Any ideas to make an Electronic Voter Machine more secure?What is chain voting?Is this design of client side...
How do I deal with being envious of my own players?
3.5% Interest Student Loan or use all of my savings on Tuition?
How to use math.log10() function on whole pandas dataframe
Four buttons on a table
How to kill a localhost:8080
What are SHA-rounds?
Where is the line between being obedient and getting bullied by a boss?
Is there a way to find out the age of Camp ropes?
Was it really inappropriate to write a pull request for the company I interviewed with?
Is there a hobbyist standard for Trains track modules?
How does signal strength relate to bandwidth?
Citing contemporaneous (interlaced?) preprints
How can I be pwned if I'm not registered on the compromised site?
Does "legal poaching" exist?
Can a space-faring robot still function over a billion years?
How to roleplay my character's ethics according to the DM when I don't understand those ethics?
How do you say “my friend is throwing a party, do you wanna come?” in german
Rationale to prefer local variables over instance variables?
Has Wakanda ever accepted refugees?
Are small insurances worth it
In which way proportional valves are controlled solely by current?
How to get the first first element while continue streaming?
Is there a limit on the maximum number of future jobs queued in an org?
Every subset equal to original set?
Any ideas to make an Electronic Voter Machine more secure?
What is chain voting?Is this design of client side encryption secure?Is this hand cipher any more secure than the Vigenère cipher?Any practical uses of machine learning for cryptography?Do any one-key-of-many cryptographic schemes exist?RSA: how does it work and how is it more secure than symmetric systemsCombining secure hashes with insecure hashes?Does AAD make GCM encryption more secure?I am not convinced that SHA2/3 or AES256 is secureEstablish more secure symmetric crypto system given A and B have small initial secretIs a PRG more costly than AES or any other encryption standard?
$begingroup$
EVMs are not secure they say. So how can we make it more secure tham the existing one using cryptography?
encryption
asked 6 hours ago
aashikaashik
61
New contributor
aashik is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
add a comment |
$begingroup$
EVMs are not secure they say. So how can we make it more secure tham the existing one using cryptography?
encryption
asked 6 hours ago
aashikaashik
61
New contributor
aashik is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
$begingroup$
Not sure how we can help here with the question in it's current form. Very, very very few of the real world practical issues with EVM pertain to cryptography. Is there some more specific theoretical/mathematical aspect that you have in mind?
$endgroup$
– Paul Uszak
3 hours ago
add a comment |
$begingroup$
EVMs are not secure they say. So how can we make it more secure tham the existing one using cryptography?
encryption
asked 6 hours ago
aashikaashik
61
New contributor
aashik is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
EVMs are not secure they say. So how can we make it more secure tham the existing one using cryptography?
encryption
encryption
asked 6 hours ago
aashikaashik
61
New contributor
aashik is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 6 hours ago
aashikaashik
61
New contributor
aashik is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 6 hours ago
aashikaashik
61
New contributor
aashik is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 6 hours ago
aashikaashik
61
asked 6 hours ago
aashikaashik
61
61
New contributor
aashik is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
aashik is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
aashik is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$begingroup$
Not sure how we can help here with the question in it's current form. Very, very very few of the real world practical issues with EVM pertain to cryptography. Is there some more specific theoretical/mathematical aspect that you have in mind?
$endgroup$
– Paul Uszak
3 hours ago
add a comment |
$begingroup$
Not sure how we can help here with the question in it's current form. Very, very very few of the real world practical issues with EVM pertain to cryptography. Is there some more specific theoretical/mathematical aspect that you have in mind?
$endgroup$
– Paul Uszak
3 hours ago
$begingroup$
Not sure how we can help here with the question in it's current form. Very, very very few of the real world practical issues with EVM pertain to cryptography. Is there some more specific theoretical/mathematical aspect that you have in mind?
$endgroup$
– Paul Uszak
3 hours ago
$begingroup$
Not sure how we can help here with the question in it's current form. Very, very very few of the real world practical issues with EVM pertain to cryptography. Is there some more specific theoretical/mathematical aspect that you have in mind?
$endgroup$
– Paul Uszak
3 hours ago
add a comment |
2 Answers
2
active
oldest
votes
$begingroup$
We can't make satisfactory Electronic Voting Machines. Their design face conflicting goals that are impossible to reconcile, even in the simplest conceivable use case: a yes/no vote, a single machine.
- Count votes (or at least: determine if there was more yes than no) with the result public.
- Limit voting to one per registered voter.
