Cryptography-Digest Digest #172, Volume #13 Fri, 17 Nov 00 00:13:01 EST
Contents:
Re: My new book "Exploring RANDOMNESS" ("Matt Timmermans")
Re: vote buying... ("Trevor L. Jackson, III")
Re: vote buying... ("Trevor L. Jackson, III")
Breaking Leviathan (Paul Crowley)
Re: vote buying... ("Trevor L. Jackson, III")
Re: vote buying... ("Trevor L. Jackson, III")
Re: vote buying... ("Trevor L. Jackson, III")
Re: And you FBI people reading my messages ... this is just starting ...... :) ... I
know you are there ..... ("Alien8")
short encripted message (my first first cript agor) ("Alien8")
Rijndael: Impossible differential cryptanalysis on 5 rounds ([EMAIL PROTECTED])
Rijndael: Impossible differential cryptanalysis on 5 rounds ([EMAIL PROTECTED])
Re: vote buying... (Paul Rubin)
DES question: Has this ever been proven before? (Raphael Phan)
----------------------------------------------------------------------------
From: "Matt Timmermans" <[EMAIL PROTECTED]>
Crossposted-To: sci.math,sci.logic
Subject: Re: My new book "Exploring RANDOMNESS"
Date: Fri, 17 Nov 2000 03:13:21 GMT
"Greggy" <[EMAIL PROTECTED]> wrote in message
news:8v21tv$eoh$[EMAIL PROTECTED]...
> [...]
> In fact, have you considered making the book
> online and free to read through? I for one have no curiosity for such
> a book if I have to pay for it. Sounds like snake oil. Or can I get
> my money back if I don't think it was worth the price?
Heh. Did you actually notice _who_ wrote the book?
------------------------------
Date: Thu, 16 Nov 2000 22:16:32 -0500
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: vote buying...
David Schwartz wrote:
> Paul Rubin wrote:
>
> > That traceability is bad even if the election officials are honest and
> > the election is fair. Years later, Sheriff Bubba has worked his way
> > up to being Supreme Dictator Bubba, has the election officials
> > executed and gets the archived code numbers and uses the ballot data
> > to locate everyone who voted against him.
>
> Won't work. It'll just give him the code numbers of everyone who voted
> against him. Remember, we were talking about a case where a citizen
> presents his electronic voting receipt to an official.
>
> > > > > You are looking at a scheme specifically designed to provide X and
> > > > > complaining that it doesn't provide Y. Of course not, it isn't designed
> > > > > to. Unless you want to argue that no scheme can provide both X and Y,
> > > > > your argument is pointless.
> > > >
> > > > I may have missed something but I think I agree with this. Any scheme
> > > > that solves all problems must do both X and Y, where X and Y are in
> > > > conflict with each other.
> > >
> > > What goal is in conflict with what goal?
> >
> > The goal of being able to check votes after the election (to detect
> > fraud) is in conflict with the goal of not being able to check the
> > votes (to protect voter secrecy).
>
> So long as you need the voter's help to check them, you can easily meet
> both goals.
Not quite. If the voter can prove the validity of his vote than a person
threatening the voter can force him to reveal the validity token. The only way to
protect the voter is to permit him to present a fake validity token. But that
conflicts with the fraud detection mechanism because it can be used to hide fraud.
------------------------------
Date: Thu, 16 Nov 2000 22:30:02 -0500
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: vote buying...
David Schwartz wrote:
> Paul Rubin wrote:
> >
> > David Schwartz <[EMAIL PROTECTED]> writes:
> > > > That traceability is bad even if the election officials are honest and
> > > > the election is fair. Years later, Sheriff Bubba has worked his way
> > > > up to being Supreme Dictator Bubba, has the election officials
> > > > executed and gets the archived code numbers and uses the ballot data
> > > > to locate everyone who voted against him.
> > >
> > > Won't work. It'll just give him the code numbers of everyone who voted
> > > against him. Remember, we were talking about a case where a citizen
> > > presents his electronic voting receipt to an official.
> >
> > Nope. Remember, Bubba already got the receipts from the voters back
> > when he was still Sheriff and couldn't decode them. Now he can decode
> > them and there is hell to pay.
