This is an automated email from the ASF dual-hosted git repository.
gstein pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/steve.git
The following commit(s) were added to refs/heads/trunk by this push:
new c346363 clarifications
c346363 is described below
commit c3463634eda78be241725c8cd30a84d6e499faa9
Author: Greg Stein <[email protected]>
AuthorDate: Mon Jun 6 19:50:00 2022 -0400
clarifications
Add some more content about tampering. Clarify how the anti-tampering key
is constructed.
---
v3/README.md | 22 +++++++++++++++-------
1 file changed, 15 insertions(+), 7 deletions(-)
diff --git a/v3/README.md b/v3/README.md
index f1852ff..2d93a31 100644
--- a/v3/README.md
+++ b/v3/README.md
@@ -70,10 +70,17 @@ Cryptographic-grade hashes are used as identifiers to
create anonymity.
## Integrity
When an Election is "opened for voting", all Persons, Issues, and Monitors
-will be used to construct a singular hash that identifies the precise state of
+will be used to construct a singular hash (`opened_key`) that identifies
+the precise state of
the Election. This hash is used to prevent any post-opening tampering of the
Persons of record, the ballot, or those watching for such tampering.
+The recorded votes use the `opened_key` to produce the anonymized tokens
+for each Person and each Issue, and it is used as part of the vote encryption
+process. Any attempt to alter the election will produce a new `opened_key`
+value, implying that any recorded vote becomes entirely useless (the vote
+can not be matched to a Person, to an Issue, nor decrypted).
+
## Data at Rest
(for details, see **Implementation** below)
@@ -102,8 +109,8 @@ the votes contain any rows with those two tokens. The
actual vote does
not need to be decrypted for this process.
Note that to reveal each recorded vote requires one (1) expensive hash
-computations, and one (1) expensive decryption. Additional hash
-computations are required to pair each Person and each issue with
+computation, and one (1) expensive decryption. Additional hash
+computations are required to pair each Person and each Issue with
their corresponding tokens. These operations are all salted to increase
the entropy.
@@ -113,12 +120,13 @@ Some notes on implementation, hashing, storage, at-rest
encryption, etc.
```
ElectionID := 32 bits
-PersonID := availid from iclas.txt
+PersonID := availid from iclas.txt # for ASF usage
IssueID := [-a-zA-Z0-9]+
-Election-data := TBD
-Issue-data := TBD
-BLOCK := Election-data + sorted(Issue-Data)
+ElectionData := Tuple[ ElectionID, Title ]
+IssueData := Tuple[ IssueID, Title, Description, VoteType, VoteOptions ]
+PersonData := Tuple[ PersonID, Name, Email ]
+BLOCK := ElectionData + sorted(IssueData) + sorted(PersonData)
OpenedKey := Hash(BLOCK, Salt(each-election))
Persons := Map<PersonID, Salt(each-person)>
