<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">
<blockquote type="cite">
<pre wrap="">Nobody can make a list of all the "attack vectors" against any
particular computerized voting system. </pre>
</blockquote>
<br>
Agreed - and neither can you for paper based voting systems.<br>
<br>
Or have you conceived hidden markers (you can print them without
anyone noticing) ?<br>
<br>
You overemphasize the risks in the digital world and completely
ignoring that almost every attack in the digital world can be done
in the real world too. You have a deep insight into digital
systems, maybe you lost the connection that criminals are working
the real world.<br>
<br>
</div>
<blockquote cite="mid:E1TiwgG-0006L0-R9@fencepost.gnu.org"
type="cite">
<pre wrap="">With paper ballots, a big fraud requires a big and broad effort, and
there is a chance for it to be spotted. With computers, even a big
fraud can be done quietly and nobody can tell afterwards. If a
candidate got 1041 votes in a town, the same crack could change it to
1042, or 1051, or 1141, or 2041.
</pre>
</blockquote>
OK, how would you do that in an end-to-end auditable system?<br>
<br>
Only one voter which checks his non-vote would be required. On the
other hand if you have 1000 more papers, nobody ever can check that,
because there are no identifing marks on it. Such things happen -
even in the democratic parts of the world. We had several known
tries of manipulations over the past decades. I am sure we had
several which were not discovered.<br>
<br>
I am a bit disappointed, the discussion is ridiculous, I am pointing
to the cryptographic system over and over, and you are still far
behind in the "vote++" discussion. Stop arguing about vote++, we all
totally agree on that. It's a useless discussion because nobody is
arguing against it. just stop it.<br>
<br>
It seems like we need some education about what is mathematically
feasible nowadays.<br>
<br>
1. Homomorphic Encryption:<br>
<br>
Can you count votes without actually decrypting them individually?<br>
<br>
THIS feature is soo cool that you should try to understand it,
because it actually blows your mind. In paper based voting you
always have the problem that Person A should only be able to vote
once, but it should be secret what he voted. So before opening the
ballot, the identity needs to be removed. In Switzerland this is
practically done with two envelopes, with the inner one having a
whole, to check if the ballot is actually in there. however after
that point, the identity is lost.¨<br>
<br>
In the real world it is impossible to solve the problem, because you
need to open the envelope.<br>
<br>
In the cryptographic world, this problem is solved! I can't
overstate how exiting this is, because on first sight, it looks
impossible. How do you count votes, without opening the envelope? <br>
<br>
Cryptographically it is possible. you have votes A and B, you
encrypt them to enc(A) and enc(B) without decrypting them you can
count them together. enc(A+B). When you decrypt that, all prior
information about the individual votes is lost. [1] Wikipedia [2]
recommended by Schneier<br>
<br>
2. Attack vectors:<br>
<br>
There are actually lists of attack vectors, pretty elaborate ones
actually, and they go far beyond what is discussed here. The list is
ALSO valid for paper based voting systems. It's the same as in
elections, there is no perfect election system (which satisfies all
feasible features) and there is no perfect voting system. (Pi-Vote
for example is not receipt free). But you can pick features you want
to satisfy.<br>
<br>
in this paper [3] is a pretty elaborate list if you want to go into
more details.<br>
<br>
3. End-to-End auditable system<br>
<br>
An End-to-End auditable system requires to meet the following two
criterias<br>
<ul>
<li>Voter auditing, by which any voter may check that his or her
ballot is correctly included in the electronic ballot box, and</li>
<li>Universal verifiability, by which anyone may determine that
all of the ballots in the box have been correctly counted.</li>
</ul>
Pi-vote does fulfil these.<br>
<br>
Receipt freeness is another useful criteria, especially on
state-wide voting. You can read all this in [4] if you need more
details.<br>
<br>
Of course there are a multitude of systems which have been explored,
but not many have been implemented, because obviously they are a lot
more complex than the simple systems. That's why we have to make
sure that the governements need to met minimal standards.<br>
<br>
We could now also go into mix-nets and other methods, but I am not
well prepared for that, so I leave it to this, however you should
know that there is more than one method to achieve the criteria
above.<br>
<br>
tl;dr;<br>
<br>
*There needs to be a minimal standard for e-voting: The 2 criteria
above and above all else, all voting systems must be open source!*<br>
<br>
Regards,<br>
Thomas Bruderer<br>
<br>
<i>[1] <a class="moz-txt-link-freetext" href="http://en.wikipedia.org/wiki/Homomorphic_encryption">http://en.wikipedia.org/wiki/Homomorphic_encryption</a></i><i><br>
</i><i>
[2]
<a class="moz-txt-link-freetext" href="http://www.americanscientist.org/issues/pub/2012/5/alice-and-bob-in-cipherspace">http://www.americanscientist.org/issues/pub/2012/5/alice-and-bob-in-cipherspace</a></i><i><br>
</i><i>
[3] <a class="moz-txt-link-freetext" href="http://">http://</a></i><cite><a class="moz-txt-link-abbreviated" href="http://www.ceng.metu.edu.tr/~corhan/Papers/sreis08.pdf">www.ceng.metu.edu.tr/~corhan/Papers/sreis08.pdf</a><br>
[4]
<a class="moz-txt-link-freetext" href="http://en.wikipedia.org/wiki/End-to-end_auditable_voting_systems">http://en.wikipedia.org/wiki/End-to-end_auditable_voting_systems</a><br>
</cite>
</body>
</html>