Cryptography-Digest Digest #140, Volume #13 Sat, 11 Nov 00 06:13:00 EST
Contents:
Re: voting through pgp ("John A. Malley")
Why remote electronic voting is a bad idea (was voting through pgp) (David Hopwood)
RC6 Question ("Vinchenzo")
Re: Updated XOR Software Utility (freeware) Version 1.1 from Ciphile Software (Guy
Macon)
Re: voting through pgp (John Savard)
Re: voting through pgp (John Savard)
Re: Q: Rotor machines (Steve Portly)
Re: Q: Rotor machines (John Savard)
Re: Type 3 Feistel? (John Savard)
Re: voting through pgp ([EMAIL PROTECTED])
Re: monoalphabetic cipher ([EMAIL PROTECTED])
Re: voting through pgp (David Crick)
Re: Type 3 Feistel? (Mok-Kong Shen)
Re: Q: Rotor machines (Mok-Kong Shen)
----------------------------------------------------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: voting through pgp
Date: Fri, 10 Nov 2000 21:15:51 -0800
David Wagner wrote:
>
> SCOTT19U.ZIP_GUY wrote:
> > Ahh but what about ghost voters. You give a buch of bums
> >cigarattes and have them vote your way.
>
> Yes, I think we should take care to think very carefully about
> these attacks before changing the system! The risks of electronic
> voting are not confined to electronic attacks. To give another
> example, absentee ballots are traditionally an important point of
> potential vulnerability.
>
Interesting. No electronic voting from home, no absentee ballots - these
statements point to a more fundamental issue - physical presence at a
vote collection site, a rendevouz between the State's sanctioned
equipment and representatives and the Citizen in physical form in the
designated place of voting, along with other Citizens.
The Citizen can vote electronically or by punch card or by mechanical
lever, but the *act* of voting must be public, witnessed by the
representative of the State and other Citizens.
The decision made by the Citizen must remain anonymous. A particular
decision cannot be linked to any particular Citizen. No other Citizen
can determine the decision made by another Citizen while they are in
each other's presence. The State representative must have some census of
Citizen's and must collect a one-to-one match between the set of
Citizens who voted and the census. This detects but does not prevent
vote fraud (i.e. sign before you vote, but two identical signatures
appearing invalidate your vote.) The act of deciding must remain public.
So a Citizen Voter is not anonymous - only the decision of the vote is
anonymous. This physical contract between Citizen and State in the
presence of other Citizens is a detriment to physical intimidation - but
it does not prevent the Citizen from deciding in a way that benefits a
third party in exchange for some consideration (like smokes, some
Thunderbird, cash, or extortion) and this can be arranged outside of the
designated area outside the view of the State's representatives.
Are there electronic protocols that try to maintain the public view of
the act of making a decision - that require others actually
electronically simultaneously witness the transaction? Without such an
analogous behavior in the electronic, disembodied protocol I would doubt
we can get close to emulating the voting experience we desire.
John A. Malley
[EMAIL PROTECTED]
------------------------------
Date: Sat, 11 Nov 2000 05:57:22 +0000
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Why remote electronic voting is a bad idea (was voting through pgp)
=====BEGIN PGP SIGNED MESSAGE=====
binary digit wrote:
> Imagine if everyone had pgp in the world and voted through pgp, every
> single vote could be verified and everyone would be happy,
Problems with remote electronic voting systems (in no particular order):
1. obtaining voter anonymity *and* adequate authentication,
2. vote buying and coercion,
3. authenticating computers and not individual voters is not sufficient,
4. targetted denial of service,
5. verifiability of software and hardware,
6. some voters may have problems with electronic interfaces that they
would not have with paper ballots,
7. attacks against insecure end-points (both voters' PCs, and servers),
8. there is arguably more scope for *undetectable* corruption than in
a paper-based system,
9. existing weaknesses in paper-based systems [*1] are magnified if
voting is remote and anonymous, because it is easier to get away
with attacks,
10. bias due to poorer social groups having less access to computers.
It might be possible to address 1, 2, and possibly 3 by a cryptographic
protocol, and 6 by careful interface design [*2], but I don't see the
other problems being solved any time soon, if they are solvable at all.
4 is particularly tricky - when people have the option not to vote [*3],
how do you distinguish a non-vote from a denial of service attack?
It can't be done with cryptography. 10 is also a very serious problem,
and since this effect is very difficult to quantify, it might undermine
confidence in the validity of the election.