>
> He only got the receipts of those people who contested the vote. And he
> can't even be sure that the people who present the contest are the
> original voters. All he knows is that someone presented a voting receipt
> for a vote for candidate X and that this vote wasn't correctly counted
> for candidate X. Unless the system totally breaks down, the number of
> people issuing such disputes should be very small. The disputes could
> even be done anonymously. All that's needed to process the dispute are
> the numbers on the voting receipt.
>
> > > > The goal of being able to check votes after the election (to detect
> > > > fraud) is in conflict with the goal of not being able to check the
> > > > votes (to protect voter secrecy).
> > >
> > > So long as you need the voter's help to check them, you can easily meet
> > > both goals.
> >
> > The whole point of the original Sheriff Bubba scenario was to show
> > that receipts are bad even if the voter has to help decode it.
>
> Nonesense. The voter can simply present the receipt to an official
> anonymously. The offical can then see that voter number X voted for
> candidate Y, and he can also see that voter number X is not in the
> official count for candidate Y. He still doesn't know who voter number X
> is unless that voter chooses to do things personally.
The voter can be forced to make this choice, which compromises his anonymity. Thus
this choice (to reveal his identity) must be unavailable.
>
>
> > Really though, we're talking about Star Trek solutions to a Babylon 5
> > problem (I love that description but don't remember who originally
> > made it).
>
> Not at all. This is a very real and current problem and I'm confident
> that solutions can be found that are significantly better than punch
> cards.
Then pretend sci.crypt is from Missouri: show us.
The requirements are:
a) Anyone(*) can confirm that no fraud occurred. Types of fraud include:
1. Eligible voters cast more than one vote
2. Non-eligible voters cast any votes
3. Votes were properly attributed to the candidates subtotals
(This list is not exhaustive.)
b) No person or group(**) can determine how any citizen voted
(*) This property cannot be available only to officials because officials are not
less corrupt than the population from which they (and the cheaters) are drawn.
(**) This includes all proper subsets of the population. The population includes
voters, nonvoters, candidates, and officials.
I believe the fundamental conflict is irreducible.
------------------------------
From: Paul Crowley <[EMAIL PROTECTED]>
Subject: Breaking Leviathan
Date: Fri, 17 Nov 2000 03:29:25 GMT
Leviathan has a bias detectable after 2^39 bits of output: collisions
between 64-bit aligned outputs are more frequent than they should be.
This is because each 64-bit output is produced by a PRF with a 64-bit
input, which compresses the space of such outputs possible by 1/e.
http://www.cluefactory.org.uk/paul/crypto/leviathan.html
--
__
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
------------------------------
Date: Thu, 16 Nov 2000 22:32:57 -0500
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: vote buying...
Eric Lee Green wrote:
> On 15 Nov 2000 20:07:04 -0800, Paul Rubin <[EMAIL PROTECTED]> wrote:
> >David Schwartz <[EMAIL PROTECTED]> writes:
> >> > That traceability is bad even if the election officials are honest and
> >> > the election is fair. Years later, Sheriff Bubba has worked his way
> >> > up to being Supreme Dictator Bubba, has the election officials
> >> > executed and gets the archived code numbers and uses the ballot data
> >> > to locate everyone who voted against him.
> >>
> >> Won't work. It'll just give him the code numbers of everyone who voted
> >> against him. Remember, we were talking about a case where a citizen
> >> presents his electronic voting receipt to an official.
> >
> >Nope. Remember, Bubba already got the receipts from the voters back
> >when he was still Sheriff and couldn't decode them. Now he can decode
> >them and there is hell to pay.
>
> Huh? Why would Bubba get receipts back from voters? And why would
> there be voters' names attached to those receipts? And if receipt
> numbers are randomly generated and totally unrelated to voter ID
> numbers or names, what in the world would tell him that receipt
> 251-5321592 came from "Eric Lee Green"?
>
> >> > The goal of being able to check votes after the election (to detect
> >> > fraud) is in conflict with the goal of not being able to check the
> >> > votes (to protect voter secrecy).
> >>
> >> So long as you need the voter's help to check them, you can easily meet
> >> both goals.
> >
> >The whole point of the original Sheriff Bubba scenario was to show
> >that receipts are bad even if the voter has to help decode it.
>
> You are assuming that something is there to be decoded.
>
> I'm assuming that the receipts work like cash register receipts -- the
> voter gets one copy, the other copy is on a roll inside the machine.
