public inbox for gentoo-project@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-project] Re: [gentoo-project] Gentoo Council Elections Results for term 2014-2015
@ 2014-07-17 16:48 email
  0 siblings, 0 replies; 5+ messages in thread
From: email @ 2014-07-17 16:48 UTC (permalink / raw
  To: gentoo-project, gentoo-project

[-- Attachment #1: Type: text/plain, Size: 1327 bytes --]

Elections should not be transparent, voters should be anonymous so that people are more likely to actually vote.
 
Thank you, 
Fernando Reyes 
GPG BDD75DD7 
Mission Accomplish, Inc. 
http://missionaccomplish.com 
Email: design@missionaccomplish.com
Tel: 7187100008 
Cell: 3479275477

----- Reply message -----
From: "Alexander Berntsen" <bernalex@gentoo.org>
To: <gentoo-project@lists.gentoo.org>
Subject: [gentoo-project] Gentoo Council Elections Results for term 2014-2015
Date: Thu, Jul 17, 2014 11:59 am


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 17/07/14 16:26, Rich Freeman wrote:
> Sure, as much process as technical, but if the elections team is 
> looking for something to keep them busy until next year, this might
> be worth some attention.  It is also the sort of thing that anybody
> could contribute to.
There's another technological and sociological solution to be
considered: defining the problem out of existence. I.e. make elections
transparent.
- -- 
Alexander
bernalex@gentoo.org
https://secure.plaimi.net/~alexander
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iF4EAREIAAYFAlPH8uoACgkQRtClrXBQc7XWLwEAjlvEHEapSqziv8esqRSfeUYH
l/WTqlTI39vfBrJ4Qs4BAI3fud3tzeKoHfZ0Z4pvK8oDQaDv035SjRNNH7atlegP
=vQQa
-----END PGP SIGNATURE-----


[-- Attachment #2: Type: text/html, Size: 1539 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [gentoo-project] Re: [gentoo-project] Gentoo Council Elections Results for term 2014-2015
       [not found] <20140717164842.84127E091D@pigeon.gentoo.org>
@ 2014-07-17 16:53 ` Alex Xu
  0 siblings, 0 replies; 5+ messages in thread
From: Alex Xu @ 2014-07-17 16:53 UTC (permalink / raw
  To: gentoo-project

[-- Attachment #1: Type: text/plain, Size: 407 bytes --]

On 17/07/14 12:48 PM, email@missionaccomplish.com wrote:
> Elections should not be transparent, voters should be anonymous so that people are more likely to actually vote.

1. please don't top-post
2. please use the standard -- before signature.
3. not that everyone actually voted anyways. only ~34% turnout, which is
more than 22% worse than the 2012 US presidential election turnout of
~57.5%.


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [gentoo-project] Re: [gentoo-project] Gentoo Council Elections Results for term 2014-2015
       [not found] <20140717164843.07C80E0938@pigeon.gentoo.org>
@ 2014-07-17 17:13 ` Rich Freeman
  2014-07-17 17:49   ` Manuel Rüger
  0 siblings, 1 reply; 5+ messages in thread
From: Rich Freeman @ 2014-07-17 17:13 UTC (permalink / raw
  To: gentoo-project

On Thu, Jul 17, 2014 at 12:48 PM, email@missionaccomplish.com
<email@missionaccomplish.com> wrote:
> Elections should not be transparent, voters should be anonymous so that
> people are more likely to actually vote.

Tend to agree.

I was actually thinking of ways to improve upon things.

One thought I had was an e-cash like system.  Voters would be given
credit to make a single vote in the form of an e-cash-like token, with
a serial number.  The user generates the serial number, and the voting
system would not know who has what serial number, but it would know
that legitimate users can only generate one each.

Then voters would give the token to the voting system and record their
vote.  The master ballot would include the serial numbers, so voters
could check that their ballots are present, and assure themselves that
the total count looks OK.

The software itself could be something standard - there are lots of
solutions already out there.  The only thing that would be tweaking is
that we need software to sign tokens, and software to check/redeem
them.

