Cryptography-Digest Digest #195, Volume #13 Mon, 20 Nov 00 22:13:00 EST
Contents:
A Simple Voting Procedure (Kevin A. Roll)
S/MIME ([EMAIL PROTECTED])
Re: A Simple Voting Procedure (Paul Rubin)
Re: A Simple Voting Procedure (David Schwartz)
Re: vote buying... (David Wagner)
Re: A Simple Voting Procedure (Paul Rubin)
Re: WS_FTP is insecure - it supports SSL, but only with 40-bit keys! (Eric Smith)
Re: A Simple Voting Procedure (David Schwartz)
Re: A Simple Voting Procedure (Paul Rubin)
"unsecure data structures" ? ("Rainer Nausedat")
Re: A Simple Voting Procedure (David Schwartz)
Re: A Simple Voting Procedure (Paul Rubin)
Re: A Simple Voting Procedure (David Schwartz)
Re: vote buying... ("Paul Pires")
Re: A Simple Voting Procedure (Paul Rubin)
Re: A Simple Voting Procedure ([EMAIL PROTECTED])
new book for beginners (William Stallings)
----------------------------------------------------------------------------
From: Kevin A. Roll <[EMAIL PROTECTED]>
Subject: A Simple Voting Procedure
Date: Mon, 20 Nov 2000 20:17:22 -0500
I'm not sure that cryptography is even necessary for a perfectly secure
vote... consider the following scenario:
1. At the time of voting, a random key number is generated (long enough
to guarantee uniqueness amongst the pool of voters). This key is
associated with the voter's selections, and provided to the voter. For
example, you vote and are given back the key 'CBFGPGKWJH'.
2. When the election is complete, the entire list of votes and keys is
published/made available online.
* Any person can tabulate the election votes themselves and verify the
count.
* Any particular individual can locate their votes using their unique key
and verify that their vote is correctly recorded.
* No person can identify another person's vote without knowing their
unique key.
3. To solve the other half of the problem, a separate list of equal size
is published which details every indivual who voted. Anyone can verify
the credentials of a given voter, eliminating dead voters, etc.
4. If it is desired to be able to disqualify particular, individual
votes, then a link between the two lists is necessary. This is where
encryption would come into play... only a trusted authority would be able
to decrypt the identity of a particular voter. However, I think step 2 is
the crucial part of the process that is missing today... a way for the
public to observe the results directly.
Comments?
------------------------------
From: [EMAIL PROTECTED]
Subject: S/MIME
Date: Tue, 21 Nov 2000 01:13:10 GMT
Would anyone happen to know the key differences between S/MIMEv2 and
S/MIMEv3. Is it just the addition of more encryption algoritms?
-Jeff
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: A Simple Voting Procedure
Date: 20 Nov 2000 17:22:34 -0800
Kevin A. Roll <[EMAIL PROTECTED]> writes:
> Comments?
In the US, we're supposed to have secret elections, where ballot secrecy
does NOT depend on trusting an authority, at least after the votes have
been counted. Also, the votes have to stay secret EVEN IF THE VOTER
WANTS TO REVEAL THEM (mandatory, not optional secrecy). Your scheme
doesn't have the necessary properties. This was already discussed
in the "vote buying" thread.
------------------------------
From: David Schwartz <[EMAIL PROTECTED]>
Subject: Re: A Simple Voting Procedure
Date: Mon, 20 Nov 2000 17:26:26 -0800
Paul Rubin wrote:
>
> Kevin A. Roll <[EMAIL PROTECTED]> writes:
> > Comments?
>
> In the US, we're supposed to have secret elections, where ballot secrecy
> does NOT depend on trusting an authority, at least after the votes have
> been counted. Also, the votes have to stay secret EVEN IF THE VOTER
> WANTS TO REVEAL THEM (mandatory, not optional secrecy). Your scheme
> doesn't have the necessary properties. This was already discussed
> in the "vote buying" thread.
Do you think it's essential that the secrecy remain if both an
authority and the voter wishes to reveal them? In other words, is it
sufficient if I can't reveal my vote to third parties withou help of an
official and an official can't figure out how I voted without my help?
Or must it be literally impossible to pair a voter with his vote?
DS
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: vote buying...
Date: 21 Nov 2000 01:31:44 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
Shawn Willden wrote:
>It's interesting to note that the voting schemes we currently use fail this
>test as well. If I want to buy your vote, I just have you request an
>absentee ballot which I fill out for you and mail in. Maybe this isn't an
>important test.