[*1] For the U.S., I understand that a particular problem is the
accuracy of electoral rolls - both people who are registered more
than once, and a large proportion of the population who are not
registered.
[*2] PGP is not a particularly good example of the kind of interface
needed; it is far too complicated. There is a paper called
"Why Johnny can't encrypt" that describes some usability experiments
on PGP 5.x, with rather depressing conclusions (I can't find an
exact reference right now, but try a search engine).
[*3] Although an obvious approach is to require every registered voter
to cast a vote, which may be "no vote", I don't think that would
be either practical or, in many countries, politically tenable.
> and there wouldnt be this problem that is going on now in florida
Any remote electronic voting system would have to run in parallel
with the existing system. It is a general rule that you can't make a
system more secure by adding more options, because an attacker
will just target the weakest part of the system. You also can't make
a system more robust, even against accidental foul-ups, by adding
more options, because it is the least robust parts that will usually
go wrong. There are exceptions to these rules, but they are very rare.
Electronic systems in voting booths have fewer problems, although
they are still subject to problems 5 and 6. Note that a poorly designed
interface of an electronic voting machine is the source of some of
the controversy in the Florida election (and there were apparently
complaints about the interface from voters on the day, so it's not
just after-the-fact whinging).
There is some more discussion of this in the latest issue of RISKS
(archived at http://catless.ncl.ac.uk/Risks/21.11.html). I particularly
liked Lauren Weinstein's "Hacking the Vote" article.
[With reference to Florida, I was astonished that postal votes are
counted much later than the rest of the vote, and that both the media
and politicians are happy to declare "final" results before those
votes have even been counted. I don't want to get too far into
off-topic politics, but that's no way to run an election. ISTM that
the U.S. needs to put its paper-based voting procedures in order before
making any further attempts to introduce electronic systems.]
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOgzfUDkCAxeYt5gVAQF7swf/feeG0SYTLRtoSuboOx/gq7ygLQn2K188
ShH/TR4PMqReS1p6ZWFkn/lXYT8kM/obNKxnNDrzFO+JabYHBgzRXkD5gmounyBQ
ARl/+mGcBxlDmIQuXlnj1hVXl9/cdr/g7fWIexvgqhWj7Hb7MTgdMsY0IUmW+neS
P/H2XF1hR1gs+3ZBiWyJz+Ax1FKMI+l5M+pQBurHRlHkfwdjLE+IMK1UzFeMdVcx
ZFmHxgMDW87QwpuilRgfOi0RqOy2PYmMNwmfiXnPyZozTV2eJfXCRqgNOjcLxVxo
qeF2xd/c4/9P1rbVniszt2L4KXHMC+9kCrZdtiYxPBb8R3n3lBfWsw==
=Pfg1
=====END PGP SIGNATURE=====
------------------------------
From: "Vinchenzo" <[EMAIL PROTECTED]>
Subject: RC6 Question
Date: Sat, 11 Nov 2000 01:50:47 -0500
In the RC6 specification one of the basics operations is defined as:
"a<<<b rotate the w-bit word a to the left by the amount given by the least
significant log2(w) bits of b." What does that mean...anybody has already
implemented this algorithm? Please help me!
Thanks
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Updated XOR Software Utility (freeware) Version 1.1 from Ciphile Software
Date: 11 Nov 2000 06:55:39 GMT
Scott Craver wrote:
> Ditto. I've screwed up, here, publicly, enough times that
> I breathed a quiet sigh of relief when the deja news archive
> began to suck.
>
That's because it's now for sale...
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: voting through pgp
Date: Sat, 11 Nov 2000 07:09:10 GMT
On Fri, 10 Nov 2000 20:25:37 GMT, [EMAIL PROTECTED] wrote, in
part:
>A much more reasonable solution would be electronic voting inside the
>current vote booths. Riverside County, Ca actually did this, and it
>seems to have worked quite well. The votes were counted at compute
>speed, and the level of fraud and misvoting seems to have been no
>higher than normal.
Even that is dangerous, because without tangible ballots, if the
voting machines were, somehow, programmed to count incorrectly, there
would be no way to know that.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: voting through pgp
Date: Sat, 11 Nov 2000 07:11:04 GMT
On Fri, 10 Nov 2000 15:23:13 -0700, John Myre <[EMAIL PROTECTED]>
wrote, in part:
>The anonymity issue, on the other hand, I regard as serious.
