[E-voting] encryption compromised by hardware

Michael McMahon michael at hexmedia.com
Mon Nov 20 13:50:00 GMT 2006


Timothy Murphy wrote:
> On Monday 20 November 2006 08:58, A.J.Delaney at brighton.ac.uk wrote:
>
>   
>> I'm not an expert in cryptography, but from what I understand if an
>> attacker has physical control over a machine all bets are off.  There
>> is, effectively, no way to reliably encrypt data on a machine that an
>> attacker can run a priviledged application on. 
>>     
>
> That doesn't sound right to me.
> Do you have any reference for it?
>
>
>   
It's true that a lot of so-called side channel attacks on cryptography 
work by attacking the
physical implementation of algorithms, rather than their mathematical 
properties.
Also, if you consider that encryption and decryption keys have to exist 
in computer
memory in order for them to be used, and that privileged software is 
able to access
memory used by other programs, then that implies that 
encryption/decryption keys can
(in theory at least) be compromised.

As Aidan hinted at though, trusted computing platforms can mitigate this 
risk, by basing their
trust  ultimately on  hardware  components which perform cryptography, 
but which
don't run any software. So, they would not be vulnerable to this kind of 
threat.

Having said that, ultimately people (like me) who advocate crypto based 
e-voting as a
potential solution, have always said that while they can provide a very 
high level of confidence
in election accuracy and correctness, they can never provide
a 100% guarantee of vote secrecy (which is what the cryptography is 
trying to do).
And of course the same is true for paper ballots.

So, as I've said before, you have to look at a proposed system in its 
totality, and then
compare  the risks (with paper ballots or whatever). Only then is the 
comparison meaningful.

Michael



More information about the E-voting mailing list