Timo Röhling <[email protected]> writes: > * Thomas Goirand <[email protected]>:
>> 2- Receipt-freeness: a voter does not gain any information (a receipt) >> which can be used to prove to a coercer that she voted in a certain way. >> 6- Eligibility verifiability: anyone can check that each vote in the >> election outcome was cast by a registered voter and there is at most one >> vote per voter. > Property 2 is violated if the vote is confirmed in a signed email like > the public votes (I can't say because I never participated in a DPL > election yet). It is. Our current voting system makes no attempt at property 2. > Property 6 is violated, because you can trivially add arbitrary > ballots with random HMAC_SHA256_HEX values (unless the voter turnout > is 100%, which seems rather unlikely). I'm not sure that I see this for DPL elections because we publish both the list of votes and the list of voters. If those two lists aren't the same length, that's fairly trivially detectable. -- Russ Allbery ([email protected]) <https://www.eyrie.org/~eagle/>
