From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id B5D6F13877A for ; Thu, 17 Jul 2014 17:13:46 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 64A29E0A96; Thu, 17 Jul 2014 17:13:44 +0000 (UTC) Received: from mail-vc0-f177.google.com (mail-vc0-f177.google.com [209.85.220.177]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id C5986E0A93 for ; Thu, 17 Jul 2014 17:13:43 +0000 (UTC) Received: by mail-vc0-f177.google.com with SMTP id hy4so5062281vcb.22 for ; Thu, 17 Jul 2014 10:13:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:content-type; bh=xEXZNncTrz8KIyS3uWzSkGWN2aC3l95PfmQsJwbRNsw=; b=xqnR0Ttgy6ZhwTMY4aS+bdOuQ6X3kmaZIZCnb86YZaLNiU2CiQVg8hVk0NMn4ONE2H 4wEmf3UN8fEsS64OlXvIVZLSXOvjExtwRF52StXQORR2HF8QJPkHWlh65wW4DDSCTAB6 ckj9laaRO4Wv1MznnkXkAKBhaB/utQ7g/IN7KwpsUyHvB84tQJzNWuhDWMYkCrX4pgl/ IdOdHDVaTXDA0RfYNjVdgOVU2shys1phryfTdwjvcepOQ8LpsfE0IWSYkroskqnrAEhQ m2mxG2WI8BzgemLBuioIzQbe/dYpCLxh1nXsnBy5on8yLefdyaDBxL60KoZ1SBT/C2gU 0vhQ== Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Project discussion list X-BeenThere: gentoo-project@lists.gentoo.org Reply-To: gentoo-project@lists.gentoo.org MIME-Version: 1.0 X-Received: by 10.220.49.10 with SMTP id t10mr20808227vcf.34.1405617222965; Thu, 17 Jul 2014 10:13:42 -0700 (PDT) Sender: freemanrich@gmail.com Received: by 10.52.72.19 with HTTP; Thu, 17 Jul 2014 10:13:42 -0700 (PDT) In-Reply-To: <20140717164843.07C80E0938@pigeon.gentoo.org> References: <20140717164843.07C80E0938@pigeon.gentoo.org> Date: Thu, 17 Jul 2014 13:13:42 -0400 X-Google-Sender-Auth: mdcdFKPJs0Cfqdtsm7HZcO9yz_g Message-ID: Subject: Re: [gentoo-project] Re: [gentoo-project] Gentoo Council Elections Results for term 2014-2015 From: Rich Freeman To: gentoo-project@lists.gentoo.org Content-Type: text/plain; charset=UTF-8 X-Archives-Salt: fab9fd12-f396-4a33-80aa-6b40b1e26cb3 X-Archives-Hash: 669615dbbc3b5dbcfd039f569266c374 On Thu, Jul 17, 2014 at 12:48 PM, email@missionaccomplish.com wrote: > Elections should not be transparent, voters should be anonymous so that > people are more likely to actually vote. Tend to agree. I was actually thinking of ways to improve upon things. One thought I had was an e-cash like system. Voters would be given credit to make a single vote in the form of an e-cash-like token, with a serial number. The user generates the serial number, and the voting system would not know who has what serial number, but it would know that legitimate users can only generate one each. Then voters would give the token to the voting system and record their vote. The master ballot would include the serial numbers, so voters could check that their ballots are present, and assure themselves that the total count looks OK. The software itself could be something standard - there are lots of solutions already out there. The only thing that would be tweaking is that we need software to sign tokens, and software to check/redeem them. In case anybody isn't familiar with e-cash, the principle is this: 1. You generate 1000 tokens with unique serial numbers and encrypt them all with 1000 private keys and give all the encrypted tokens to the "bank." 2. The bank picks 999 of the tokens and asks you to send their corresponding private keys. The bank checks that all 999 are valid, and you get in trouble if any aren't. 3. If all are valid, then the bank signs the 1000th token blindly and sends it back to you. 4. You then decrypt the signed token - the algorithm preserves the signature integrity and ensures that the bank can't ID the decrypted token using its knowledge of the encrypted token. 5. You can then spend the token, which has an intact signature from the bank validating it. I'd have to dig up the details of how it works, but the idea is that the bank can sign a token without actually seeing its content, while being assured that the content is valid. Overkill perhaps, but an algorithm like this would allow people to anonymously vote in a secure manner. The medium that data is exchanged in could be whatever we want it to be. Generating the token is somewhat interactive, but submitting the ballots is one-way so it could be email, file drop, web, whatever. The token could include a public key for validating a ballot as well. Just some random thoughts. Rich