Cryptography-Digest Digest #142, Volume #13 Sat, 11 Nov 00 18:13:00 EST
Contents:
Re: voting through pgp (David Wagner)
Re: voting through pgp (David Wagner)
Re: Why remote electronic voting is a bad idea (was voting through pgp) (David
Wagner)
Re: Type 3 Feistel? (David Wagner)
Re: MY BANANA REPUBLIC (wtshaw)
Re: voting through pgp (David A Molnar)
Re: voting through pgp (David A Molnar)
Re: voting through pgp ("John A. Malley")
Re: voting through pgp (SCOTT19U.ZIP_GUY)
Re: Authentication and taking credit (was Re: Protocol) ("rosi")
Re: voting through pgp ("Trevor L. Jackson, III")
Algorithm with minimum RAM usage? (Guy Macon)
Re: voting through pgp ("Trevor L. Jackson, III")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: voting through pgp
Date: 11 Nov 2000 20:04:24 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
I must admit I don't yet understand why you argue that the act of
voting ought to be public, but it sounds like an interesting claim.
Would you mind elaborating a bit more?
By the way, what -- if anything -- does this have to do with the
observation that voting from home introduces new types of risks?
I guess the reason I'm confused is that making the act of voting
public doesn't save you the risks of voting at home...
[ For instance, one risk of voting using your home PC (rather than
equipment controlled by the election authorities) is that you may
be susceptible to viruses, and the election authorities cannot take
any steps to counteract this risk if necessary. Making the fact that
I voted public won't save me if my machine has been compromised by a
hostile "vote-stealing" virus. ]
What am I missing? Could you explain your reasoning?
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: voting through pgp
Date: 11 Nov 2000 20:06:14 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
>Absentee ballots are already an overwhelming reality in elections all
>over the U.S. They are increasing rapidly in use, rather than
>decreasing. The state of Oregon did their entire ballot absentee this
>year. Calls to eliminate absentee ballots aren't going to go
>anywhere.
I think you misread my post. I didn't suggest that we eliminate
absentee ballots; I just pointed to them as an especially significant
source of risk which is worth careful consideration.
(Speaking of Florida and absentee ballots, you can look up the
Bobby MacKay scandal there as one example of the risks of absentee
ballots. There were widespread allegations that enormous numbers
of absentee ballots were forged in that election.)
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Why remote electronic voting is a bad idea (was voting through pgp)
Date: 11 Nov 2000 20:16:25 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
>The real point is that Internet voting is coming. Purists quibble
>over risks that limit cryptographic certainty, not realizing how
>riddled with problems existing voting systems are.
Quibble? I find that offensive. If ever there was any system where
the public must have absolute confidence in its security, voting has
got to be it. Paper based systems worked for decades (centuries?), and
while there are risks in the current system, at least they are fairly
well understood. In contrast, moving to Internet voting introduces a
vast array of new, poorly understood risks that even security experts
don't know how to quantify, and the potential downside is enormous.
What's the rush to leap into Internet voting?
It seems to me that great caution is warranted when making any large
changes to such a vital institution. Wouldn't it be better to at least
take our time to thoroughly understand the risks? After all, if it
ain't broke, don't fix it.....
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Type 3 Feistel?
Date: 11 Nov 2000 20:19:17 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
See Kelsey & Schneier's paper on unbalanced Feistel ciphers. They
point out that target-heavy round functions tend to be weaker against
differential cryptanalysis, while source-heavy round functions tend to be
weaker against linear cryptanalysis. (All else being equal, etc., etc.)
The experience with MacGuffin bears this out: While it was apparently
strong enough against differential cryptanalysis, it was broken with a
linear cryptanalytic attack.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Crossposted-To: talk.politics.crypto
Subject: Re: MY BANANA REPUBLIC
Date: Sat, 11 Nov 2000 14:21:08 -0600
In article <[EMAIL PROTECTED]>, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
> I can't see how the current US election has anything to
> do with crypto, excepting that the system is probably void
> of any 'security' which however as a general topic could
> be claimed to concern our group. (In a previous thread
> quite a time ago I learned that there is nothing to
> prevent anyone in US to give more than one vote through
> going to different voting locations, there being no
> identity cards or registrations to rigourously control the
> voters. If that is indeed true -- I don't exactly know --,
> then the election could just as well be replaced by casting
> a die, like in lottery.)