In most states, absentee ballots aren't widely used. And yes,
they _are_ recognized as an unfortunate fraud risk (which is perhaps
why some states restrict their use to only voters who can't physically
go to the polls).
Remember, security against voting fraud isn't an all-or-nothing
affair.
In most races, it takes large numbers of fraudulent votes to affect
the outcome. If 1% of your population uses absentee ballots, they may
not be enough to affect the outcome, and even if they are, if you see
dramatically different ratios of votes in the absentee ballots, it is
likely to tip you off to look more closely at the absentee ballots.
In comparison, some others have proposed to move the entire system
-- in every state -- to a system where every vote is at the same risk
of fraud as is found in absentee ballots. That, to me, represents an
increase in the exposure to the risk of large-scale voting fraud.
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: A Simple Voting Procedure
Date: 20 Nov 2000 17:35:31 -0800
David Schwartz <[EMAIL PROTECTED]> writes:
> Do you think it's essential that the secrecy remain if both an
> authority and the voter wishes to reveal them? In other words, is it
> sufficient if I can't reveal my vote to third parties withou help of an
> official and an official can't figure out how I voted without my help?
> Or must it be literally impossible to pair a voter with his vote?
I very much prefer to require literal impossibility of pairing a voter
with his vote after the election is over. See the vote buying thread.
Even if an election is fair and honest, a repressive regime might
still take over the government years later. I wouldn't want that
regime to have any chance of using the ballot data to identify its
opponents.
------------------------------
From: Eric Smith <[EMAIL PROTECTED]>
Subject: Re: WS_FTP is insecure - it supports SSL, but only with 40-bit keys!
Date: 20 Nov 2000 17:54:22 -0800
I wrote:
> I've been trying to find an FTP client for Windows that supports SSL,
> and tried WS_FTP from Ipswitch. It's inexpensive, and they provide
> a time-limited demo.
>
> I'm very glad that they provided the demo. If I'd paid money for it
> I'd demand a refund. I found out the hard way that they support
> *only* 40-bit ciphers.
"George Peters" <[EMAIL PROTECTED]> writes:
> Take a look at http://www.datasecuritysolutions.com . They have an FTP
> client that you would probably want to use. You can download a limited time
> full functional demo as well.
No, doesn't do anything even similar to what I want. They encrypt files,
then use *insecure* FTP to send them to the server. And then you have
encrypted files sitting on the server.
Anyone that manages to run a packet sniffer on that will still get
a user ID and password, since the FTP control session is not encrypted.
And I only want the data to be encrypted in transit. Once it's on
the server, I want it in the clear. With the Eureka Encryption FTP,
I'd have to run some other program to decrypt the files. And there's
no indication that they have a decryption program for Linux.
What I want is an FTP client for Windows that supports the Internet
Draft for FTP over SSL. WS_FTP is close, if only they hadn't crippled
the crypto.
------------------------------
From: David Schwartz <[EMAIL PROTECTED]>
Subject: Re: A Simple Voting Procedure
Date: Mon, 20 Nov 2000 18:07:59 -0800
Paul Rubin wrote:
>
> David Schwartz <[EMAIL PROTECTED]> writes:
> > Do you think it's essential that the secrecy remain if both an
> > authority and the voter wishes to reveal them? In other words, is it
> > sufficient if I can't reveal my vote to third parties withou help of an
> > official and an official can't figure out how I voted without my help?
> > Or must it be literally impossible to pair a voter with his vote?
>
> I very much prefer to require literal impossibility of pairing a voter
> with his vote after the election is over. See the vote buying thread.
> Even if an election is fair and honest, a repressive regime might
> still take over the government years later. I wouldn't want that
> regime to have any chance of using the ballot data to identify its
> opponents.
Your answer didn't address my question about whether an official could
or couldn't pair a vote with the voter WITH THAT VOTERS HELP. I don't
think an oppressive regime could count on its opponents help!
The question I'm asking is, is it okay if an election official could
pair a vote to a voter with that voter's help. This would allow
incorrectly counted votes to be fixed and every voter (and nobody else)
who wished to could confirm that their vote was correctly counted.
DS
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: A Simple Voting Procedure
Date: 20 Nov 2000 18:12:15 -0800
David Schwartz <[EMAIL PROTECTED]> writes:
> > I very much prefer to require literal impossibility of pairing a voter
> > with his vote after the election is over. See the vote buying thread.
> > Even if an election is fair and honest, a repressive regime might
> > still take over the government years later. I wouldn't want that
> > regime to have any chance of using the ballot data to identify its
> > opponents.
