Comments on: delegated democracy http://www.coriolinus.net/2008/05/27/delegated-democracy/ read, and be entertained Sat, 20 Feb 2010 13:03:08 +0000 hourly 1 By: Explodicle http://www.coriolinus.net/2008/05/27/delegated-democracy/comment-page-1/#comment-1504 Explodicle Thu, 29 May 2008 18:19:47 +0000 http://www.coriolinus.net/?p=2144#comment-1504 Why is that? Someone could get hurt. Why is that? Someone could get hurt.

]]> By: coriolinus http://www.coriolinus.net/2008/05/27/delegated-democracy/comment-page-1/#comment-1503 coriolinus Thu, 29 May 2008 14:10:18 +0000 http://www.coriolinus.net/?p=2144#comment-1503 No, but those cases are more suitable for police intervention than a technological fix. No, but those cases are more suitable for police intervention than a technological fix.

]]> By: Explodicle http://www.coriolinus.net/2008/05/27/delegated-democracy/comment-page-1/#comment-1502 Explodicle Thu, 29 May 2008 13:57:53 +0000 http://www.coriolinus.net/?p=2144#comment-1502 What if that spy is offering a bribe or threatening me? Refusing to vote wouldn't always be an option. What if that spy is offering a bribe or threatening me? Refusing to vote wouldn’t always be an option.

]]> By: coriolinus http://www.coriolinus.net/2008/05/27/delegated-democracy/comment-page-1/#comment-1501 coriolinus Thu, 29 May 2008 01:00:59 +0000 http://www.coriolinus.net/?p=2144#comment-1501 I think you may have misunderstood me. The public key published by the polling authority is only useful for encrypting messages directed to the polling authority; it is a single key, widely published and well-known so that people can trust that it is authentic (not subject to man-in-the-middle attacks). You sign your vote with your own, personal private key, so that it can be verified using your public key. Both of your own keys are generated by you, at your leisure, on a computer you trust. When you register to vote, you do not receive any sort of key or passphrase from them (except possibly a copy of its public key if you do not already have it in your possession). Instead, you bring to them a copy of your public key, which you certify to be yours (so that they can trust that your signed vote--signed with your private key--had not been altered by a man in the middle). You vote from the privacy of your own home, or wherever you find to be most comfortable a place to compute, and email the vote in. Email is inherently insecure, but public key cryptography is not known to be insecure. Adding protections against people known to be spying on you seems an odd protection to add--all you have to do is refrain from voting while that person is hanging around. I think you may have misunderstood me. The public key published by the polling authority is only useful for encrypting messages directed to the polling authority; it is a single key, widely published and well-known so that people can trust that it is authentic (not subject to man-in-the-middle attacks). You sign your vote with your own, personal private key, so that it can be verified using your public key. Both of your own keys are generated by you, at your leisure, on a computer you trust. When you register to vote, you do not receive any sort of key or passphrase from them (except possibly a copy of its public key if you do not already have it in your possession). Instead, you bring to them a copy of your public key, which you certify to be yours (so that they can trust that your signed vote–signed with your private key–had not been altered by a man in the middle).

You vote from the privacy of your own home, or wherever you find to be most comfortable a place to compute, and email the vote in. Email is inherently insecure, but public key cryptography is not known to be insecure. Adding protections against people known to be spying on you seems an odd protection to add–all you have to do is refrain from voting while that person is hanging around.

]]> By: Explodicle http://www.coriolinus.net/2008/05/27/delegated-democracy/comment-page-1/#comment-1499 Explodicle Wed, 28 May 2008 21:03:19 +0000 http://www.coriolinus.net/?p=2144#comment-1499 I like where you're going with this. However, I think the process you suggest could be tweaked a little to require a single passphrase and ensure a secret ballot even if someone is watching you from the moment you leave the registration office. Instead of having the polling authority publish a single public key for everyone, I think it would be better if each voter got his own pair of keys at registration and kept both secret (except leaving the decode key with the voting authority). They could be generated by a passphrase that is run through a cryptographic hash function, so the voter never has to memorize anything too difficult or write anything down. That way, even if a bad guy watches you vote, you can just type the wrong passphrase and he will have no way of verifying it. I like where you’re going with this. However, I think the process you suggest could be tweaked a little to require a single passphrase and ensure a secret ballot even if someone is watching you from the moment you leave the registration office.

Instead of having the polling authority publish a single public key for everyone, I think it would be better if each voter got his own pair of keys at registration and kept both secret (except leaving the decode key with the voting authority). They could be generated by a passphrase that is run through a cryptographic hash function, so the voter never has to memorize anything too difficult or write anything down.

That way, even if a bad guy watches you vote, you can just type the wrong passphrase and he will have no way of verifying it.

]]>