> Receipt numbers may start at 1 and go upwards (with a prefix of
> course), but if we do not record the times at which voters voted, then
> there's nothing to say that voter "Eric Lee Green" voted for "Pat
> Buchanon" (just to pick somebody I would never vote for :-). You might
> see that receipt number "251-53400005" voted for Pat Buchanon, but unless
> the holder of that receipt comes forth and says otherwise, you have no
> idea who this person is.
>
> The idea is to put the database online and for individuals to be able to
> check their receipt number against what's in the database to verify that
> their vote counted for the candidate on their receipt. Generally the
> individuals who would do this sort of thing would be party faithful
> and there's no secret involved -- they're often campaign volunteers,
> plaster their house with "Bush 2000" or "Guts 2000" signs, etc. With
> the entire database online in downloadable form, you could also download
> the database, import it into your favorite database application/report
> generator, and verify that the totals add up to what the Secretary of
> State says they add up to.
> >don't see this as helping. Maybe there could be some protocol where
> >all the receipts are public, and the statistics of a signed collection
> >of votes (signed by the voting machine) can be computed, but nothing
> >about individual votes can be computed, and the statistics of unsigned
> >collections can't be computed.
>
> The "anonymous receipt" as done by grocery stores fits that bill.
> There is nothing on that cash register tape saying who bought these
> items (unless you presented some sort of club card or credit card), but
> presenting that receipt to the cashier is proof that yes, you did indeed
> purchase this item that you're trying to return. All these votes could
> be online, but without identifying information in the data, there's no
> way to identify individual people.
How does this prevent someone from demanding that a voter show his receipt?
------------------------------
Date: Thu, 16 Nov 2000 22:36:59 -0500
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: vote buying...
Bill Godfrey wrote:
> Paul Rubin <[EMAIL PROTECTED]> writes:
>
> > essential component of democracy. You don't want Sheriff Bubba to be
> > able pull you over and say "Boy, I'm gonna bust your ass unless you
> > get in that booth and vote for Chief Sluggo, and bring back the
> > receipt to show you done it". That also means that even if you took
>
> (In the context of a computer assisted polling station. The computer
> would print the voter's choice in an OCR-able way onto paper, and
> then print a reciept, which the voter can keep or destroy.)
>
> How about, after the real receipt has been printed, offer the voter
> the chance to print a fake reciept to show they voted for someone
> else.
>
> The real recipt would have sort of SHA hash...
> SHA256(time_of_day+polling_station_id+candidate+secret)
>
> The secret would only be known to the election officials, so they
> (and only they) can check if a reciept is real.
This creates a an unacceptable single point of potential failure (corrupt
election officials). The verification process has to be available to every
voter (at least).
------------------------------
Date: Thu, 16 Nov 2000 22:47:12 -0500
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: vote buying...
Dan Oetting wrote:
> Can anyone site a current public election with secret ballots where a
> receipt of the vote is given to the elector?
>
> I do not believe that a receipt is necessary or even usefull and as has
> been shown, can be abused.
>
> In the US, every step of the election process except how an individual
> casts a vote is open to public inspection. It is not the individuals
> responsibility to verify the election process. Each party that has a
> stake in the outcome of an election is allowed to have a poll watcher
> monitor the election process. If you don't trust any of the parties why
> are you bothering to cast a vote?
>
> Now with the idea of receipts out of the way, I'll present a remote
> electronic voting protocol based on the current vote by mail systems.
>
> A mail in vote typically consists of a ballot containing the cast votes
> enclosed in a secrecy envelope enclosed in a sealed return mailing
> envelope which identifies and is signed by the voter.
>
> The first step in processing the returned votes is to verify the
> electors signature on the unopened return mailing envelope against the
> signature in the voter registration records.
>
> After the polls close the return mailing envelopes are opened and the
> secrecy envelopes are removed and shuffled.
This is the critical step for which there is no electronic equivalent. It
completely and irreversibly destroys the relationship between the mailing
envelope and the secrecy envelope, thus preserving the voter's anonymity.
The critical aspect of this process is that it is open. It can be performed
in public with an unlimited number of witnesses.
>
>
> The ballots are then removed from the secrecy envelopes and the votes
> counted.
>
> To make this procedure electronic use public key encryption for the
> envelopes and a digital signature for the electors signature.