- Keep individual votes secret, even from organizers or/and if a person casting vote is actively trying to prove how s/he voted (that requirement helps freedom of vote despite attempted bribery/duress), within the limits inherent to what gets published of the result.
- Convince reasonable observers with ordinary skills that the above goals are met, even if observers do not trust the organizers and designers of the machine, understandably so [*]
- Resist denial of service.
Among the few non-electronic approaches that work is one that evolved over time: paper ballot freely available to all, put in opaque envelope mandatorily in a private booth, with the envelope publicly inserted in a transparent urn (with mechanical interlock preventing unauthorized insertion), check of the voter's identity and that the voting role is unsigned right before that insertion, and signing the voting role right afterwards, with the urn and envelopes publicly opened in the end and counted, under public scrutiny all along.
Alternatives have been tried:
- Mechanical counters, with interlocks preventing multiple voting. There have been jams (perhaps intentional). Only people understanding mechanical machinery (similar to watchmaking) can observe and confirm that counting work as intended before and after voting. And it is to fear that various side channels (lifting a cover hidding the value, sound, ...) can compromise vote secrecy. On the positive side, it can be me made slow and noisy to covertly alter the counters.
- Electromechanical counters: reportedly more reliable, but side channels are rather worse, altering the counters might be faster and easier, and (because wires and air gaps can be hair-thin) an observer (needing basic understanding of electric circuit) could miss something redirecting counting to the wrong counter. While it would be conceivable and useful to make counters that the voter (only) can see moving when casting vote, without being able to tell the count, I have not heard that it was used.
The more we go towards modern electronics and complex cryptography, the worse the "convince reasonable observers with ordinary skills" goal is met. Finding backdoors in silicon and software is extremely hard, and entirely impossible at the voting location. For most reasonable observers, a finite field is a bounded piece of land.
[*] Voting machines in use in (few and mid-sized) French cities are purchased, stored, serviced and operated (with supervision from the ministry of home affairs) under the authority of the Mayor, yet are used to (re-)elect the Mayor. Their specification and type approval is under the authority of the ministry of home affairs, which head is chosen by the prime minister, which is chosen by the Président de la République, which the machines contribute to (re-)elect. In 2007 that election was won by the former head of the ministry of home affairs that gave delegation for establishing the specifications as law, and was again head of that ministry weeks before his own election and days before a software change was made to the most common type of machines. BTW that software is secret, and it's integrity is publicly demonstrated by a checksum that the software computes and displays. Descartes reportedly turned in his grave.
answered 3 hours ago
fgrieufgrieu
80.8k7172342
$endgroup$
1
$begingroup$
Are you totally convinced that French voting (fully end to end) is really anonymous? Even to law enforcement and the courts? In the UK, Canada, Singapore and others it's not, and this is public knowledge (UK). The ballot papers are serialised and traceable to the voter. Otherwise, how do you catch fraudulent votes?
$endgroup$
– Paul Uszak
3 hours ago
2
$begingroup$
In France, paper ballots are not serialized, are freely available (at the entrance of the voting station, also sent by mail), and are (or should) be destroyed after the counting is done and no recount is called for, never leaving public scrutiny. Voter identification is procedural from paper ID, including when using voting machines. For these, voting is supposedly kept anonymous by randomizing the address at which the voting is recorded in a backup memory cartridge, analogous to mixing an urn (if that was sequential, it would be conceivable to find what vote the Nth voter casted).
$endgroup$
– fgrieu
2 hours ago
1
$begingroup$
Nice answer. I would like to add that in some countries, the center that sums the votes can be corrupted. This requires a third party to collects and sums the results of the ballot boxes.
$endgroup$
– kelalaka
1 hour ago
$begingroup$
@PaulUszak The identity is a main issue. Also, if you want, you can use a temporarily permanent ink (like silver nitrate) to distingused voted users with not voted. There is nothing can prevent someone to sell his vote. The system in France, prevents the chain voting.
$endgroup$
– kelalaka
58 mins ago
2
$begingroup$
@PaulUszak What do you mean with "how do you catch fraudulent votes?" At least in Germany, the general public can convince themselves that the ballot box is empty before the election starts, can remain present for the entire duration of the election as well as the opening and counting of the ballots. Every person needs to show government issued ID and it is confirmed that they are an eligible voter before they are allowed to cast their vote. (And everyone has a designated polling place. So voting at more than one does not work.) I don't see which problem traceable ballots would solve.
