[EM] Idea for a free web service for (relatively) secure online voting

Kristofer Munsterhjelm km-elmet at broadpark.no
Tue Oct 21 08:39:25 PDT 2008 

Paul Kislanko wrote:
> There are several ways to make ballots-counted public record without
> compromising the anonymity of ballots-cast. The trick is to assign a unique
> key to each POTENTIAL ballot-cast, and expose said key only to the voter who
> casts an actual  ballot. 
> 
> The collecting authority publishes the list of keys that are associated with
> ballots cast, and the counting authorities for the different items on the
> ballot (different for local, state, federal, etc. items on the ballot)
> publish the ballot keys COUNTED for each item for which they are
> responsible.
> 
> The voter, who's the only person who knows the key associated with her
> ballot, can verify that her ballot was collected and counted by comparing
> her ballot-ID with those listed. Her identity is never known to anyone, but
> if she finds her ballot-ID in the "collected" list but not in any "counted
> the way I voted" list she can present the conflict to an alternate counting
> authority who can challenge the count and go back to the collecting
> authority to retrieve all ballots and re-count them.

I think we'd have to figure out what the system is supposed to protect 
against. There has been some confusion: Mike said that his system would 
let the voters know that their ballots have been counted, upon which I 
said that this may not be enough, if it would also enable vote-buying 
and coercion attacks.

Does your method only solve Mike's desiderata, or mine as well? As far 
as I can see, your method would be vulnerable to vote-buying/coercion 
because the buyer would demand the seller's ID. The seller might give 
the wrong ID, but then he doesn't get paid (after the election, of 
course). This is more a vulnerability towards coercion, since a 
vote-buyer might want to be paid immediately, but in the case of 
coercion, the mafia could beat up the voter later (or the boss could 
fire the voter, or whatever).

Considering it in greater detail, there are three classes of vote-buying 
or coercion attacks:

Passive immediate - The voter does something, and produces proof that 
that's been done.
Passive delayed - The voter does something, and produces part of a token 
that confirms, after the election, that he voted for the right candidate(s).
Active - The adversary watches the voter the entire time, or the 
adversary can demand pictures from the polling booth. The former regards 
vote-at-home, the latter voting with cameras/etc.

One possible way of making your system safe against passive delayed 
attacks would be to augment the hash. That is, you vote A > B > C, your 
ID is 13, and the hash is 24. When you leave, they give you a random 
number (say 100) and the sum of the two (124). If the vote-buyers wanted 
  C > B > A with hash 23, you just tell them your random number was 101. 
This is a bit impractical, though, since you'd have to remember both 
your random number and hash, and those would be significantly larger, 
and you would also have to be able to compute, from the voting booth, 
the hash of any ordering, so you could find the difference to trick the 
vote-buyers.

More information about the Election-Methods mailing list