[pp.int.general] Online voting versus online discussion

Thomas Bruderer thomas.bruderer at piratenpartei.ch
Thu Dec 13 11:06:25 CET 2012 

> Nobody can make a list of all the "attack vectors" against any
> particular computerized voting system.

Agreed - and neither can you for paper based voting systems.

Or have you conceived hidden markers (you can print them without anyone 
noticing) ?

You overemphasize the risks in the digital world and completely ignoring 
that almost every attack in the digital world can be done in the real 
world too. You have a deep insight into digital systems, maybe you lost 
the connection that criminals are working the real world.

> With paper ballots, a big fraud requires a big and broad effort, and
> there is a chance for it to be spotted.  With computers, even a big
> fraud can be done quietly and nobody can tell afterwards.  If a
> candidate got 1041 votes in a town, the same crack could change it to
> 1042, or 1051, or 1141, or 2041.
OK, how would you do that in an end-to-end auditable system?

Only one voter which checks his non-vote would be required. On the other 
hand if you have 1000 more papers, nobody ever can check that, because 
there are no identifing marks on it. Such things happen - even in the 
democratic parts of the world. We had several known tries of 
manipulations over the past decades. I am sure we had several which were 
not discovered.

I am a bit disappointed, the discussion is ridiculous, I am pointing to 
the cryptographic system over and over, and you are still far behind in 
the "vote++" discussion. Stop arguing about vote++, we all totally agree 
on that. It's a useless discussion because nobody is arguing against it. 
just stop it.

It seems like we need some education about what is mathematically 
feasible nowadays.

1. Homomorphic Encryption:

Can you count votes without actually decrypting them individually?

THIS feature is soo cool that you should try to understand it, because 
it actually blows your mind. In paper based voting you always have the 
problem that Person A should only be able to vote once, but it should be 
secret what he voted. So before opening the ballot, the identity needs 
to be removed. In Switzerland this is practically done with two 
envelopes, with the inner one having a whole, to check if the ballot is 
actually in there. however after that point, the identity is lost.¨

In the real world it is impossible to solve the problem, because you 
need to open the envelope.

In the cryptographic world, this problem is solved! I can't overstate 
how exiting this is, because on first sight, it looks impossible. How do 
you count votes, without opening the envelope?

Cryptographically it is possible. you have votes A and B, you encrypt 
them to enc(A) and enc(B) without decrypting them you can count them 
together. enc(A+B). When you decrypt that, all prior information about 
the individual votes is lost. [1] Wikipedia [2] recommended by Schneier

2. Attack vectors:

There are actually lists of attack vectors, pretty elaborate ones 
actually, and they go far beyond what is discussed here. The list is 
ALSO valid for paper based voting systems. It's the same as in 
elections, there is no perfect election system (which satisfies all 
feasible features) and there is no perfect voting system. (Pi-Vote for 
example is not receipt free). But you can pick features you want to satisfy.

in this paper [3] is a pretty elaborate list if you want to go into more 
details.

3. End-to-End auditable system

An End-to-End auditable system requires to meet the following two criterias

  * Voter auditing, by which any voter may check that his or her ballot
    is correctly included in the electronic ballot box, and
  * Universal verifiability, by which anyone may determine that all of
    the ballots in the box have been correctly counted.

Pi-vote does fulfil these.

Receipt freeness is another useful criteria, especially on state-wide 
voting. You can read all this in [4] if you need more details.

Of course there are a multitude of systems which have been explored, but 
not many have been implemented, because obviously they are a lot more 
complex than the simple systems. That's why we have to make sure that 
the governements need to met minimal standards.

We could now also go into mix-nets and other methods, but I am not well 
prepared for that, so I leave it to this, however you should know that 
there is more than one method to achieve the criteria above.

tl;dr;

*There needs to be a minimal standard for e-voting: The 2 criteria above 
and above all else, all voting systems must be open source!*

Regards,
Thomas Bruderer

/[1] http://en.wikipedia.org/wiki/Homomorphic_encryption//
//[2] 
http://www.americanscientist.org/issues/pub/2012/5/alice-and-bob-in-cipherspace//
//[3] http:///www.ceng.metu.edu.tr/~corhan/Papers/sreis08.pdf
[4] http://en.wikipedia.org/wiki/End-to-end_auditable_voting_systems
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pirateweb.net/pipermail/pp.international.general/attachments/20121213/2523f2a6/attachment-0001.html>

More information about the pp.international.general mailing list