$endgroup$
– Maeher
56 mins ago
add a comment |
$begingroup$
I will give some links;
- E-voting experiments end in Norway amid security fears
- If it ain’t broke, don’t fix it: Australia should stay away from electronic voting
- DEFCON 25 Voting Machine Hacking Village
- Hacking a US electronic voting booth takes less than 90 minutes
- Voting - What Is, What Could Be (2001)
- Voting: What Has Changed, What Hasn't, & What Needs Improvement (2012)
The last two is taken from the Caltech/MIT Voting Technology Project (VTP)
answered 28 mins ago
kelalakakelalaka
8,19822351
$endgroup$
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
return StackExchange.using("mathjaxEditing", function () {
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
});
});
}, "mathjax-editing");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "281"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
aashik is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f67801%2fany-ideas-to-make-an-electronic-voter-machine-more-secure%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
$begingroup$
We can't make satisfactory Electronic Voting Machines. Their design face conflicting goals that are impossible to reconcile, even in the simplest conceivable use case: a yes/no vote, a single machine.
- Count votes (or at least: determine if there was more yes than no) with the result public.
- Limit voting to one per registered voter.
- Keep individual votes secret, even from organizers or/and if a person casting vote is actively trying to prove how s/he voted (that requirement helps freedom of vote despite attempted bribery/duress), within the limits inherent to what gets published of the result.
- Convince reasonable observers with ordinary skills that the above goals are met, even if observers do not trust the organizers and designers of the machine, understandably so [*]
- Resist denial of service.
Among the few non-electronic approaches that work is one that evolved over time: paper ballot freely available to all, put in opaque envelope mandatorily in a private booth, with the envelope publicly inserted in a transparent urn (with mechanical interlock preventing unauthorized insertion), check of the voter's identity and that the voting role is unsigned right before that insertion, and signing the voting role right afterwards, with the urn and envelopes publicly opened in the end and counted, under public scrutiny all along.
Alternatives have been tried:
- Mechanical counters, with interlocks preventing multiple voting. There have been jams (perhaps intentional). Only people understanding mechanical machinery (similar to watchmaking) can observe and confirm that counting work as intended before and after voting. And it is to fear that various side channels (lifting a cover hidding the value, sound, ...) can compromise vote secrecy. On the positive side, it can be me made slow and noisy to covertly alter the counters.
- Electromechanical counters: reportedly more reliable, but side channels are rather worse, altering the counters might be faster and easier, and (because wires and air gaps can be hair-thin) an observer (needing basic understanding of electric circuit) could miss something redirecting counting to the wrong counter. While it would be conceivable and useful to make counters that the voter (only) can see moving when casting vote, without being able to tell the count, I have not heard that it was used.
The more we go towards modern electronics and complex cryptography, the worse the "convince reasonable observers with ordinary skills" goal is met. Finding backdoors in silicon and software is extremely hard, and entirely impossible at the voting location. For most reasonable observers, a finite field is a bounded piece of land.
[*] Voting machines in use in (few and mid-sized) French cities are purchased, stored, serviced and operated (with supervision from the ministry of home affairs) under the authority of the Mayor, yet are used to (re-)elect the Mayor. Their specification and type approval is under the authority of the ministry of home affairs, which head is chosen by the prime minister, which is chosen by the Président de la République, which the machines contribute to (re-)elect. In 2007 that election was won by the former head of the ministry of home affairs that gave delegation for establishing the specifications as law, and was again head of that ministry weeks before his own election and days before a software change was made to the most common type of machines. BTW that software is secret, and it's integrity is publicly demonstrated by a checksum that the software computes and displays. Descartes reportedly turned in his grave.
answered 3 hours ago
fgrieufgrieu
80.8k7172342
$endgroup$
1
$begingroup$
Are you totally convinced that French voting (fully end to end) is really anonymous? Even to law enforcement and the courts? In the UK, Canada, Singapore and others it's not, and this is public knowledge (UK). The ballot papers are serialised and traceable to the voter. Otherwise, how do you catch fraudulent votes?
$endgroup$
– Paul Uszak
3 hours ago
2
$begingroup$
In France, paper ballots are not serialized, are freely available (at the entrance of the voting station, also sent by mail), and are (or should) be destroyed after the counting is done and no recount is called for, never leaving public scrutiny. Voter identification is procedural from paper ID, including when using voting machines. For these, voting is supposedly kept anonymous by randomizing the address at which the voting is recorded in a backup memory cartridge, analogous to mixing an urn (if that was sequential, it would be conceivable to find what vote the Nth voter casted).