>It would be hard to trust that only a computer ever sees the
>decrypted ballot, particularly since it would then be impossible
>to audit the result. (We could perhaps audit the source code
>of the program, but that isn't the same thing.)
Isn't there already some technique, similar to blind signatures, that
can fix that?
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: Steve Portly <[EMAIL PROTECTED]>
Subject: Re: Q: Rotor machines
Date: Sat, 11 Nov 2000 02:12:37 -0500
Mok-Kong Shen wrote:
> I remember having seen elsewhere several people claiming to
> have good computer simulations of rotor machines. If the
> rotors are not for the normal natural language alphabet but
> for a larger alphabet of 256 characters (8-bit ASCII) and if
> there are a fairly large number, say 16 or more, of rotors,
> how easy is it nowadays to crack such a system with computers?
> Thanks.
>
> M. K. Shen
> ---------------------------
>
> P.S. A recent article of F. L. Bauer noted that, according
> to dpa, Prince Andrew, who presented on 18th Sep an original
> Enigma to the prime minister of Poland, Jerzej Buzek,
> stressed that the crypto experts of the Allies would not
> have broken the encryption of the German military, had there
> not been the help from the Polish scientists.
Perhaps it would depend on whether we used Asci WHITE or ultraviolet?
With known plain text it should be possible 16 rotors.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Q: Rotor machines
Date: Sat, 11 Nov 2000 07:16:59 GMT
On Fri, 10 Nov 2000 22:44:20 +0100, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote, in part:
>I remember having seen elsewhere several people claiming to
>have good computer simulations of rotor machines. If the
>rotors are not for the normal natural language alphabet but
>for a larger alphabet of 256 characters (8-bit ASCII) and if
>there are a fairly large number, say 16 or more, of rotors,
>how easy is it nowadays to crack such a system with computers?
That depends. A simple rotor system, where the rotors move in odometer
fashion, won't be saved by having 256-contact rotors or 16 rotors,
since the isomorph method could still be used.
Let the rotor wirings be a function of the key and IV; let the motion
of the rotors be controlled by something like RC4; then you'll have a
system strong enough to withstand modern attack, I think.
>P.S. A recent article of F. L. Bauer noted that, according
>to dpa, Prince Andrew, who presented on 18th Sep an original
>Enigma to the prime minister of Poland, Jerzej Buzek,
>stressed that the crypto experts of the Allies would not
>have broken the encryption of the German military, had there
>not been the help from the Polish scientists.
This is true, although it might seem debatable. The British made many
advances, and accomplished impressive feats beyond anything the Poles
had done. But they might never have gotten started without the Polish
contribution.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Type 3 Feistel?
Date: Sat, 11 Nov 2000 07:22:57 GMT
On Fri, 10 Nov 2000 12:08:08 +0100, Makoto Miyamoto
<[EMAIL PROTECTED]> wrote, in part:
>What is a type 2 and type 1 Feistel then?
> Type 1 = original Feistel like in DES?
I'm not sure I've heard such terms used in a standard way.
But a paper by Bruce Schneier did talk about one set of variations of
the Feistel round:
there was the normal Feistel round, where half the block was modified
by a function of the other half,
and there were two types of unbalanced Feistel rounds:
where more than half of the block was modified by a function of less
than half, and
where less than half of the block was modified by a function of more
than half.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: voting through pgp
Date: 11 Nov 2000 00:22:40 -0800
Zero-Knowledge MIME Encapsulated Message
--MRFX72WTHHE29B23CS0V6S17
Content-Type: text/plain
Absentee ballots are already an overwhelming reality in elections all
over the U.S. They are increasing rapidly in use, rather than
decreasing. The state of Oregon did their entire ballot absentee this
year. Calls to eliminate absentee ballots aren't going to go
anywhere. Might as well rail against those new fangled horseless
carriages.
The real question, then, is whether electronic voting is more or less
secure than absentee voting by mail. Can it eliminate some of the
risks, or are new ones introduced?
Ob
--MRFX72WTHHE29B23CS0V6S17--
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: monoalphabetic cipher
Date: Sat, 11 Nov 2000 08:36:01 GMT
In article <PmXO5.111$[EMAIL PROTECTED]>,
"Keith Monahan" <[EMAIL PROTECTED]> wrote:
> I've been working on what I believe to be a monoalphabetic cipher for
about
> a week and half, off and on.
