[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Dual method

To: lpuls@xxxxxxxxxxxxx
Subject: Re: Dual method
From: Nicholas Bernstein <nicholas.bernstein@xxxxxxxxxxxx>
Date: Mon, 29 Dec 2003 15:03:41 -0700
Cc: CVV List <bcv@xxxxxxxxxxx>, Nicholas Bernstein <bernsten@xxxxxxxxxxxx>
Delivered-to: mailing list bcv@booyaka.com
In-reply-to: <3FF078FC.2070000@earthlink.net>
List-help: <mailto:bcv-help@booyaka.com>
List-post: <mailto:bcv@booyaka.com>
List-subscribe: <mailto:bcv-subscribe@booyaka.com>
List-unsubscribe: <mailto:bcv-unsubscribe@booyaka.com>
Mailing-list: contact bcv-help@booyaka.com; run by ezmlm
References: <3FE9FBC7.9030402@colorado.edu> <20031225012420.GJ1322@feynman> <3FEA6F0A.1080804@colorado.edu> <20031225054953.GK1322@feynman> <3FECB758.9070606@colorado.edu> <20031227003253.GM1322@feynman> <3FEDBC7F.7040909@colorado.edu> <3FF078FC.2070000@earthlink.net>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007

I'm not sure I'm following you about the private key. The voter doesn't need (or even want) to know that the county has matched his/her name to a particular ballot.

What I was thinking was that:

   * The voter comes into the polling place and is checked off on (a
     paper copy of ) the registered voter list.
   * The voter is given a single-time use password for the system. Once
     that password is used, it  cannot be used again (and the passwords
     should not be guessable). This is necessary to eliminate double
     voting, just like only being given one paper ballot in the current
     system. (There may be better/simpler  ways to eliminate double
     voting)
   * The password is used only to access to the computer, it is not
     saved anywhere.
   * The voter makes choices on the computer.
   * The moment a ballot is committed, a unique ballot ID is generated,
     saved with the electronic ballot and printed out on the two paper
     receipts.
   * The ballot ID is generated by some method (the method isn't all
     that important, SHA, DSA, MD5, whatever) and is a function of a
     timestamp, the ballot choices, the voting place, etc. but NOT the
     voters identity (which isn't known to the computer).
   * If the voter realizes that a mistake has been made after the
     ballot was submitted, the electronic ballot could be voided
     (provided all the paper receipts are presented) and a new
     single-use password would be generated.
   * When checking the voter receipt with the public list, the voter
     uses the ballot ID, which is not tracable to the voter's identity
     in any way.

Incidently, Neil McBurnett has a strong objection to putting the voting choices on the voter receipt--because he believes it would lead to vote buying. This is not an essential aspect of the voter receipt or the ballot ID. But I've been thinking that this could be rectified by allowing the system to print out a bogus receipt. Say, you want to prove that you voted for Bush. You could print out a voter receipt for some anonymous person that really did vote for Bush. The receipt would show the vote that the buyer wanted to see, but doesn't register a new vote for the system and can't be used later to defraud the system.

Nick

Lou Puls wrote:

Nicholas Bernstein wrote:
 The Ballot ID could be created as an MD-5 encryption of several
    data: polling place, choices, time-stamp (to the millisecond) and a
    random number. They would ensure uniqueness. Since the MD-5
    encryption is very hard to break (even if you know the algorithm)
    knowing just the ballot ID doesn't tell you anything about the data.
Overall your dual method seems to me to be a workable basis for open source development. I assume by "uniqueness" you include that a unique human voter is verified both with local registration records and with the voter signature private key, i.e the voter can prove to himself that the county verified the right voter and ballot. I think it is more likely that NIST would recommend a flavor of SHA rather than MD5.

Lou

References:
- Dual DRE/paper system
  - From: Nicholas Bernstein
- Re: Dual DRE/paper system
  - From: Neal McBurnett
- Re: Dual DRE/paper system
  - From: Nicholas Bernstein
- Re: Dual DRE/paper system
  - From: Neal McBurnett
- Re: Dual DRE/paper system
  - From: Nicholas Bernstein
- Re: Dual DRE/paper system
  - From: Neal McBurnett
- Dual method
  - From: Nicholas Bernstein
- Re: Dual method
  - From: Lou Puls

Prev by Date: Re: Dual method
Next by Date: Sweatshirt
Previous by thread: Re: Dual method
Next by thread: Sweatshirt
Index(es):
- Date
- Thread