$endgroup$
– fgrieu
2 hours ago
1
$begingroup$
Nice answer. I would like to add that in some countries, the center that sums the votes can be corrupted. This requires a third party to collects and sums the results of the ballot boxes.
$endgroup$
– kelalaka
1 hour ago
$begingroup$
@PaulUszak The identity is a main issue. Also, if you want, you can use a temporarily permanent ink (like silver nitrate) to distingused voted users with not voted. There is nothing can prevent someone to sell his vote. The system in France, prevents the chain voting.
$endgroup$
– kelalaka
58 mins ago
2
$begingroup$
@PaulUszak What do you mean with "how do you catch fraudulent votes?" At least in Germany, the general public can convince themselves that the ballot box is empty before the election starts, can remain present for the entire duration of the election as well as the opening and counting of the ballots. Every person needs to show government issued ID and it is confirmed that they are an eligible voter before they are allowed to cast their vote. (And everyone has a designated polling place. So voting at more than one does not work.) I don't see which problem traceable ballots would solve.
$endgroup$
– Maeher
56 mins ago
add a comment |
$begingroup$
We can't make satisfactory Electronic Voting Machines. Their design face conflicting goals that are impossible to reconcile, even in the simplest conceivable use case: a yes/no vote, a single machine.
- Count votes (or at least: determine if there was more yes than no) with the result public.
- Limit voting to one per registered voter.
- Keep individual votes secret, even from organizers or/and if a person casting vote is actively trying to prove how s/he voted (that requirement helps freedom of vote despite attempted bribery/duress), within the limits inherent to what gets published of the result.
- Convince reasonable observers with ordinary skills that the above goals are met, even if observers do not trust the organizers and designers of the machine, understandably so [*]
- Resist denial of service.
Among the few non-electronic approaches that work is one that evolved over time: paper ballot freely available to all, put in opaque envelope mandatorily in a private booth, with the envelope publicly inserted in a transparent urn (with mechanical interlock preventing unauthorized insertion), check of the voter's identity and that the voting role is unsigned right before that insertion, and signing the voting role right afterwards, with the urn and envelopes publicly opened in the end and counted, under public scrutiny all along.
Alternatives have been tried:
- Mechanical counters, with interlocks preventing multiple voting. There have been jams (perhaps intentional). Only people understanding mechanical machinery (similar to watchmaking) can observe and confirm that counting work as intended before and after voting. And it is to fear that various side channels (lifting a cover hidding the value, sound, ...) can compromise vote secrecy. On the positive side, it can be me made slow and noisy to covertly alter the counters.
- Electromechanical counters: reportedly more reliable, but side channels are rather worse, altering the counters might be faster and easier, and (because wires and air gaps can be hair-thin) an observer (needing basic understanding of electric circuit) could miss something redirecting counting to the wrong counter. While it would be conceivable and useful to make counters that the voter (only) can see moving when casting vote, without being able to tell the count, I have not heard that it was used.
The more we go towards modern electronics and complex cryptography, the worse the "convince reasonable observers with ordinary skills" goal is met. Finding backdoors in silicon and software is extremely hard, and entirely impossible at the voting location. For most reasonable observers, a finite field is a bounded piece of land.
[*] Voting machines in use in (few and mid-sized) French cities are purchased, stored, serviced and operated (with supervision from the ministry of home affairs) under the authority of the Mayor, yet are used to (re-)elect the Mayor. Their specification and type approval is under the authority of the ministry of home affairs, which head is chosen by the prime minister, which is chosen by the Président de la République, which the machines contribute to (re-)elect. In 2007 that election was won by the former head of the ministry of home affairs that gave delegation for establishing the specifications as law, and was again head of that ministry weeks before his own election and days before a software change was made to the most common type of machines. BTW that software is secret, and it's integrity is publicly demonstrated by a checksum that the software computes and displays. Descartes reportedly turned in his grave.
answered 3 hours ago
fgrieufgrieu
80.8k7172342
$endgroup$
1
$begingroup$
Are you totally convinced that French voting (fully end to end) is really anonymous? Even to law enforcement and the courts? In the UK, Canada, Singapore and others it's not, and this is public knowledge (UK). The ballot papers are serialised and traceable to the voter. Otherwise, how do you catch fraudulent votes?
$endgroup$
– Paul Uszak
3 hours ago
2
$begingroup$
In France, paper ballots are not serialized, are freely available (at the entrance of the voting station, also sent by mail), and are (or should) be destroyed after the counting is done and no recount is called for, never leaving public scrutiny. Voter identification is procedural from paper ID, including when using voting machines. For these, voting is supposedly kept anonymous by randomizing the address at which the voting is recorded in a backup memory cartridge, analogous to mixing an urn (if that was sequential, it would be conceivable to find what vote the Nth voter casted).