<snip>
> Can someone please make some suggestions to help me narrow this down?
have a look at the ACA's Crypto Drop Box
(http://www.und.edu/org/crypto/crypto/).
Under the "Crypto Drop Box Resources" section there are loads of links
to useful information (e.g. Lanaki lectures) and programs.
Also, do a google search the following keywords: hill climbing; genetic
algorithms; simulated annealing. These techniques are very good for
solving classical ciphers. Hill climbing is probably the simplest and if
your cipher is monoalphabetic, a hill climber for monoalphabetic ciphers
should solve it.
Chris
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: David Crick <[EMAIL PROTECTED]>
Subject: Re: voting through pgp
Date: Sat, 11 Nov 2000 10:31:43 +0000
John Savard wrote:
>
> On Fri, 10 Nov 2000 15:23:13 -0700, John Myre <[EMAIL PROTECTED]>
> wrote, in part:
>
> >The anonymity issue, on the other hand, I regard as serious.
> >It would be hard to trust that only a computer ever sees the
> >decrypted ballot, particularly since it would then be impossible
> >to audit the result. (We could perhaps audit the source code
> >of the program, but that isn't the same thing.)
>
> Isn't there already some technique, similar to blind signatures, that
> can fix that?
I know there's a whole section on anonymous (but authenticated)
e-voting in _AC2_.
Of course, I guess this should be taken together with Bruce's
more recent comments in _Secrets and Lies_, which touch on some
of the topics (coercion; protocols where the device is under
control of the user; etc.) that have already been brought up in
this thread.
David.
--
+-------------------------------------------------------------------+
| David A Crick <[EMAIL PROTECTED]> PGP: (NOV-2000 KEY) 0x710254FA |
| Damon Hill Tribute Site: http://www.geocities.com/MotorCity/4236/ |
| M. Brundle Quotes: http://members.tripod.com/~vidcad/martin_b.htm |
+-------------------------------------------------------------------+
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Type 3 Feistel?
Date: Sat, 11 Nov 2000 12:04:47 +0100
John Savard wrote:
>
> there was the normal Feistel round, where half the block was modified
> by a function of the other half,
>
> and there were two types of unbalanced Feistel rounds:
>
> where more than half of the block was modified by a function of less
> than half, and
>
> where less than half of the block was modified by a function of more
> than half.
Intuitively I would think that the balanced one should
be better, with everything else being equal. Are there
concrete reasons against this view? Thanks.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Q: Rotor machines
Date: Sat, 11 Nov 2000 12:04:40 +0100
John Savard wrote:
>
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
> >I remember having seen elsewhere several people claiming to
> >have good computer simulations of rotor machines. If the
> >rotors are not for the normal natural language alphabet but
> >for a larger alphabet of 256 characters (8-bit ASCII) and if
> >there are a fairly large number, say 16 or more, of rotors,
> >how easy is it nowadays to crack such a system with computers?
>
> That depends. A simple rotor system, where the rotors move in odometer
> fashion, won't be saved by having 256-contact rotors or 16 rotors,
> since the isomorph method could still be used.
>
> Let the rotor wirings be a function of the key and IV; let the motion
> of the rotors be controlled by something like RC4; then you'll have a
> system strong enough to withstand modern attack, I think.
Yes, paremetrization (dependency of the algorithm upon the
key) and using a pseudo-random stream to dynamically control
(affect) other encryption operations are fruitful ideas in
my conviction, though this seems to be largely ignored or
be against the prevailing opinions of the current crypto
schools. (I have tried these in my own humble designs.)
> >P.S. A recent article of F. L. Bauer noted that, according
> >to dpa, Prince Andrew, who presented on 18th Sep an original
> >Enigma to the prime minister of Poland, Jerzej Buzek,
> >stressed that the crypto experts of the Allies would not
> >have broken the encryption of the German military, had there
> >not been the help from the Polish scientists.
>
> This is true, although it might seem debatable. The British made many
> advances, and accomplished impressive feats beyond anything the Poles
> had done. But they might never have gotten started without the Polish
> contribution.
The paper mentioned also the interesting fact that two of
the Poles, after they arrived GB through a difficult journey
from France, were not allowed to participate in the British
work, apparently on the reasoning that their starting help
had already been sufficient for Bletchley Park to continue
all itself.
M. K. Shen
=========================
http://home.t-online.de/home/mok-kong.shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