>
> The envelopes can be opened and the ballots shuffled by a closed machine
> to protect the secrecy of the ballots. The process can be verified by
> repetition, testing with sample ballots and public inspection of the
> hardware and software. Only one layer of envelope may be necessary.
Here the critical shuffling step must be performed in obscurity. Not the
same thing. Not only must it be secret, the actual shuffling must also be
unrepeatable and unauditable.
This requires too high a degree of trust. Could Microsoft(R), the NSA, or
Crypto AG design software that appeared to be secure while actually
violating the anonymity of voters? Worse, can we prove that they cannot?
>
>
> The exposed ballots can now be viewed and the votes counted.
------------------------------
From: "Alien8" <?>
Subject: Re: And you FBI people reading my messages ... this is just starting ......
:) ... I know you are there .....
Date: Fri, 17 Nov 2000 03:49:29 -0000
>And you FBI people reading my messages ... this is just
>starting ...... :) ... I know you are there .....
>
>
>Sent via Deja.com http://www.deja.com/
>Before you buy.
...and they know your there.
------------------------------
From: "Alien8" <?>
Subject: short encripted message (my first first cript agor)
Date: Fri, 17 Nov 2000 03:54:21 -0000
$X&#^&2@&@*&#X&4E%!
--END--
------------------------------
From: [EMAIL PROTECTED]
Subject: Rijndael: Impossible differential cryptanalysis on 5 rounds
Date: Fri, 17 Nov 2000 04:02:51 GMT
Hi,
I refer to the paper by Biham and Keller on impossible differential
cryptanalysis of 5-round Rijndael.
http://csrc.nist.gov/encryption/aes/round2/conf3/papers/35-ebiham.pdf
Looking at page 8...
The pair of plaintexts chosen should be such that they differ in only
one byte.
They specify that they choose pairs of the form ((a,b,c,d),(a',b,c,d))
in a column... what about the other columns? The other columns should
all have zero byte differences... but why is it that there are 2^40
values in the table? It corresponds to 2^40 possible pairs that meet
the criteria.. how do you arrive at this figure?
Could anyone elaborate on the second paragraph?
Raphael
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Rijndael: Impossible differential cryptanalysis on 5 rounds
Date: Fri, 17 Nov 2000 04:00:50 GMT
Hi,
I refer to the paper by Biham and Keller on impossible differential
cryptanalysis of 5-round Rijndael.
Looking at page 8...
The pair of plaintexts chosen should be such that they differ in only
one byte.
They specify that they choose pairs of the form ((a,b,c,d),(a',b,c,d))
in a column... what about the other columns? The other columns should
all have zero byte differences... but why is it that there are 2^40
values in the table? It corresponds to 2^40 possible pairs that meet
the criteria.. how do you arrive at this figure?
Could anyone elaborate on the second paragraph?
Raphael
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: vote buying...
Date: 16 Nov 2000 20:21:01 -0800
"Trevor L. Jackson, III" <[EMAIL PROTECTED]> writes:
> The requirements are:
>
> a) Anyone(*) can confirm that no fraud occurred. Types of fraud include:
> 1. Eligible voters cast more than one vote
> 2. Non-eligible voters cast any votes
> 3. Votes were properly attributed to the candidates subtotals
> (This list is not exhaustive.)
> b) No person or group(**) can determine how any citizen voted
To be more explicit about b), you might have to add:
c) No voter can give evidence that s/he voted for or against any given
candidate ("receipt-free").
> I believe the fundamental conflict is irreducible.
Certainly it's hard. The original paper on the subject was by Benaloh
and Tuinstra, Receipt-Free Secret-Ballot Elections Proceedings of the
26th ACM Symposium on Theory of Computing. Montreal, PQ. May
1994. (New York, USA: ACM 1994), pp. 544--553. There's a link to a
.ps file on Josh Benaloh's home page:
http://www.research.microsoft.com/users/benaloh
http://www.votehere.net seems to be peddling a commercial version of
these methods.
------------------------------
From: Raphael Phan <[EMAIL PROTECTED]>
Subject: DES question: Has this ever been proven before?
Date: Fri, 17 Nov 2000 04:21:22 GMT
Hi,
Just wondering...
let x and y be a pair of plaintexts to DES such that the input XOR
is x'. Would the corresponding output pair have the same XOR
difference?
Raphael
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
