[EM] untraceable receipts
Rob Speer
rspeer at MIT.EDU
Wed Nov 12 17:21:02 PST 2003
On Wed, Nov 12, 2003 at 04:38:07PM -0800, Ernest Prabhakar wrote:
> >What was the goal of that receipts???
> >1) To remember who you voted for?
> >or
> >2) To verify your vote was counted?
> >
> >1) is silly.
> >If 2) is possible for you, it is possible for the mafia too. ;-)
>
> I don't get #2 at all. I've actually been confused by this. If by
> receipt we mean a full plaintext list of all the votes you made, then I
> can see how it would be a security risk. However, it would think it
> would be fairly trivial to create an ecrypted receipt that could
> -verify- a vote without actually revealing the vote (at least without
> massive conspiracy).
>
> For example, each vote could be used to create a 'private key - public
> key' pair, as in public key infrastructures (PKI). The private key
> would be used to hash a cumulative vote tally, and the public key would
> be given to the voter (along with: you are the 1523rd voter). It
> should be mathematically possible to audit the vote tallies, and for
> the voter to confirm that his private key was used at a given step,
> without revealing any information about the private key. The first
> voter would hash a random seed, so that even his/her vote would not be
> decipherable.
So you get to confirm that you voted, but not that your vote went to the
person you wanted to vote for?
I don't think that's what people are looking for in verifiability.
Then again, it's probably the best kind of verifiablity you can get
without enabling coercion. But that's a really complicated system for
such a small gain.
--
Rob Speer
More information about the Election-Methods
mailing list