Paul Kislanko wrote:
There are several ways to make ballots-counted public record without
compromising the anonymity of ballots-cast. The trick is to assign a unique
key to each POTENTIAL ballot-cast, and expose said key only to the voter who
casts an actual ballot.
The collecting authority publishes the list of keys that are associated with
ballots cast, and the counting authorities for the different items on the
ballot (different for local, state, federal, etc. items on the ballot)
publish the ballot keys COUNTED for each item for which they are
responsible.
The voter, who's the only person who knows the key associated with her
ballot, can verify that her ballot was collected and counted by comparing
her ballot-ID with those listed. Her identity is never known to anyone, but
if she finds her ballot-ID in the "collected" list but not in any "counted
the way I voted" list she can present the conflict to an alternate counting
authority who can challenge the count and go back to the collecting
authority to retrieve all ballots and re-count them.
I think we'd have to figure out what the system is supposed to protect
against. There has been some confusion: Mike said that his system would
let the voters know that their ballots have been counted, upon which I
said that this may not be enough, if it would also enable vote-buying
and coercion attacks.
Does your method only solve Mike's desiderata, or mine as well? As far
as I can see, your method would be vulnerable to vote-buying/coercion
because the buyer would demand the seller's ID. The seller might give
the wrong ID, but then he doesn't get paid (after the election, of
course). This is more a vulnerability towards coercion, since a
vote-buyer might want to be paid immediately, but in the case of
coercion, the mafia could beat up the voter later (or the boss could
fire the voter, or whatever).
Considering it in greater detail, there are three classes of vote-buying
or coercion attacks:
Passive immediate - The voter does something, and produces proof that
that's been done.
Passive delayed - The voter does something, and produces part of a token
that confirms, after the election, that he voted for the right candidate(s).
Active - The adversary watches the voter the entire time, or the
adversary can demand pictures from the polling booth. The former regards
vote-at-home, the latter voting with cameras/etc.
One possible way of making your system safe against passive delayed
attacks would be to augment the hash. That is, you vote A > B > C, your
ID is 13, and the hash is 24. When you leave, they give you a random
number (say 100) and the sum of the two (124). If the vote-buyers wanted
C > B > A with hash 23, you just tell them your random number was 101.
This is a bit impractical, though, since you'd have to remember both
your random number and hash, and those would be significantly larger,
and you would also have to be able to compute, from the voting booth,
the hash of any ordering, so you could find the difference to trick the
vote-buyers.
----
Election-Methods mailing list - see http://electorama.com/em for list info
