From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id C50D913877A for ; Thu, 17 Jul 2014 17:49:59 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 4AD9DE0A68; Thu, 17 Jul 2014 17:49:59 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 9D1E5E07A0 for ; Thu, 17 Jul 2014 17:49:58 +0000 (UTC) Received: from [192.168.1.7] (f049253127.adsl.alicedsl.de [78.49.253.127]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: mrueg) by smtp.gentoo.org (Postfix) with ESMTPSA id F0DB03401A8 for ; Thu, 17 Jul 2014 17:49:54 +0000 (UTC) Message-ID: <53C80CA4.8060303@gentoo.org> Date: Thu, 17 Jul 2014 19:49:24 +0200 From: =?UTF-8?B?TWFudWVsIFLDvGdlcg==?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Project discussion list X-BeenThere: gentoo-project@lists.gentoo.org Reply-To: gentoo-project@lists.gentoo.org MIME-Version: 1.0 To: gentoo-project@lists.gentoo.org Subject: Re: [gentoo-project] Re: [gentoo-project] Gentoo Council Elections Results for term 2014-2015 References: <20140717164843.07C80E0938@pigeon.gentoo.org> In-Reply-To: X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Archives-Salt: 90c8c70b-d0cb-4ed9-8f66-052872a11a8a X-Archives-Hash: f238d57ab1a31a89f91bf1c56d8655f1 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 07/17/2014 07:13 PM, Rich Freeman wrote: > On Thu, Jul 17, 2014 at 12:48 PM, email@missionaccomplish.com > wrote: >> Elections should not be transparent, voters should be anonymous >> so that people are more likely to actually vote. > > Tend to agree. > > I was actually thinking of ways to improve upon things. > > One thought I had was an e-cash like system. Voters would be > given credit to make a single vote in the form of an e-cash-like > token, with a serial number. The user generates the serial number, > and the voting system would not know who has what serial number, > but it would know that legitimate users can only generate one > each. > > Then voters would give the token to the voting system and record > their vote. The master ballot would include the serial numbers, so > voters could check that their ballots are present, and assure > themselves that the total count looks OK. > > The software itself could be something standard - there are lots > of solutions already out there. The only thing that would be > tweaking is that we need software to sign tokens, and software to > check/redeem them. > > In case anybody isn't familiar with e-cash, the principle is this: > 1. You generate 1000 tokens with unique serial numbers and > encrypt them all with 1000 private keys and give all the encrypted > tokens to the "bank." 2. The bank picks 999 of the tokens and asks > you to send their corresponding private keys. The bank checks that > all 999 are valid, and you get in trouble if any aren't. 3. If all > are valid, then the bank signs the 1000th token blindly and sends > it back to you. 4. You then decrypt the signed token - the > algorithm preserves the signature integrity and ensures that the > bank can't ID the decrypted token using its knowledge of the > encrypted token. 5. You can then spend the token, which has an > intact signature from the bank validating it. > > I'd have to dig up the details of how it works, but the idea is > that the bank can sign a token without actually seeing its content, > while being assured that the content is valid. > > Overkill perhaps, but an algorithm like this would allow people to > anonymously vote in a secure manner. The medium that data is > exchanged in could be whatever we want it to be. Generating the > token is somewhat interactive, but submitting the ballots is > one-way so it could be email, file drop, web, whatever. The token > could include a public key for validating a ballot as well. > > Just some random thoughts. > > Rich > There are already existing anonymous end-to-end verifiable voting systems, e.g. Prêt à Voter ( http://www.pretavoter.com/publications/PretaVoter2010.pdf ). So there's no need to invent the wheel again. In short it could work like this: Candidates list: A B C D ==== "OnionA" Each election official (one after another) permutes the candidate list, and crypts it into the onion (which stores the original candidate order). The voter gets a ballot form looking like this: B A D C ==== "h(g(f(Onion)))" She then makes her choices and splits the candidates from the form. 3 2 4 1 ==== "h(g(f(Onion)))" Encrypts it with the public key of the election official that permuted it at last and casts her vote. The official receiving the vote, looks at the onion undoes her permutation on the choices, publishes it and sends it to the next official (who does the same) until the initial ballot-creating official gets the candidate list and publishes it. As long as the election officials don't cooperate and share their knowledge, your vote is kept secret. Cheers Manuel -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJ8BAEBCgBmBQJTyAykXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4MDA1RERERkM0ODM2QkE4MEY3NzY0N0M1 OEZCQTM2QzhEOUQ2MzVDAAoJEFj7o2yNnWNcPVQP/1LND2QGiJHa5FwvWwLRcLMm NCxLh4aG37xu7eRcyPFQD6+EaLOl9FRpc7hY62Z421u0MMRBiGqiBOoQw8zbYSMd YXcJN6GcShBh8VXD4ru+38kaJ7EszdoBHfAMdApbO+gh0PN4VDOgQRArWTMikNjp 9l3B36aTvW3wEwlOENSDIDZR0LLMvr8No9wMIfLYGRNHX0g2guQpcBiVYnLoVps3 rJGQxPuMWccl35fk40eoJl2tLU8w4LXhH6JwOOEmqypQYYG8BHzTOdK0yw1YcSR2 +Pd6QlR0WvoLAMbKtYmNIDXkr323L7XBl/u4hH5l/IM87I6k5qiAsUHuJe1/TC2o YGxyWXFrxEYzYMaaN9M0r96RQTv1BumZAFHlpA+K/NENe+PVzkEDLMmIw6yDRNdA wbdYF8lcuH0aKW2AMhqlQnX8veoAr0W/+QCIehNqELyhSWLGIm97gLd8/fBWEgc8 ozvaMkfb/9F/UxRBQlqH9BYvq+/FBXRUwakU6KVA7Ri2/vhn75RNQMZjVbYix49M GsEuS1tfhVABnlxciTchwXfUxlBifatUkaHVkYalkpxNUtl5pCs1zpWI7SKi1m5W 44bd1aEeFxkKu0DP7y3F9uG8hU4OUqyT2H/1QocJAp4FZ0zyjqUDeVPWOwrCBRPZ R6NVyxCmy/sLBpK1lamW =0nf9 -----END PGP SIGNATURE-----