Mike Frank wrote:
Here is another question. Will average people really gain confidence
from cryptographic ballot certificates?
To explain the issue in a more detail: The certificates in my system
(like other crypto-based voting systems) only really "prove" anything if
you accept certain cryptographic assumptions, namely, that certain
functions have a technical property of being "one-way," which basically
means they can't feasibly be inverted. No one currently knows how to
rigorously prove that any one-way functions actually exist. However, a
number of functions are strongly /believed /to be one-way, because large
numbers of extremely smart mathematicians have tried to find an easy way
to invert them without any success. Still, for all we know, there could
be someone out there (at the NSA, perhaps) who already knows how to
invert these functions, and just isn't admitting it. So, we can't
really be /absolutely /100% certain that these certificates can't really
be forged. But, most cryptographers believe that they can't.
Given this semi-cloudiness about the situation, will voters feel that
the certificates really help prove anything about the correctness of the
election results? Will they feel any better about the results of an
election system that provides certificates than they feel about one that
doesn't?
Certainly, the certificates do make it much harder to intentionally
miscount the ballots, in the sense that getting away with this would
require the system designers to have access to the work of some genius
mathematicians that have solved problems nobody else has been able to
solve, and whose work has been kept entirely secret from the world. And
further, it may be the case that these problems really are truly
impossible to solve, in which case systematic fraud in this kind of
system is really impossible. But we don't really know for 100% certain
that the problems are insoluble.
To anyone reading this... Would the use of crypto technology like this
in your election system make YOU feel any better?
If given the choice between a vote-at-home system without any
cryptography and one with crypto, I'd take the crypto (as long as it
works and doesn't have any holes). I don't think vote-at-home is a good
idea, though, and even direct electronic voting with general purpose
computers at polling places is kind of... eh.
I'm pretty sure that the cryptographic primitives are secure. If they
aren't, voting will be the least of our troubles.
----
Election-Methods mailing list - see http://electorama.com/em for list info