>
> Your answer didn't address my question about whether an official could
> or couldn't pair a vote with the voter WITH THAT VOTERS HELP. I don't
> think an oppressive regime could count on its opponents help!
Quite the opposite. If the voter can help, the oppressive regime can
and will demand the help, under threat of torture or whatever. So the
voter must be unable to help.
------------------------------
From: "Rainer Nausedat" <[EMAIL PROTECTED]>
Subject: "unsecure data structures" ?
Date: Tue, 21 Nov 2000 00:51:44 +0100
Hi all,
I hope my question(s) are not OT here. If so, may be somebody could kindly
point me to the correct NG.
We are developing an archiving/compression tool that encrypts the compressed
data and the file header in the archives.
Usually, file headers for archives are kind of the thing below
typedef struct
{
...
dword dwFileCrc
dword dwFileAttribute
char cCompressionMethod
char cHostOS
variable FileName
...
}HEAD_STRUCT;
Am I right if I assume that one could easily break such a header if is
encrypted ? dwFileCrc for example could be least any 32bit value, but
dwFileAttribute is one of say 12 known possible values, and
cCompressionMethod is one 6 known possible values etc.
Thank you very much,
Rainer Nausedat
------------------------------
From: David Schwartz <[EMAIL PROTECTED]>
Subject: Re: A Simple Voting Procedure
Date: Mon, 20 Nov 2000 18:16:35 -0800
Paul Rubin wrote:
>
> David Schwartz <[EMAIL PROTECTED]> writes:
> > > I very much prefer to require literal impossibility of pairing a voter
> > > with his vote after the election is over. See the vote buying thread.
> > > Even if an election is fair and honest, a repressive regime might
> > > still take over the government years later. I wouldn't want that
> > > regime to have any chance of using the ballot data to identify its
> > > opponents.
> >
> > Your answer didn't address my question about whether an official could
> > or couldn't pair a vote with the voter WITH THAT VOTERS HELP. I don't
> > think an oppressive regime could count on its opponents help!
>
> Quite the opposite. If the voter can help, the oppressive regime can
> and will demand the help, under threat of torture or whatever. So the
> voter must be unable to help.
What a non-sequiter! Who said the voter can't trivially make himself
unable to help if he wants to? Can you please answer the question I'm
asking.
DS
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: A Simple Voting Procedure
Date: 20 Nov 2000 18:34:22 -0800
David Schwartz <[EMAIL PROTECTED]> writes:
> > Quite the opposite. If the voter can help, the oppressive regime can
> > and will demand the help, under threat of torture or whatever. So the
> > voter must be unable to help.
>
> What a non-sequiter! Who said the voter can't trivially make himself
> unable to help if he wants to? Can you please answer the question I'm
> asking.
I'm missing something. If the voter is able to help, the oppressor
says "provide help OR ELSE". If the voter makes himself unable to
help, that counts as refusing to provide help. I don't want a system
where the voter can decide whether or not to provide help. I want
a system where the voter CANNOT provide help.
------------------------------
From: David Schwartz <[EMAIL PROTECTED]>
Subject: Re: A Simple Voting Procedure
Date: Mon, 20 Nov 2000 18:48:31 -0800
Paul Rubin wrote:
>
> David Schwartz <[EMAIL PROTECTED]> writes:
> > > Quite the opposite. If the voter can help, the oppressive regime can
> > > and will demand the help, under threat of torture or whatever. So the
> > > voter must be unable to help.
> >
> > What a non-sequiter! Who said the voter can't trivially make himself
> > unable to help if he wants to? Can you please answer the question I'm
> > asking.
>
> I'm missing something. If the voter is able to help, the oppressor
> says "provide help OR ELSE". If the voter makes himself unable to
> help, that counts as refusing to provide help. I don't want a system
> where the voter can decide whether or not to provide help. I want
> a system where the voter CANNOT provide help.
You can have a system where the voter both can and cannot provide help.
Consider, for example, a system where the voter gets an electronic
receipt which he can either keep or throw out. Or you can have a system
where there are 'dummy' receipts that look genuine in all ways to
officials and wherein a voter can produce a dummy or the real receipt
and an official couldn't tell which is which. So just because the voter
can help if he chooses to, it does not follow that the voter can be
compelled to help.
Now, the question I'm asking is, is there any objection to a system
where the voter and an official can, with mutual consent, determine how
the voter voted? If you don't want to answer the question, that's fine.
But don't answer some other question in the guise of answering mine.
