[EM] Civitas: Toward a Secure Voting System

Kathy Dopp kathy.dopp at gmail.com
Mon Aug 18 15:10:02 PDT 2008


On Sat, Aug 16, 2008 at 12:39 AM, Kathy Dopp <kathy.dopp at gmail.com> wrote:
> RE: Civitas: Toward a Secure Voting System
> http://www.cs.cornell.edu/andru/papers/civitas.html
>
> as mentioned by Andrew Myers of Cornell
>

FYI,  One more informative response to the Civitas Voting System from
a voting system expert who has a knack for noticing the security
flaw(s) in any new voting system proposal:

from    Charlie Strauss <cems at earthlink.net>

The paper is fairly hard to follow which should tell you something!
But one flaw seems to leap to mind. Perhaps Doug can comment.

it seems to me that in a nutshell the voter has a set of credentials
all but one of which are fake. When asked to vote by a coercer, then
the voter knowing surrenders a fake credential to fool the coercer.
there is no way to tell the fake from the real but the fakes are not
counted.

Okay then how does the voter know that any of his credentials are
real?  maybe an evil-doer simply hands out the fakes only, and retains
the real credentials for themselves?

What if I forget which is which?  presumbaly it must be like a
password hash where I simply have to retract the valid one and issue a
new one. Ergo there is some unforgable process of issuance which could
be the point of attack for a coercer or a cooperative vote seller.

Since the final computer tally must be able to distinguish right from
wrong keys, I assume this is yet another key-retention system.  If
that list of keys ever became compromised then coercers would be able
to retroactively punish people.  And as we know those kind of data
bases get lost all the time.  Even Visa loses pin number when their
laptops get stolen at air ports.

I have a dim view of centralized key retention systems.  I'm a big fan
of permanent untraceable information destruction as happens when paper
ballots get shuffled.  The only system I have seen so far that allowed
true key destruction was Rivests 3-ballot, and as I showed a while
back even that did not actually destroy the information in all cases.
(he has since toughened it some)



More information about the Election-Methods mailing list