$endgroup$
– fgrieu
2 hours ago
1
$begingroup$
Nice answer. I would like to add that in some countries, the center that sums the votes can be corrupted. This requires a third party to collects and sums the results of the ballot boxes.
$endgroup$
– kelalaka
1 hour ago
$begingroup$
@PaulUszak The identity is a main issue. Also, if you want, you can use a temporarily permanent ink (like silver nitrate) to distingused voted users with not voted. There is nothing can prevent someone to sell his vote. The system in France, prevents the chain voting.
$endgroup$
– kelalaka
58 mins ago
2
$begingroup$
@PaulUszak What do you mean with "how do you catch fraudulent votes?" At least in Germany, the general public can convince themselves that the ballot box is empty before the election starts, can remain present for the entire duration of the election as well as the opening and counting of the ballots. Every person needs to show government issued ID and it is confirmed that they are an eligible voter before they are allowed to cast their vote. (And everyone has a designated polling place. So voting at more than one does not work.) I don't see which problem traceable ballots would solve.
$endgroup$
– Maeher
56 mins ago
add a comment |
$begingroup$
We can't make satisfactory Electronic Voting Machines. Their design face conflicting goals that are impossible to reconcile, even in the simplest conceivable use case: a yes/no vote, a single machine.
- Count votes (or at least: determine if there was more yes than no) with the result public.
- Limit voting to one per registered voter.
- Keep individual votes secret, even from organizers or/and if a person casting vote is actively trying to prove how s/he voted (that requirement helps freedom of vote despite attempted bribery/duress), within the limits inherent to what gets published of the result.
- Convince reasonable observers with ordinary skills that the above goals are met, even if observers do not trust the organizers and designers of the machine, understandably so [*]
- Resist denial of service.
Among the few non-electronic approaches that work is one that evolved over time: paper ballot freely available to all, put in opaque envelope mandatorily in a private booth, with the envelope publicly inserted in a transparent urn (with mechanical interlock preventing unauthorized insertion), check of the voter's identity and that the voting role is unsigned right before that insertion, and signing the voting role right afterwards, with the urn and envelopes publicly opened in the end and counted, under public scrutiny all along.
Alternatives have been tried:
- Mechanical counters, with interlocks preventing multiple voting. There have been jams (perhaps intentional). Only people understanding mechanical machinery (similar to watchmaking) can observe and confirm that counting work as intended before and after voting. And it is to fear that various side channels (lifting a cover hidding the value, sound, ...) can compromise vote secrecy. On the positive side, it can be me made slow and noisy to covertly alter the counters.
- Electromechanical counters: reportedly more reliable, but side channels are rather worse, altering the counters might be faster and easier, and (because wires and air gaps can be hair-thin) an observer (needing basic understanding of electric circuit) could miss something redirecting counting to the wrong counter. While it would be conceivable and useful to make counters that the voter (only) can see moving when casting vote, without being able to tell the count, I have not heard that it was used.
The more we go towards modern electronics and complex cryptography, the worse the "convince reasonable observers with ordinary skills" goal is met. Finding backdoors in silicon and software is extremely hard, and entirely impossible at the voting location. For most reasonable observers, a finite field is a bounded piece of land.
[*] Voting machines in use in (few and mid-sized) French cities are purchased, stored, serviced and operated (with supervision from the ministry of home affairs) under the authority of the Mayor, yet are used to (re-)elect the Mayor. Their specification and type approval is under the authority of the ministry of home affairs, which head is chosen by the prime minister, which is chosen by the Président de la République, which the machines contribute to (re-)elect. In 2007 that election was won by the former head of the ministry of home affairs that gave delegation for establishing the specifications as law, and was again head of that ministry weeks before his own election and days before a software change was made to the most common type of machines. BTW that software is secret, and it's integrity is publicly demonstrated by a checksum that the software computes and displays. Descartes reportedly turned in his grave.
answered 3 hours ago
fgrieufgrieu
80.8k7172342
$endgroup$
We can't make satisfactory Electronic Voting Machines. Their design face conflicting goals that are impossible to reconcile, even in the simplest conceivable use case: a yes/no vote, a single machine.
- Count votes (or at least: determine if there was more yes than no) with the result public.
- Limit voting to one per registered voter.
