From: Harvey Newstrom (mail@HarveyNewstrom.com)
Date: Fri May 16 2003 - 21:14:09 MDT
Lee Daniel Crocker wrote,
> > (Harvey Newstrom <mail@HarveyNewstrom.com>):
> >
> > Your system proves is that the newspaper correctly reported back an
> > encrypted version of each person's vote. How do we know this list
> > matches what was counted? How do we know the counts add up to what
> > totals were reported?
>
> Read it again: the votes themselves are /not/ encrypted, but published
> in plain text for all to count. Only the identifier with each set is
> encrypted--it serves for voter verification and non-repudiation. The
> check for stuffing is the list of names with the same count as votes,
> which is also independently verifiable.
OK, got it.
But how do we know there isn't a thousand extra votes for you-know-who with
faked identifiers? Your method seems to allow each individual to assure
that their vote was counted. But we don't know who all those other voters
are. How does anybody know they are real? What if it has a billion votes
with a billion encrypted identifiers. How do we determine who these are or
prove they were fake? Each individual can verify their own real vote, but
is there a method to detect a bunch of fake votes?
-- Harvey Newstrom, CISSP, IAM, GSEC, IBMCP <www.HarveyNewstrom.com> <www.Newstaff.com>
This archive was generated by hypermail 2.1.5 : Fri May 16 2003 - 21:28:44 MDT