DS
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: vote buying...
Date: Mon, 20 Nov 2000 18:53:40 -0800
David Wagner <[EMAIL PROTECTED]> wrote in message
news:8vcja0$ehs$[EMAIL PROTECTED]...
> Shawn Willden wrote:
> >It's interesting to note that the voting schemes we currently use fail this
> >test as well. If I want to buy your vote, I just have you request an
> >absentee ballot which I fill out for you and mail in. Maybe this isn't an
> >important test.
>
> In most states, absentee ballots aren't widely used. And yes,
> they _are_ recognized as an unfortunate fraud risk (which is perhaps
> why some states restrict their use to only voters who can't physically
> go to the polls).
>
> Remember, security against voting fraud isn't an all-or-nothing
> affair.
>
> In most races, it takes large numbers of fraudulent votes to affect
> the outcome. If 1% of your population uses absentee ballots, they may
> not be enough to affect the outcome, and even if they are, if you see
> dramatically different ratios of votes in the absentee ballots, it is
> likely to tip you off to look more closely at the absentee ballots.
>
> In comparison, some others have proposed to move the entire system
> -- in every state -- to a system where every vote is at the same risk
> of fraud as is found in absentee ballots. That, to me, represents an
> increase in the exposure to the risk of large-scale voting fraud.
Your main point is the "Same risk as absentee ballots" the part
that scares me most is the "in every state part". As in centralized
control.
In the US, that would also involve removing a key part of the
separation of power between the Feds & States.
This centralized control and coordination
removes the impact, effect and management of the individual
states, bad and good alike.
The ability to effect a successful conspiracy is inversely
proportional to the number of competent co-conspirators
required, Weighted substantially by the remote likelihood
that a diverse group in a position to perpetrate
such a fraud and still have common cause.
Paul
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: A Simple Voting Procedure
Date: 20 Nov 2000 18:57:13 -0800
David Schwartz <[EMAIL PROTECTED]> writes:
> You can have a system where the voter both can and cannot provide help.
> Consider, for example, a system where the voter gets an electronic
> receipt which he can either keep or throw out. Or you can have a system
> where there are 'dummy' receipts that look genuine in all ways to
> officials and wherein a voter can produce a dummy or the real receipt
> and an official couldn't tell which is which. So just because the voter
> can help if he chooses to, it does not follow that the voter can be
> compelled to help.
Huh? What are receipts like that good for?
Dudley Do-right (good guy) and Snidely Whiplash (bad guy) have an
election. Dudley wins by a 3-vote margin. 1000 of Snidely's
supporters get together with their dummy receipts and go on TV saying
the election was rigged. They produce their dummy receipts that show
they voted for Snidely and yet the official rolls (when decrypted by
the dummy receipts, which they claim are real receipts) show they
voted Snidely.
Receipts that don't prove anything aren't worth anything.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: A Simple Voting Procedure
Date: Tue, 21 Nov 2000 02:51:15 GMT
In article <[EMAIL PROTECTED]>,
David Schwartz <[EMAIL PROTECTED]> wrote:
> What a non-sequiter! Who said the voter can't trivially make
himself
> unable to help if he wants to? Can you please answer the question I'm
> asking.
How about this.
Captain of the Guard comes knocking on your door, points a gun at your
head and politely requests your assistance is solving whether or not
you voted a particular way. If you voted wrong he'll shoot you, if you
refuse to cooperate he'll shoot you. I personally would not want it to
be possible to forcibly coerse someone like that. Also if you cannot
prove how you voted, someone cannot reliably buy your vote.
Joe
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (William Stallings)
Subject: new book for beginners
Date: Mon, 20 Nov 2000 22:02:06 -0500
I just got a copy of
Cryptological Mathematics
By Robert Lewand
Mathematical Association of America, 2000
Based on a quick first pass, this is a book I would recommend to
beginners. It covers classical cryptology as well public key. Although the
treatment is easy to follow, the math is rigorous and covers a lot of
ground, including number theory, abstract algebra, matrix algebra,
probability , and statistics. It also includes problems with solutions and
computer programming exercises.
For more info, see
http://faculty.goucher.edu/blewand/cryptomath/
P.S. I have no affiliation with the author or publisher.
Bill
| | Descriptions, errata sheets and discount order info |
| | for my current books and info on forthcoming books: |
| Bill Stallings | WilliamStallings.com |
| [EMAIL PROTECTED] | |
| | Visit Computer Science Student Support site: |
| | WilliamStallings.com/StudentSupport.html |
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
