There has been considerable work in the cryptographic community on
anonymous voting schemes. Most of them have some disadvantages, and
there are difficulties in marrying the cryptographic technology
to the real world of voters, registrars, county recorders and such.
I know a guy who works at votehere.net, one company which is promoting
a cryptographic voting system. They have some descriptions of the
technology at http://votehere.net/VH-Content-v2.0/gettingtechnical.html.
This is from http://votehere.net/VH-Content-v2.0/whitepapers/primer.html:
The privacy of individually verifiable election systems [FOO92, PIK93,
Cra96, Sch95] comes from blind signatures. Blind signatures [Cha81]
are a class of digital signatures that allow a document to be signed
without revealing its contents. An often used analogy is that of
placing a document and a sheet of carbon paper inside an envelope. If
somebody signs the outside of the envelope, the carbon paper transfers
the signature to the document on the inside of the envelope. The
signature remains on the document when removed from the envelope.
Typically, a voter blinds and digitally signs his voted ballot and
submits it to a verifying authority. The voted ballot also contains a
unique serial number generated by the voter. Once the voter submits the
blinded vote to the verifier, the verifier checks the voter's digital
signature and voter eligibility. If all criteria are met, the verifier
checks the voter off the voter roles, countersigns the voted ballot,
and sends the blinded, countersigned ballot back to the voter.
The voter removes the blinding encryption layer revealing the verifying
authority's signature. Now that all voter specific information
is removed from the ballot, the voter submits it to the tallying
authority through an anonymous channel. An anonymous communications
(e.g., onion routing) channel protects the message with multiple
layers of encryption using randomly selected intermediate points (see
[SGR] for a discussion of onion routing). The tallying authority
authenticates the verifying authority's digital signature and adds
the results to the tally.
The VoteHere system is actually quite a bit more sophisticated than
this, but even so there are problems. Some of these are shared with
any non-poll vote, like absentee ballots. For example, you can sell
your vote by letting someone watch you vote. There are also issues of
electronically authenticating voters and making sure they are eligible.
Many of the same old frauds will still work, such as padding the voter
lists with dead or imaginary voters.
There is some discussion of electronic voting in the
Risks digest at http://catless.ncl.ac.uk/Risks/21.11.html and
http://catless.ncl.ac.uk/Risks/21.10.html. One of the links from there
is to http://avirubin.com/e-voting.security.html, which emphasizes
the insecurity of home computer systems, bringing a risk of fraud and
manipulation.
Hal
This archive was generated by hypermail 2b30 : Mon May 28 2001 - 09:50:20 MDT