[EM] untraceable receipts

[Ernest Prabhakar]

Hi Rob,

On Nov 12, 2003, at 5:08 PM, Rob Speer wrote:

> So you get to confirm that you voted, but not that your vote went to 
> the
> person you wanted to vote for?
>
> I don't think that's what people are looking for in verifiability.

Okay, I wasn't entirely clear.

> Then again, it's probably the best kind of verifiablity you can get
> without enabling coercion. But that's a really complicated system for
> such a small gain.

Well, the only other option I can think of is to have a 'trusted third 
party' "C".  Each voters 'seed' would be encrypted by C public key, and 
can only be decrypted by C.  If C was a completely distinct system, 
then voter V could go to a secure location, where their identity would 
be verified by other means (e.g., photo ID), and then view the results 
of their vote in a secure environment.

This isn't totally anonymous, but it would allow spot-checking in an 
environment completely independent of that used by the voting system.

-- Ernie P.



On Nov 12, 2003, at 5:08 PM, Rob Speer wrote:

> On Wed, Nov 12, 2003 at 04:38:07PM -0800, Ernest Prabhakar wrote:
>>> What was the goal of that receipts???
>>> 1) To remember who you voted for?
>>> or
>>> 2) To verify your vote was counted?
>>>
>>> 1) is silly.
>>> If 2) is possible for you, it is possible for the mafia too. ;-)
>>
>> I don't get #2 at all.  I've actually been confused by this.  If by
>> receipt we mean a full plaintext list of all the votes you made, then 
>> I
>> can see how it would be a security risk.   However, it would think it
>> would be fairly trivial to create an ecrypted receipt that could
>> -verify- a vote without actually revealing the vote (at least without
>> massive conspiracy).
>>
>> For example, each vote could be used to create a 'private key - public
>> key' pair, as in public key infrastructures (PKI).    The private key
>> would be used to hash a cumulative vote tally, and the public key 
>> would
>> be given to the voter (along with: you are the 1523rd voter).    It
>> should be mathematically possible to audit the vote tallies, and for
>> the voter to confirm that his private key was used at a given step,
>> without revealing any information about the private key.  The first
>> voter would hash a random seed, so that even his/her vote would not be
>> decipherable.
>
> So you get to confirm that you voted, but not that your vote went to 
> the
> person you wanted to vote for?
>
> I don't think that's what people are looking for in verifiability.
>
> Then again, it's probably the best kind of verifiablity you can get
> without enabling coercion. But that's a really complicated system for
> such a small gain.
>
> -- 
> Rob Speer
>
> ----
> Election-methods mailing list - see http://electorama.com/em for list 
> info