[EM] Riera and Borrell presentation (FWD)

[DEMOREP1 at aol.com]

Subj:   Riera and Borrell presentation
Date:  Tue, Mar 16, 1999 10:39 AM EDT
From:  lorrie at research.att.com
X-From: lorrie at research.att.com (Lorrie Faith Cranor)
Sender: owner-e-lection at research.att.com
To: e-lection at research.att.com

The March 15 issue of Cipher, the Newsletter of the IEEE Computer 
Society's TC on Security and Privacy, contained a report by
Tatyana Ryutov on the Internet Society Symposium on Network and 
Distributed System Security (NDSS '99) February 03 - February 05, 1999.

The report included a summary of a presentation about a cryptographic
electronic voting scheme. The full report can be found at:

http://www.itd.nrl.navy.mil/ITD/5540/ieee/cipher/articles/conf-rep-ndss99.html

I have excerpted the relevant information here:

"Next was an interesting paper "Practical Approach to Anonymity in
Large Scale Electronic Voting Schemes" by Andreu Riera and Joan
Borrell (Universitat Autonoma de Barcelona, Spain). Andreu Riera
presented.  Their work considered how to implement a realistic large
scale voting system.  Their scheme is based on cooperation of multiple
hierarchically arranged electoral authorities. The advantages of this
scheme are: single non-anonymous voting session (a widely accepted
solution is based on two sessions anonymous and non-anonymous) and no
requirements for external mixes.  The anonymity is provided by
shuffling ballot boxes a number of times.  There are restrictions to
this approach. The proposed scheme can model all commonly accepted
security requirements, except uncoercibility (inability of voters to
prove in which way they voted), which require hardware components to
be added into the scheme.

"A participant asked if the scheme was implemented. Andreu replied that
they are working on the protocol.  Someone asked: authentication of
the voter is required, how privacy is maintained?  Andreu explained
that authentication of the voter private key is required, to assure
privacy the blind signature mechanism is used.  One questioner pointed
out that in commercial voting systems all software is proprietary,
they do not allow looking at the code, therefore there are many ways
to subvert election, e.g. by means of covert channels.

"Another question was: Is this complexity practical for real system?
Andreu: complexity is inevitable.
A member of the audience asked if it is possible to detect who voted
twice.
Andreu: yes.
Another question was about association between a voter and his vote.
Andrew pointed out that it was not possible to detect association
between a voter and his vote."

This message was distributed through the e-lection mailing list.
For info and archives see http://www.research.att.com/~lorrie/voting/