[E-voting] alternative e-voting systems

Adrian Colley aecolley at spamcop.net
Thu Mar 4 19:56:12 GMT 2004


On Thu, Mar 04, 2004 at 05:50:25PM +0000, Michael McMahon wrote:
> I'm not a crypto expert, so I'll leave it to those folks, to look
> at the details of the algorithm, and make a judgement on that risk,
> but I would think that enough time is available in the whole election
> scenario to use pretty large keys.

I'm not concerned about brute-force cryptanalysis, but about more
mathematical attacks (or quantum-computational devices which will
have a revolutionary effect on cryptography if they live up to their
potential) which may offer a way to break a crypto algorithm quickly,
even if used with a large key.  Crypto algorithms have been broken
before (GSM's A5 is a famous example), and they will be again.  The
worry is that a research breakthrough could retrospectively reveal
lots of voter preferences overnight .

> I'm also not sure how much information is revealed necessarily by decrypting
> the receipt batch. It could be that you would need to have the receipt in
> your posession and know who the receipt came from, to be able to determine
> the voters identity. Presumably, most voters will destroy their receipts 
> soon
> enough after the election. So, I think the scope of the disclosure can be
> limited.

If the receipts are sold or copied under intimidation, then the
information of those receipts can be kept for years until cryptanalysis
is possible.  If you were made to hand over your Chaum receipt, and
threatened with terrible revenge if it ever showed that you didn't
vote as instructed, would you be so sure that the scope of disclosure
was limited enough?  You'd be effectively betting that cryptanalysis
of the algorithm would not be possible in your lifetime.

>>and (2) it seems that a "voter serial number"[1]
>>might be hidden in the apparently-random parts of the ballot, and
>>there's no way for a voter to be sure that it hasn't happened.
> 
> I don't see how that would be possible. Any added information would
> be visible in the tally-batch. The counting equipment (and anyone else
> who wants to look at them) could easily detect any extraneous bits of 
> information
> in the tally ballots.

I don't mean added information; I mean information hidden in existing
data that are supposed to be random.  This is called steganography,
and there are several tools for playing with it on the Internet.
If you ask for a random 8-bit number, and you get one, how do you
know it isn't a combination of a random 7-bit number and a normalized
(viz. random-looking) 1-bit covert code?  The answer is: you can't.
(This is called a "subliminal channel" in section 4.2 of Bruce
Schneier's "Applied Cryptography", 2nd ed.)

Random numbers are extremely important for most crypto calculations,
so there's usually plenty of scope for steganized information.  I
seem to recall that DSA hardware is viewed with suspicion by security
experts, because of the possibility that key material is being
steganized into the random parameters of the algorithm.

 --Adrian.

-- 
GPG 0x43D3AD19 17D2 CA6E A18E 1177 A361  C14C 29DB BA4B 43D3 AD19
http://user-aecolley.jini.org/




More information about the E-voting mailing list