Re: eCompute ECC2-109 Project has PROBABLE solution (now official)
At 11:24 PM 4/8/2004, Anne & Lynn Wheeler wrote: http://www.ecompute.org/ecc2/ it is now official eCompute ECC2-109 Project We have received unofficial OFFICIAL word that the solution is valid! As a result, the DP server has been closed and were working on finalizing the final stats. No further DP values will be accepted and the DP server will remain closed. A little later today well be posting complete information regarding the solution, some project stats, and other final information. Until then We wish to thank everyone who has contributed to this project. With your help, it was a success. Without your help, it never could have happened! The solution was achieved through a collision of points provided by: glenon from Ars Technica Team Vodka Martini Maximum_Confusion from TechIMO The following was written by Chris Monico to describe the solution achieved. ... snip .. -- Anne & Lynn Wheelerhttp://www.garlic.com/~lynn/ Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
RE: voting
> Ed Gerck[SMTP:[EMAIL PROTECTED] > > John Kelsey wrote: > > > > At 11:05 AM 4/9/04 -0400, Trei, Peter wrote: > > > > >1. The use of receipts which a voter takes from the voting place to > 'verify' > > >that their vote was correctly included in the total opens the way for > voter > > >coercion. > > > > I think the VoteHere scheme and David Chaum's scheme both claim to solve > > this problem. The voting machine gives you a receipt that convinces you > > (based on other information you get) that your vote was counted as cast, > > but which doesn't leak any information at all about who you voted for to > > anyone else. Anyone can take that receipt, and prove to themselves that > > your vote was counted (if it was) or was not counted (if it wasn't). > > The flaw in *both* cases is that it reduces the level of privacy > protection > currently provided by paper ballots. > > Currently, voter privacy is absolute in the US and does not depend > even on the will of the courts. For example, there is no way for a > judge to assure that a voter under oath is telling the truth about how > they voted, or not. This effectively protects the secrecy of the ballot > and prevents coercion and intimidation in all cases. > > I'd pretty much dropped this topic after it became clear that Mr. Leichter's only response to the problems that people pointed out in VoteHere's scheme (in particular, its vulnerability to vote coercion, and lack of recountability) was to attempt to redefine them as non-problems. However, since the topic has arisen again. Ed's got a very good point. I always prefer security which relies for its integrity on the laws of nature, rather than on people behaving with integrity. Peter Trei - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: voting
John Kelsey wrote: > > At 11:05 AM 4/9/04 -0400, Trei, Peter wrote: > > >1. The use of receipts which a voter takes from the voting place to 'verify' > >that their vote was correctly included in the total opens the way for voter > >coercion. > > I think the VoteHere scheme and David Chaum's scheme both claim to solve > this problem. The voting machine gives you a receipt that convinces you > (based on other information you get) that your vote was counted as cast, > but which doesn't leak any information at all about who you voted for to > anyone else. Anyone can take that receipt, and prove to themselves that > your vote was counted (if it was) or was not counted (if it wasn't). The flaw in *both* cases is that it reduces the level of privacy protection currently provided by paper ballots. Currently, voter privacy is absolute in the US and does not depend even on the will of the courts. For example, there is no way for a judge to assure that a voter under oath is telling the truth about how they voted, or not. This effectively protects the secrecy of the ballot and prevents coercion and intimidation in all cases. Thus, while the assertion that "Only if all the trustees collude can the election be defrauded" may seem to be reasonable at first glance, it fails to protect the system in the case of a court order -- when all the trustees are ordered to disclose whatever they know and control. Also, the assertion that "All of this is possible while still m aintaining voter secrecy and privacy essential to all public elections" is incorrect, for the same reason. Moreover, the assertion that "Vote receipts cannot be used for vote selling or to coerce your vote" is also incorrect, for the same reason. These shortcomings do not depend on any specific flaw of a shuffling process, a TTP, or any other component of either system. Rather, it is a design flaw. A new election system should do "no harm" -- reducing the level of voter privacy and ballot secrecy should not be an acceptable trade-off for changing from paper to electronic records, or even electronic verification. Court challenges are a real scenario that election officials talk about and want to avoid. Without making voter privacy inherently safe from court orders, voter privacy and ballot secrecy are at the mercy of casuistic, political and corruption influences -- either real or potential. When the stakes are high, we need fail-safe procedures. Now, you may ask, is there any realistic possibility of a court order for all trustees to reveal their keys? Yes, especially in a hot and contested election -- and not only Bush vs. Gore. Many local elections are very close and last year an election in California was decided by *one* vote. For example, the California Secretary of State asked this as an evaluation question, when they were testing voting systems for the 2000 Shadow Election Project. The question was whether and to what extent the voting system could be broken under court order for example, if some unqualified voters were wrongly allowed to vote in a tight election and there would be a court order to seek out and disqualify their votes under best efforts. Perhaps a trustee could be chosen who would be immune even from a US court order? Well, not for a US election, which is 100% under state and/or federal jurisdiction. But there are additional scenarios -- a bug, Trojan horse, worm and/or virus that infects the systems used by all trustees would also compromise voter secrecy and, thereby, election integrity. Cheers, Ed Gerck - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
RE: voting
One area we are not addressing in voting security is absentee ballots. The use of absentee ballots is rising in US elections, and is even being advocated as a way for individuals to get a printed ballot in jurisdictions which use electronic-only voting machines. Political parties are encouraging their supporters to vote absentee. I believe that one election in Oregon was recently held entirely with absentee ballots. For classic polling place elections, one strength of an electronic system which prints paper ballots is that there are two separate paths for the counts. The machine can keep its own totals and report them at the end of the election. These totals can then be compared with the totals generated for that precinct by counting the paper ballots. This redundancy seems to me to provide higher security than either system alone. Cheers - Bill - Bill Frantz| "There's nothing so clear as a | Periwinkle (408)356-8506 | vague idea you haven't written | 16345 Englewood Ave www.pwpconsult.com | down yet." -- Dean Tribble | Los Gatos, CA 95032 - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]