>
> M. K. Shen
Voting has everything to do with authentication while keeping the voter
from malicious prying eyes. The current problem exists because of bad
technolgy where a better effort would be to inform voters, even help them
to behave in a manner consistent with true results. All too often
gimicks, subtile or not, are used that muddy the waters and deprive voters
from being heard. This is a big concern in encryption as a whole as well,
where tricks and gimicks also are used to betray consumer from desired
good crypto.
If deception is the conerstone of encryption, it is not of wise and honest
government.
--
Pangram: Move zingy, jinxed products; hawk benign quality fixes.
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: voting through pgp
Date: 11 Nov 2000 21:17:30 GMT
John A. Malley <[EMAIL PROTECTED]> wrote:
> Are there electronic protocols that try to maintain the public view of
> the act of making a decision - that require others actually
> electronically simultaneously witness the transaction? Without such an
> analogous behavior in the electronic, disembodied protocol I would doubt
> we can get close to emulating the voting experience we desire.
You should look for "publically verifiable protocols." At EUROCRYPT '98
there was a mix-net protocol due to Masayuki Abe with this property.
Also Wenbo Mao at HP Labs has a paper on "necessity of publically
verifiable secret sharing" which mentions this, if I remember right.
I'm sure that a publically verifiable election protocol exists someplace
but don't know a reference off the top of my head.
-David
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: voting through pgp
Date: 11 Nov 2000 21:23:54 GMT
Timothy M. Metzinger <[EMAIL PROTECTED]> wrote:
> push gore, than bush, only the last selection registers). Once your selection
> is final, you then push a big VOTE button on the bottom, and your vote is
> recorded (not sure whether it increments a counter or makes a physical mark on
> a tape or what).
For what it's worth, this is what elections in my suburb of Las Vegas
(Clark County, NV) do. Very nice system, although once you push "VOTE" you
can't get your vote back ever (they tell you this).
Naturally there are people who allege that the machines are rigged. I've
only voted with them once and didn't stick around to watch the count,
so who knows.
My absentee ballot, on the other hand, was a nightmare. 300 small punch
holes. Only about 20 matter. Not consecutive 20 either. If I slipped up
and mispunched even one hole - there goes my vote.
Honestly, I'm much more inclined to attribute problems in voting to
stupidity than malice...
-David
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: voting through pgp
Date: Sat, 11 Nov 2000 13:31:29 -0800
Making the act of voting public introduces a distributed, collective
witnessing/authentication to the genuineness of the vote cast. No vote
may be accepted as valid unless the act of casting that vote is
witnessed by others who are also voting at the "same time/place" - an
entangled rendevouz. And one set of rendevouz (?sp) may entangle with
other sets of rendevouz, introducing some randomness to who witnessed
what where, creating a tapestry of relations that may be audited but
would be hard to edit/fake by introducing fictitious voting actions into
the spatio-temporal record.
The act of voting is "peer-reviewed." All those who witness the act of
voting can testify to the time/place or other uniquely determining
information about that particular voting act. Witnesses include other
citizens in the act of casting their votes and the State in the act of
accepting the vote cast by a designated citizen.
(I knew some of the people at my local polling place last Tuesday. My
neighbors. Said hello. Others recognized their neighbors and greeted
them. I recognized the volunteers at the polling place from previous
elections. I waited in line, I watched those voting at the stations, I
watched people entering and leaving. It's the sense of community.)
The web of interconnected witness-voters and State's witnesses *seems*
intuitively difficult to consistently fake out but I have no analysis to
back this claim up.