- Keep individual votes secret, even from organizers or/and if a person casting vote is actively trying to prove how s/he voted (that requirement helps freedom of vote despite attempted bribery/duress), within the limits inherent to what gets published of the result.
- Convince reasonable observers with ordinary skills that the above goals are met, even if observers do not trust the organizers and designers of the machine, understandably so [*]
- Resist denial of service.
Among the few non-electronic approaches that work is one that evolved over time: paper ballot freely available to all, put in opaque envelope mandatorily in a private booth, with the envelope publicly inserted in a transparent urn (with mechanical interlock preventing unauthorized insertion), check of the voter's identity and that the voting role is unsigned right before that insertion, and signing the voting role right afterwards, with the urn and envelopes publicly opened in the end and counted, under public scrutiny all along.
Alternatives have been tried:
- Mechanical counters, with interlocks preventing multiple voting. There have been jams (perhaps intentional). Only people understanding mechanical machinery (similar to watchmaking) can observe and confirm that counting work as intended before and after voting. And it is to fear that various side channels (lifting a cover hidding the value, sound, ...) can compromise vote secrecy. On the positive side, it can be me made slow and noisy to covertly alter the counters.
- Electromechanical counters: reportedly more reliable, but side channels are rather worse, altering the counters might be faster and easier, and (because wires and air gaps can be hair-thin) an observer (needing basic understanding of electric circuit) could miss something redirecting counting to the wrong counter. While it would be conceivable and useful to make counters that the voter (only) can see moving when casting vote, without being able to tell the count, I have not heard that it was used.
The more we go towards modern electronics and complex cryptography, the worse the "convince reasonable observers with ordinary skills" goal is met. Finding backdoors in silicon and software is extremely hard, and entirely impossible at the voting location. For most reasonable observers, a finite field is a bounded piece of land.
[*] Voting machines in use in (few and mid-sized) French cities are purchased, stored, serviced and operated (with supervision from the ministry of home affairs) under the authority of the Mayor, yet are used to (re-)elect the Mayor. Their specification and type approval is under the authority of the ministry of home affairs, which head is chosen by the prime minister, which is chosen by the Président de la République, which the machines contribute to (re-)elect. In 2007 that election was won by the former head of the ministry of home affairs that gave delegation for establishing the specifications as law, and was again head of that ministry weeks before his own election and days before a software change was made to the most common type of machines. BTW that software is secret, and it's integrity is publicly demonstrated by a checksum that the software computes and displays. Descartes reportedly turned in his grave.
answered 3 hours ago
fgrieufgrieu
80.8k7172342
edited 1 hour ago
answered 3 hours ago
fgrieufgrieu
80.8k7172342
answered 3 hours ago
fgrieufgrieu
80.8k7172342
answered 3 hours ago
fgrieufgrieu
80.8k7172342
80.8k7172342
1
$begingroup$
Are you totally convinced that French voting (fully end to end) is really anonymous? Even to law enforcement and the courts? In the UK, Canada, Singapore and others it's not, and this is public knowledge (UK). The ballot papers are serialised and traceable to the voter. Otherwise, how do you catch fraudulent votes?
$endgroup$
– Paul Uszak
3 hours ago
2
$begingroup$
In France, paper ballots are not serialized, are freely available (at the entrance of the voting station, also sent by mail), and are (or should) be destroyed after the counting is done and no recount is called for, never leaving public scrutiny. Voter identification is procedural from paper ID, including when using voting machines. For these, voting is supposedly kept anonymous by randomizing the address at which the voting is recorded in a backup memory cartridge, analogous to mixing an urn (if that was sequential, it would be conceivable to find what vote the Nth voter casted).
$endgroup$
– fgrieu
2 hours ago
1
$begingroup$
Nice answer. I would like to add that in some countries, the center that sums the votes can be corrupted. This requires a third party to collects and sums the results of the ballot boxes.
$endgroup$
– kelalaka
1 hour ago
$begingroup$
@PaulUszak The identity is a main issue. Also, if you want, you can use a temporarily permanent ink (like silver nitrate) to distingused voted users with not voted. There is nothing can prevent someone to sell his vote. The system in France, prevents the chain voting.
$endgroup$
– kelalaka
58 mins ago
2
$begingroup$
@PaulUszak What do you mean with "how do you catch fraudulent votes?" At least in Germany, the general public can convince themselves that the ballot box is empty before the election starts, can remain present for the entire duration of the election as well as the opening and counting of the ballots. Every person needs to show government issued ID and it is confirmed that they are an eligible voter before they are allowed to cast their vote. (And everyone has a designated polling place. So voting at more than one does not work.) I don't see which problem traceable ballots would solve.
