employee. When the voter presses the button to choose which ballot to
copy, the checker operates as expected except that it steganographically
encodes a bit onto that ballot indicating that the voter has copied it.
Depending upon the particular sequence of operations, it might even be
able to encode it into the red stripe. In any case the "copied bit"
(which, for robustness, should be accompanied by another few bits of
error-correction information) is little enough data that no voter should
be able to detect its presence, let alone determine its purpose.

The tabulator, which also has been attacked, eventually scans the
ballots. It honestly scans all ballots bearing the "copied bit," and
falsifies such of the others as suit the attacker's purpose.

This attack can be caught by an appropriate manual audit, and its
effects corrected by a full manual recount, but both the audit and the
recount require approximately three times the effort of the
corresponding ordinary paper ballot audit or recount. I have not worked
out the probabilities, but I think that the audit is even more expensive
because at least 1/3rd of the ballots are guaranteed to be scanned

OVC-discuss mailing list
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Sat Sep 30 23:17:07 2006

This archive was generated by hypermail 2.1.8 : Sat Sep 30 2006 - 23:17:08 CDT