Cryptographic protocols involve transactions between two participants at
a time even when there are three or more parties involved (i.e. trusted
authority schemes) with the (unvoiced) exclusion of the presence of
others. They build upon the "session", a transaction between two parties
- like client-server. Voting from a home PC, network appliance or the
absentee ballot ( all analogous to client-server) removes the collective
witnessing experience of the public act of physical voting.
Collective witnessing helps prevent fraud. The trojan horse or virus
that tries to steal your vote must carry out the act of voting with
other voters acting as witnesses. So the trojan tries to vote as you
again in the future, with another set of witnesses. IF there some
continuity between the set of witnesses across those two transactions
the protocol detects the attempt at second vote and cries "foul." Who
wants to attempt it? It's the same as if I returned to the polling
station on Tuesday and tried to vote again. The same volunteers are
there. They may recognize me from the morning. And the coffee lady- she
remembers me. The chance of being recognized depends on how long I wait
before returning to try to cast my vote again - strongest if I leave the
station and then immediately return while there are still people present
in there during the time I cast my first vote.
(How to implement such a scheme seems reminiscent of secret sharing on
the fly - the construction of a public statement of authenticity for
that act of voting, maybe there is a way to modify public key crypto and
secret sharing into such a system - and then progressive linking these
witness group to other witness groups in a growing web. Just a hunch
here, no hard analysis to back up what I'm saying.)
But that's where I'm coming from when I attempt to deconstruct the act
of voting and who the players are in an effort to map the gist of voting
in public back to an ethereal, electronic protocol.
John A. Malley
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: voting through pgp
Date: 11 Nov 2000 21:29:16 GMT
[EMAIL PROTECTED] (David Wagner) wrote in
<8uk8rm$skh$[EMAIL PROTECTED]>:
>>Absentee ballots are already an overwhelming reality in elections all
>>over the U.S. They are increasing rapidly in use, rather than
>>decreasing. The state of Oregon did their entire ballot absentee this
>>year. Calls to eliminate absentee ballots aren't going to go
>>anywhere.
>
>I think you misread my post. I didn't suggest that we eliminate
>absentee ballots; I just pointed to them as an especially significant
>source of risk which is worth careful consideration.
>
>(Speaking of Florida and absentee ballots, you can look up the
>Bobby MacKay scandal there as one example of the risks of absentee
>ballots. There were widespread allegations that enormous numbers
>of absentee ballots were forged in that election.)
>
I know this is UNPC but not only ban most absinte ballots
except for the military. Ban those that have political office
or those who are on welfare the right to vote. Since the welfare
crowd does not want to work breeds at a much higher rate and will
only vote for those who will give them free food and other goods.
We can't feed the lazy forever.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: "rosi" <[EMAIL PROTECTED]>
Subject: Re: Authentication and taking credit (was Re: Protocol)
Date: Sat, 11 Nov 2000 17:46:29 -0500
Paul,
Thank you very much for the opinion (and David for the reference to the
paper
too).
IMHO, you pretty much said it.
"mixed up good" may not sound quite right (due to poor English or
whatever),
I can change that to "mixed up nicely" or "badly mixed up". But at this
informal
level, I do not think it matters much.
I would like to hear what David has got to say. But if no words come
from him
it is quite alright. IMHO, unless there is substantial reason, the _issue_
probably
should not be furthered. (I can be wrong)
Thank you again for the messages.
--- (My Signature)
Paul Crowley wrote in message <[EMAIL PROTECTED]>...
>rosi wrote:
>> >David Wagner wrote:
>> >>
>>
http://gatekeeper.dec.com/pub/DEC/SRC/technical-notes/abstracts/src-tn-1998-
>> 007.html
>
>> Since you two have obviously read it as well, I would like to ask:
Does
>> it seem to
>> you that different levels of semantics are mixed up good? Any opinions
would
>> be
>> appreciated.
