Subj: Riera and Borrell presentation Date: Tue, Mar 16, 1999 10:39 AM EDT From: [EMAIL PROTECTED] X-From: [EMAIL PROTECTED] (Lorrie Faith Cranor) Sender: [EMAIL PROTECTED] To: [EMAIL PROTECTED] The March 15 issue of Cipher, the Newsletter of the IEEE Computer Society's TC on Security and Privacy, contained a report by Tatyana Ryutov on the Internet Society Symposium on Network and Distributed System Security (NDSS '99) February 03 - February 05, 1999. The report included a summary of a presentation about a cryptographic electronic voting scheme. The full report can be found at: http://www.itd.nrl.navy.mil/ITD/5540/ieee/cipher/articles/conf-rep-ndss99.html I have excerpted the relevant information here: "Next was an interesting paper "Practical Approach to Anonymity in Large Scale Electronic Voting Schemes" by Andreu Riera and Joan Borrell (Universitat Autonoma de Barcelona, Spain). Andreu Riera presented. Their work considered how to implement a realistic large scale voting system. Their scheme is based on cooperation of multiple hierarchically arranged electoral authorities. The advantages of this scheme are: single non-anonymous voting session (a widely accepted solution is based on two sessions anonymous and non-anonymous) and no requirements for external mixes. The anonymity is provided by shuffling ballot boxes a number of times. There are restrictions to this approach. The proposed scheme can model all commonly accepted security requirements, except uncoercibility (inability of voters to prove in which way they voted), which require hardware components to be added into the scheme. "A participant asked if the scheme was implemented. Andreu replied that they are working on the protocol. Someone asked: authentication of the voter is required, how privacy is maintained? Andreu explained that authentication of the voter private key is required, to assure privacy the blind signature mechanism is used. One questioner pointed out that in commercial voting systems all software is proprietary, they do not allow looking at the code, therefore there are many ways to subvert election, e.g. by means of covert channels. "Another question was: Is this complexity practical for real system? Andreu: complexity is inevitable. A member of the audience asked if it is possible to detect who voted twice. Andreu: yes. Another question was about association between a voter and his vote. Andrew pointed out that it was not possible to detect association between a voter and his vote." This message was distributed through the e-lection mailing list. For info and archives see http://www.research.att.com/~lorrie/voting/
