1 |
On Thu, Jul 17, 2014 at 12:48 PM, email@×××××××××××××××××.com |
2 |
<email@×××××××××××××××××.com> wrote: |
3 |
> Elections should not be transparent, voters should be anonymous so that |
4 |
> people are more likely to actually vote. |
5 |
|
6 |
Tend to agree. |
7 |
|
8 |
I was actually thinking of ways to improve upon things. |
9 |
|
10 |
One thought I had was an e-cash like system. Voters would be given |
11 |
credit to make a single vote in the form of an e-cash-like token, with |
12 |
a serial number. The user generates the serial number, and the voting |
13 |
system would not know who has what serial number, but it would know |
14 |
that legitimate users can only generate one each. |
15 |
|
16 |
Then voters would give the token to the voting system and record their |
17 |
vote. The master ballot would include the serial numbers, so voters |
18 |
could check that their ballots are present, and assure themselves that |
19 |
the total count looks OK. |
20 |
|
21 |
The software itself could be something standard - there are lots of |
22 |
solutions already out there. The only thing that would be tweaking is |
23 |
that we need software to sign tokens, and software to check/redeem |
24 |
them. |
25 |
|
26 |
In case anybody isn't familiar with e-cash, the principle is this: |
27 |
1. You generate 1000 tokens with unique serial numbers and encrypt |
28 |
them all with 1000 private keys and give all the encrypted tokens to |
29 |
the "bank." |
30 |
2. The bank picks 999 of the tokens and asks you to send their |
31 |
corresponding private keys. The bank checks that all 999 are valid, |
32 |
and you get in trouble if any aren't. |
33 |
3. If all are valid, then the bank signs the 1000th token blindly and |
34 |
sends it back to you. |
35 |
4. You then decrypt the signed token - the algorithm preserves the |
36 |
signature integrity and ensures that the bank can't ID the decrypted |
37 |
token using its knowledge of the encrypted token. |
38 |
5. You can then spend the token, which has an intact signature from |
39 |
the bank validating it. |
40 |
|
41 |
I'd have to dig up the details of how it works, but the idea is that |
42 |
the bank can sign a token without actually seeing its content, while |
43 |
being assured that the content is valid. |
44 |
|
45 |
Overkill perhaps, but an algorithm like this would allow people to |
46 |
anonymously vote in a secure manner. The medium that data is |
47 |
exchanged in could be whatever we want it to be. Generating the token |
48 |
is somewhat interactive, but submitting the ballots is one-way so it |
49 |
could be email, file drop, web, whatever. The token could include a |
50 |
public key for validating a ballot as well. |
51 |
|
52 |
Just some random thoughts. |
53 |
|
54 |
Rich |