$endgroup$
– Maeher
56 mins ago
add a comment |
1
$begingroup$
Are you totally convinced that French voting (fully end to end) is really anonymous? Even to law enforcement and the courts? In the UK, Canada, Singapore and others it's not, and this is public knowledge (UK). The ballot papers are serialised and traceable to the voter. Otherwise, how do you catch fraudulent votes?
$endgroup$
– Paul Uszak
3 hours ago
2
$begingroup$
In France, paper ballots are not serialized, are freely available (at the entrance of the voting station, also sent by mail), and are (or should) be destroyed after the counting is done and no recount is called for, never leaving public scrutiny. Voter identification is procedural from paper ID, including when using voting machines. For these, voting is supposedly kept anonymous by randomizing the address at which the voting is recorded in a backup memory cartridge, analogous to mixing an urn (if that was sequential, it would be conceivable to find what vote the Nth voter casted).
$endgroup$
– fgrieu
2 hours ago
1
$begingroup$
Nice answer. I would like to add that in some countries, the center that sums the votes can be corrupted. This requires a third party to collects and sums the results of the ballot boxes.
$endgroup$
– kelalaka
1 hour ago
$begingroup$
@PaulUszak The identity is a main issue. Also, if you want, you can use a temporarily permanent ink (like silver nitrate) to distingused voted users with not voted. There is nothing can prevent someone to sell his vote. The system in France, prevents the chain voting.
$endgroup$
– kelalaka
58 mins ago
2
$begingroup$
@PaulUszak What do you mean with "how do you catch fraudulent votes?" At least in Germany, the general public can convince themselves that the ballot box is empty before the election starts, can remain present for the entire duration of the election as well as the opening and counting of the ballots. Every person needs to show government issued ID and it is confirmed that they are an eligible voter before they are allowed to cast their vote. (And everyone has a designated polling place. So voting at more than one does not work.) I don't see which problem traceable ballots would solve.
$endgroup$
– Maeher
56 mins ago
1
1
$begingroup$
Are you totally convinced that French voting (fully end to end) is really anonymous? Even to law enforcement and the courts? In the UK, Canada, Singapore and others it's not, and this is public knowledge (UK). The ballot papers are serialised and traceable to the voter. Otherwise, how do you catch fraudulent votes?
$endgroup$
– Paul Uszak
3 hours ago
$begingroup$
Are you totally convinced that French voting (fully end to end) is really anonymous? Even to law enforcement and the courts? In the UK, Canada, Singapore and others it's not, and this is public knowledge (UK). The ballot papers are serialised and traceable to the voter. Otherwise, how do you catch fraudulent votes?
$endgroup$
– Paul Uszak
3 hours ago
2
2
$begingroup$
In France, paper ballots are not serialized, are freely available (at the entrance of the voting station, also sent by mail), and are (or should) be destroyed after the counting is done and no recount is called for, never leaving public scrutiny. Voter identification is procedural from paper ID, including when using voting machines. For these, voting is supposedly kept anonymous by randomizing the address at which the voting is recorded in a backup memory cartridge, analogous to mixing an urn (if that was sequential, it would be conceivable to find what vote the Nth voter casted).
$endgroup$
– fgrieu
2 hours ago
$begingroup$
In France, paper ballots are not serialized, are freely available (at the entrance of the voting station, also sent by mail), and are (or should) be destroyed after the counting is done and no recount is called for, never leaving public scrutiny. Voter identification is procedural from paper ID, including when using voting machines. For these, voting is supposedly kept anonymous by randomizing the address at which the voting is recorded in a backup memory cartridge, analogous to mixing an urn (if that was sequential, it would be conceivable to find what vote the Nth voter casted).
$endgroup$
– fgrieu
2 hours ago
1
1
$begingroup$
Nice answer. I would like to add that in some countries, the center that sums the votes can be corrupted. This requires a third party to collects and sums the results of the ballot boxes.
$endgroup$
– kelalaka
1 hour ago
$begingroup$
Nice answer. I would like to add that in some countries, the center that sums the votes can be corrupted. This requires a third party to collects and sums the results of the ballot boxes.
$endgroup$
– kelalaka
1 hour ago
$begingroup$
@PaulUszak The identity is a main issue. Also, if you want, you can use a temporarily permanent ink (like silver nitrate) to distingused voted users with not voted. There is nothing can prevent someone to sell his vote. The system in France, prevents the chain voting.