>
>What he's basically saying is that some authentication protocols have
>this property: it's hard for me to pretend to be you, but it's not so
>hard for me to tamper with *your* session so that you unwittingly
>pretend to be me. If what you're doing during your session is
>submitting the prize-winning entry to a competition, I can steal the
>credit.
>
>I'm arguing that this is best solved on a different protocol level than
>authentication. But I'm not sure this is the same as saying that
>different levels of semantics are "mixed up good"! And I certainly
>think the issue is well worth raising and discussing.
>
>Incidentally, I wrote earlier that there's no point in trying to prevent
>credit-stealing if your protocol isn't encrypted, but that isn't quite
>true. For example, a protocol that committed to a message with a hash
>before sending it could also defeat credit-stealing.
>--
> __
>\/ o\ [EMAIL PROTECTED]
>/\__/ http://www.cluefactory.org.uk/paul/
------------------------------
Date: Sat, 11 Nov 2000 17:15:58 -0500
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: voting through pgp
binary digit wrote:
> Imagine if everyone had pgp in the world and voted through pgp, every single
> vote could be verrified and everyone would be happy, and there wouldnt be
> this problem that is going on now in florida
And anonymity would be lost and many arms & legs broken from overly enthusiastic
political persuasion.
The creation of utopia is always accompanied by depressing side effects.
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Algorithm with minimum RAM usage?
Date: 11 Nov 2000 22:25:08 GMT
I sometimes program microcontrollers where my old standby ARCFOUR
can't be used because it takes too much RAM. What strong encryption
algorithm uses the minimum amount of RAM?
I have virtually unlimited amounts of ROM, and the application
is such that I have a virtually unlimited amount of CPU time to
burn, so efficiency and size are non-issues.
------------------------------
Date: Sat, 11 Nov 2000 17:29:49 -0500
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: voting through pgp
David Wagner wrote:
> David Schwartz wrote:
> > That's actually trivial to fix. One possible way to fix it is to
> >include a 'serial number' in the vote. A vote from the same person with
> >a higher serial number erases the previous vote. A vote with a zero
> >serial number takes precedence over a prior vote with the lowest serial
> >number. Since an attacker wouldn't know the previous or future serial
> >numbers I voted with or might vote with in the future, he can't assure
> >that the vote he coerces me into making is the one that gets counted.
>
> On the other hand, this "fix" introduces new risks.
>
> What if someone gets ahold of my voter authentication information and
> votes under my name _after_ I have already voted? Of course, my vote
> won't be counted; his will. And, thanks to the anonymity protection,
> I will have no way of knowing that this occurred. This puts a lot of
> trust in the authentication mechanism.
>
> Compare to today's voting system, where there is very little
> authentication of voters, but if someone else votes under your name
> before show up at the polls, you'll know to scream bloody murder when you
> are refused a ballot. And after you've voted, you are absolutely safe,
> because noone else can vote under your name once it has been marked down
> in the register as "he has voted already today".
>
> The property of being able to _detect_ widespread voting fraud is very
> important, and should not be eliminated without very serious consideration.
This concise summary bears repeating and amplification. Just as Justice cannot
be delivered in secret, it must be _seen_ to be done, so too must the integrity
of the franchise be visibly intact for citizen to accept that a valid transfer
of power takes place.
IMHO it is _far_ more important that flaws be detected than flaws be
prevented. Thus of two solutions which differ in their enhanced detection vs
enhanced prevention features, we should prefer enhanced detection in every
instance.
There was a massive criminology study of the laws of England during the
1800's. In this period the law-and-order types got all kinds of crimes
elevated to the death penalty (e.g., stealing a loaf of bread was a capital
crime). The study concluded that the magnitude of the penalty almost did not
influence the crime rate. The certainty of apprehension had an incredibly
strong influence on the crime rate. I suspect the same behavior would appear
in cases of voter fraud.
Strong detection also incentivises _the_candidates_ to discourage voter fraud
because it reflects upon them and can easily cause backlash thus there are
disincentives even if there are no statutory penalties.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
