On Nov 12, 2003, at 5:08 PM, Rob Speer wrote:
So you get to confirm that you voted, but not that your vote went to the
person you wanted to vote for?
I don't think that's what people are looking for in verifiability.
Okay, I wasn't entirely clear.
Then again, it's probably the best kind of verifiablity you can get without enabling coercion. But that's a really complicated system for such a small gain.
Well, the only other option I can think of is to have a 'trusted third party' "C". Each voters 'seed' would be encrypted by C public key, and can only be decrypted by C. If C was a completely distinct system, then voter V could go to a secure location, where their identity would be verified by other means (e.g., photo ID), and then view the results of their vote in a secure environment.
This isn't totally anonymous, but it would allow spot-checking in an environment completely independent of that used by the voting system.
-- Ernie P.
On Nov 12, 2003, at 5:08 PM, Rob Speer wrote:
On Wed, Nov 12, 2003 at 04:38:07PM -0800, Ernest Prabhakar wrote:What was the goal of that receipts??? 1) To remember who you voted for? or 2) To verify your vote was counted?
1) is silly. If 2) is possible for you, it is possible for the mafia too. ;-)
I don't get #2 at all. I've actually been confused by this. If by
receipt we mean a full plaintext list of all the votes you made, then I
can see how it would be a security risk. However, it would think it
would be fairly trivial to create an ecrypted receipt that could
-verify- a vote without actually revealing the vote (at least without
massive conspiracy).
For example, each vote could be used to create a 'private key - public
key' pair, as in public key infrastructures (PKI). The private key
would be used to hash a cumulative vote tally, and the public key would
be given to the voter (along with: you are the 1523rd voter). It
should be mathematically possible to audit the vote tallies, and for
the voter to confirm that his private key was used at a given step,
without revealing any information about the private key. The first
voter would hash a random seed, so that even his/her vote would not be
decipherable.
So you get to confirm that you voted, but not that your vote went to the
person you wanted to vote for?
I don't think that's what people are looking for in verifiability.
Then again, it's probably the best kind of verifiablity you can get without enabling coercion. But that's a really complicated system for such a small gain.
-- Rob Speer
----
Election-methods mailing list - see http://electorama.com/em for list info
---- Election-methods mailing list - see http://electorama.com/em for list info