$endgroup$
– kelalaka
58 mins ago
$begingroup$
@PaulUszak The identity is a main issue. Also, if you want, you can use a temporarily permanent ink (like silver nitrate) to distingused voted users with not voted. There is nothing can prevent someone to sell his vote. The system in France, prevents the chain voting.
$endgroup$
– kelalaka
58 mins ago
2
2
$begingroup$
@PaulUszak What do you mean with "how do you catch fraudulent votes?" At least in Germany, the general public can convince themselves that the ballot box is empty before the election starts, can remain present for the entire duration of the election as well as the opening and counting of the ballots. Every person needs to show government issued ID and it is confirmed that they are an eligible voter before they are allowed to cast their vote. (And everyone has a designated polling place. So voting at more than one does not work.) I don't see which problem traceable ballots would solve.
$endgroup$
– Maeher
56 mins ago
$begingroup$
@PaulUszak What do you mean with "how do you catch fraudulent votes?" At least in Germany, the general public can convince themselves that the ballot box is empty before the election starts, can remain present for the entire duration of the election as well as the opening and counting of the ballots. Every person needs to show government issued ID and it is confirmed that they are an eligible voter before they are allowed to cast their vote. (And everyone has a designated polling place. So voting at more than one does not work.) I don't see which problem traceable ballots would solve.
$endgroup$
– Maeher
56 mins ago
add a comment |
$begingroup$
I will give some links;
- E-voting experiments end in Norway amid security fears
- If it ain’t broke, don’t fix it: Australia should stay away from electronic voting
- DEFCON 25 Voting Machine Hacking Village
- Hacking a US electronic voting booth takes less than 90 minutes
- Voting - What Is, What Could Be (2001)
- Voting: What Has Changed, What Hasn't, & What Needs Improvement (2012)
The last two is taken from the Caltech/MIT Voting Technology Project (VTP)
answered 28 mins ago
kelalakakelalaka
8,19822351
$endgroup$
add a comment |
$begingroup$
I will give some links;
- E-voting experiments end in Norway amid security fears
- If it ain’t broke, don’t fix it: Australia should stay away from electronic voting
- DEFCON 25 Voting Machine Hacking Village
- Hacking a US electronic voting booth takes less than 90 minutes
- Voting - What Is, What Could Be (2001)
- Voting: What Has Changed, What Hasn't, & What Needs Improvement (2012)
The last two is taken from the Caltech/MIT Voting Technology Project (VTP)
answered 28 mins ago
kelalakakelalaka
8,19822351
$endgroup$
add a comment |
$begingroup$
I will give some links;
- E-voting experiments end in Norway amid security fears
- If it ain’t broke, don’t fix it: Australia should stay away from electronic voting
- DEFCON 25 Voting Machine Hacking Village
- Hacking a US electronic voting booth takes less than 90 minutes
- Voting - What Is, What Could Be (2001)
- Voting: What Has Changed, What Hasn't, & What Needs Improvement (2012)
The last two is taken from the Caltech/MIT Voting Technology Project (VTP)
answered 28 mins ago
kelalakakelalaka
8,19822351
$endgroup$
I will give some links;
- E-voting experiments end in Norway amid security fears
- If it ain’t broke, don’t fix it: Australia should stay away from electronic voting
- DEFCON 25 Voting Machine Hacking Village
- Hacking a US electronic voting booth takes less than 90 minutes
- Voting - What Is, What Could Be (2001)
- Voting: What Has Changed, What Hasn't, & What Needs Improvement (2012)
The last two is taken from the Caltech/MIT Voting Technology Project (VTP)
answered 28 mins ago
kelalakakelalaka
8,19822351
answered 28 mins ago
kelalakakelalaka
8,19822351
answered 28 mins ago
kelalakakelalaka
8,19822351
answered 28 mins ago
kelalakakelalaka
8,19822351
8,19822351
add a comment |
add a comment |
aashik is a new contributor. Be nice, and check out our Code of Conduct.
aashik is a new contributor. Be nice, and check out our Code of Conduct.
aashik is a new contributor. Be nice, and check out our Code of Conduct.
aashik is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Cryptography Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
Use MathJax to format equations. MathJax reference.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f67801%2fany-ideas-to-make-an-electronic-voter-machine-more-secure%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
$begingroup$
Not sure how we can help here with the question in it's current form. Very, very very few of the real world practical issues with EVM pertain to cryptography. Is there some more specific theoretical/mathematical aspect that you have in mind?
$endgroup$
– Paul Uszak
3 hours ago