[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-project
Subject:    Re: [gentoo-project] Re: [gentoo-project] Gentoo Council Elections Results for term 2014-2015
From:       Rich Freeman <rich0 () gentoo ! org>
Date:       2014-07-17 17:13:42
Message-ID: CAGfcS_=9diLr2KC0HWBgmuauHvhWK=cjTXdd9mprYj=CbicKrg () mail ! gmail ! com
[Download RAW message or body]

On Thu, Jul 17, 2014 at 12:48 PM, email@missionaccomplish.com
<email@missionaccomplish.com> wrote:
> Elections should not be transparent, voters should be anonymous so that
> people are more likely to actually vote.

Tend to agree.

I was actually thinking of ways to improve upon things.

One thought I had was an e-cash like system.  Voters would be given
credit to make a single vote in the form of an e-cash-like token, with
a serial number.  The user generates the serial number, and the voting
system would not know who has what serial number, but it would know
that legitimate users can only generate one each.

Then voters would give the token to the voting system and record their
vote.  The master ballot would include the serial numbers, so voters
could check that their ballots are present, and assure themselves that
the total count looks OK.

The software itself could be something standard - there are lots of
solutions already out there.  The only thing that would be tweaking is
that we need software to sign tokens, and software to check/redeem
them.

In case anybody isn't familiar with e-cash, the principle is this:
1.  You generate 1000 tokens with unique serial numbers and encrypt
them all with 1000 private keys and give all the encrypted tokens to
the "bank."
2.  The bank picks 999 of the tokens and asks you to send their
corresponding private keys.  The bank checks that all 999 are valid,
and you get in trouble if any aren't.
3.  If all are valid, then the bank signs the 1000th token blindly and
sends it back to you.
4.  You then decrypt the signed token - the algorithm preserves the
signature integrity and ensures that the bank can't ID the decrypted
token using its knowledge of the encrypted token.
5.  You can then spend the token, which has an intact signature from
the bank validating it.

I'd have to dig up the details of how it works, but the idea is that
the bank can sign a token without actually seeing its content, while
being assured that the content is valid.

Overkill perhaps, but an algorithm like this would allow people to
anonymously vote in a secure manner.  The medium that data is
exchanged in could be whatever we want it to be.  Generating the token
is somewhat interactive, but submitting the ballots is one-way so it
could be email, file drop, web, whatever.  The token could include a
public key for validating a ballot as well.

Just some random thoughts.

Rich


[prev in list] [next in list] [prev in thread] [next in thread]