In case anybody isn't familiar with e-cash, the principle is this:
1.  You generate 1000 tokens with unique serial numbers and encrypt
them all with 1000 private keys and give all the encrypted tokens to
the "bank."
2.  The bank picks 999 of the tokens and asks you to send their
corresponding private keys.  The bank checks that all 999 are valid,
and you get in trouble if any aren't.
3.  If all are valid, then the bank signs the 1000th token blindly and
sends it back to you.
4.  You then decrypt the signed token - the algorithm preserves the
signature integrity and ensures that the bank can't ID the decrypted
token using its knowledge of the encrypted token.
5.  You can then spend the token, which has an intact signature from
the bank validating it.

I'd have to dig up the details of how it works, but the idea is that
the bank can sign a token without actually seeing its content, while
being assured that the content is valid.

Overkill perhaps, but an algorithm like this would allow people to
anonymously vote in a secure manner.  The medium that data is
exchanged in could be whatever we want it to be.  Generating the token
is somewhat interactive, but submitting the ballots is one-way so it
could be email, file drop, web, whatever.  The token could include a
public key for validating a ballot as well.

Just some random thoughts.

Rich


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [gentoo-project] Re: [gentoo-project] Gentoo Council Elections Results for term 2014-2015
  2014-07-17 17:13 ` Rich Freeman
@ 2014-07-17 17:49   ` Manuel Rüger
  2014-07-17 19:22     ` Ulrich Mueller
  0 siblings, 1 reply; 5+ messages in thread
From: Manuel Rüger @ 2014-07-17 17:49 UTC (permalink / raw
  To: gentoo-project

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 07/17/2014 07:13 PM, Rich Freeman wrote:
> On Thu, Jul 17, 2014 at 12:48 PM, email@missionaccomplish.com 
> <email@missionaccomplish.com> wrote:
>> Elections should not be transparent, voters should be anonymous
>> so that people are more likely to actually vote.
> 
> Tend to agree.
> 
> I was actually thinking of ways to improve upon things.
> 
> One thought I had was an e-cash like system.  Voters would be
> given credit to make a single vote in the form of an e-cash-like
> token, with a serial number.  The user generates the serial number,
> and the voting system would not know who has what serial number,
> but it would know that legitimate users can only generate one
> each.
> 
> Then voters would give the token to the voting system and record
> their vote.  The master ballot would include the serial numbers, so
> voters could check that their ballots are present, and assure
> themselves that the total count looks OK.
> 
> The software itself could be something standard - there are lots
> of solutions already out there.  The only thing that would be
> tweaking is that we need software to sign tokens, and software to
> check/redeem them.
> 
> In case anybody isn't familiar with e-cash, the principle is this: 
> 1.  You generate 1000 tokens with unique serial numbers and
> encrypt them all with 1000 private keys and give all the encrypted
> tokens to the "bank." 2.  The bank picks 999 of the tokens and asks
> you to send their corresponding private keys.  The bank checks that
> all 999 are valid, and you get in trouble if any aren't. 3.  If all
> are valid, then the bank signs the 1000th token blindly and sends
> it back to you. 4.  You then decrypt the signed token - the
> algorithm preserves the signature integrity and ensures that the
> bank can't ID the decrypted token using its knowledge of the
> encrypted token. 5.  You can then spend the token, which has an
> intact signature from the bank validating it.
> 
> I'd have to dig up the details of how it works, but the idea is
> that the bank can sign a token without actually seeing its content,
> while being assured that the content is valid.
> 
> Overkill perhaps, but an algorithm like this would allow people to 
> anonymously vote in a secure manner.  The medium that data is 
> exchanged in could be whatever we want it to be.  Generating the
> token is somewhat interactive, but submitting the ballots is
> one-way so it could be email, file drop, web, whatever.  The token
> could include a public key for validating a ballot as well.
> 
> Just some random thoughts.
> 
> Rich
> 

There are already existing anonymous end-to-end verifiable voting
systems, e.g. Prêt à Voter (
http://www.pretavoter.com/publications/PretaVoter2010.pdf ). So
there's no need to invent the wheel again.

In short it could work like this:

Candidates list:

A
B
C
D
====
"OnionA"

Each election official (one after another) permutes the candidate
list, and crypts it into the onion (which stores the original
candidate order).

