[AUUG-Talk]: E-voting

Peter Jeremy peterjeremy at optushome.com.au
Tue Jan 29 20:21:07 EST 2008


On Tue, Jan 29, 2008 at 04:53:16PM +1100, Dave Horsfall wrote:
>Now, if I was to conduct an e-vote, what what I do?
>
>Obviously it will need some sort of a token which must be returned; it 
>must be random (because e.g. a membership number can be obtained) but then 
>we have the problem of anonymity.

Ideally, you also want to be able to verify that your vote was counted
in the result - some voting systems allow this.

>Email can also be intercepted in-bound, so we need end-to-end 
>authentication (again whilst satisfying anonymity), so do we make everyone 
>use GPG/PKI?

The traditional paper-in-envelope-in-envelope maps fairly neatly into
PGP:  Returning officer generates ballot paper (or maybe one paper per
voting option), signs it with his private key and mails it to eligible
voters.  Voter verifies the signature then marks the ballot in some
way (type "yes" or "no" on the dotted line, or select one of the pre-
completed ballots), encrypts it with the Returning Officers public key
and then signs/encrypts it with his own private key and returns it.
Returning officer verifies that the signature belongs to a valid voter.
If it does, he decrypts the outer envelope and saves the inner envelope
with a random file name.  Once all inner envelopes are collected, they
are all decrypted and the resultant ballot papers are counted.

Of course, the above all relies on everyone having a trusted signature
and trusting the PGP (or whatever) implementations being used.

>Time to re-read my Schneier tomes, I guess...

They may be a bit dated.  I'd check your RISKS archives and maybe some
of the links off the electronic voting URL I posted.

-- 
Peter Jeremy
Please excuse any delays as the result of my ISP's inability to implement
an MTA that is either RFC2821-compliant or matches their claimed behaviour.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://lists.auug.org.au/pipermail/talk/attachments/20080129/340b5c43/attachment.pgp>


More information about the Talk mailing list