| 1 |
On Thu, Jul 17, 2014 at 12:48 PM, email@×××××××××××××××××.com |
| 2 |
<email@×××××××××××××××××.com> wrote: |
| 3 |
> Elections should not be transparent, voters should be anonymous so that |
| 4 |
> people are more likely to actually vote. |
| 5 |
|
| 6 |
Tend to agree. |
| 7 |
|
| 8 |
I was actually thinking of ways to improve upon things. |
| 9 |
|
| 10 |
One thought I had was an e-cash like system. Voters would be given |
| 11 |
credit to make a single vote in the form of an e-cash-like token, with |
| 12 |
a serial number. The user generates the serial number, and the voting |
| 13 |
system would not know who has what serial number, but it would know |
| 14 |
that legitimate users can only generate one each. |
| 15 |
|
| 16 |
Then voters would give the token to the voting system and record their |
| 17 |
vote. The master ballot would include the serial numbers, so voters |
| 18 |
could check that their ballots are present, and assure themselves that |
| 19 |
the total count looks OK. |
| 20 |
|
| 21 |
The software itself could be something standard - there are lots of |
| 22 |
solutions already out there. The only thing that would be tweaking is |
| 23 |
that we need software to sign tokens, and software to check/redeem |
| 24 |
them. |
| 25 |
|
| 26 |
In case anybody isn't familiar with e-cash, the principle is this: |
| 27 |
1. You generate 1000 tokens with unique serial numbers and encrypt |
| 28 |
them all with 1000 private keys and give all the encrypted tokens to |
| 29 |
the "bank." |
| 30 |
2. The bank picks 999 of the tokens and asks you to send their |
| 31 |
corresponding private keys. The bank checks that all 999 are valid, |
| 32 |
and you get in trouble if any aren't. |
| 33 |
3. If all are valid, then the bank signs the 1000th token blindly and |
| 34 |
sends it back to you. |
| 35 |
4. You then decrypt the signed token - the algorithm preserves the |
| 36 |
signature integrity and ensures that the bank can't ID the decrypted |
| 37 |
token using its knowledge of the encrypted token. |
| 38 |
5. You can then spend the token, which has an intact signature from |
| 39 |
the bank validating it. |
| 40 |
|
| 41 |
I'd have to dig up the details of how it works, but the idea is that |
| 42 |
the bank can sign a token without actually seeing its content, while |
| 43 |
being assured that the content is valid. |
| 44 |
|
| 45 |
Overkill perhaps, but an algorithm like this would allow people to |
| 46 |
anonymously vote in a secure manner. The medium that data is |
| 47 |
exchanged in could be whatever we want it to be. Generating the token |
| 48 |
is somewhat interactive, but submitting the ballots is one-way so it |
| 49 |
could be email, file drop, web, whatever. The token could include a |
| 50 |
public key for validating a ballot as well. |
| 51 |
|
| 52 |
Just some random thoughts. |
| 53 |
|
| 54 |
Rich |
Archives