The voter gets a ballot form looking like this:

B
A
D
C
====
"h(g(f(Onion)))"

She then makes her choices and splits the candidates from the form.

3
2
4
1
====
"h(g(f(Onion)))"

Encrypts it with the public key of the election official that permuted
it at last and casts her vote.
The official receiving the vote, looks at the onion undoes her
permutation on the choices, publishes it and sends it to the next
official (who does the same) until the initial ballot-creating
official gets the candidate list and publishes it.

As long as the election officials don't cooperate and share their
knowledge, your vote is kept secret.


Cheers

Manuel
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQJ8BAEBCgBmBQJTyAykXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4MDA1RERERkM0ODM2QkE4MEY3NzY0N0M1
OEZCQTM2QzhEOUQ2MzVDAAoJEFj7o2yNnWNcPVQP/1LND2QGiJHa5FwvWwLRcLMm
NCxLh4aG37xu7eRcyPFQD6+EaLOl9FRpc7hY62Z421u0MMRBiGqiBOoQw8zbYSMd
YXcJN6GcShBh8VXD4ru+38kaJ7EszdoBHfAMdApbO+gh0PN4VDOgQRArWTMikNjp
9l3B36aTvW3wEwlOENSDIDZR0LLMvr8No9wMIfLYGRNHX0g2guQpcBiVYnLoVps3
rJGQxPuMWccl35fk40eoJl2tLU8w4LXhH6JwOOEmqypQYYG8BHzTOdK0yw1YcSR2
+Pd6QlR0WvoLAMbKtYmNIDXkr323L7XBl/u4hH5l/IM87I6k5qiAsUHuJe1/TC2o
YGxyWXFrxEYzYMaaN9M0r96RQTv1BumZAFHlpA+K/NENe+PVzkEDLMmIw6yDRNdA
wbdYF8lcuH0aKW2AMhqlQnX8veoAr0W/+QCIehNqELyhSWLGIm97gLd8/fBWEgc8
ozvaMkfb/9F/UxRBQlqH9BYvq+/FBXRUwakU6KVA7Ri2/vhn75RNQMZjVbYix49M
GsEuS1tfhVABnlxciTchwXfUxlBifatUkaHVkYalkpxNUtl5pCs1zpWI7SKi1m5W
44bd1aEeFxkKu0DP7y3F9uG8hU4OUqyT2H/1QocJAp4FZ0zyjqUDeVPWOwrCBRPZ
R6NVyxCmy/sLBpK1lamW
=0nf9
-----END PGP SIGNATURE-----


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [gentoo-project] Re: [gentoo-project] Gentoo Council Elections Results for term 2014-2015
  2014-07-17 17:49   ` Manuel Rüger
@ 2014-07-17 19:22     ` Ulrich Mueller
  0 siblings, 0 replies; 5+ messages in thread
From: Ulrich Mueller @ 2014-07-17 19:22 UTC (permalink / raw
  To: gentoo-project

[-- Attachment #1: Type: text/plain, Size: 485 bytes --]

>>>>> On Thu, 17 Jul 2014, Manuel Rüger wrote:

> There are already existing anonymous end-to-end verifiable voting
> systems, e.g. Prêt à Voter (
> http://www.pretavoter.com/publications/PretaVoter2010.pdf ).
> So there's no need to invent the wheel again.

We have used Helios Voting [1] for the latest election of the QA team
lead, which is a system very similar to the above.

It doesn't support Condorcet voting, though.

Ulrich

[1] https://vote.heliosvoting.org/

[-- Attachment #2: Type: application/pgp-signature, Size: 490 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2014-07-17 19:22 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <20140717164842.84127E091D@pigeon.gentoo.org>
2014-07-17 16:53 ` [gentoo-project] Re: [gentoo-project] Gentoo Council Elections Results for term 2014-2015 Alex Xu
     [not found] <20140717164843.07C80E0938@pigeon.gentoo.org>
2014-07-17 17:13 ` Rich Freeman
2014-07-17 17:49   ` Manuel Rüger
2014-07-17 19:22     ` Ulrich Mueller
2014-07-17 16:48 email

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox