On Sun, 2006-11-26 at 17:30 -0500, Gabriel Burt wrote: > On Sat, 2006-11-25 at 21:40 -0500, Ryan Lortie wrote: > > As a voter, how do I know that my "token" isn't just a deterministic > > hash of my choices? The people running the election could then easily > > just publish my choices along with this token once for every person who > > chose the same way that I did. > > It was my understanding (and it could certainly be wrong) that the > elections committee was going to publish the tokens and choices in > list form. If that is what they do, then checking for duplicate > tokens is trivial. If everybody verifies their vote is published > accurately, and the results from the published list match the official > results, then it is a fair election.
Very interesting points Ryan makes. Let me give an example from the results of the election last year: http://foundation.gnome.org/vote/votes.php?election_id=2 What he's saying is that, suppose you voted for me, Quim, Federico, Dave, Bastien, Luis, and Jeff, and were given the anonymous token 0bhnyOzwLJ05jYV2phjusfe0jBYO3HZf. How do you make sure that no one else who voted for the same seven candidates received the same anonymous token? > The one attack I can see is making up votes for people who were > registered but didn't vote. > > Gabriel -- behdad http://behdad.org/ "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety." -- Benjamin Franklin, 1759 _______________________________________________ foundation-list mailing list foundation-list@gnome.org http://mail.gnome.org/mailman/listinfo/foundation-list