[kwlug-disc] Say No To Electronic Voting ...

Mikalai Birukou mb at 3nsoft.com
Sat Aug 8 08:47:51 EDT 2020 

>> The tension is between having either an end-to-end verification or coercion
>> resistance. Can have either one, but not both.
> Something tells me that with the zero-knowledge systems and recent
> inventions like zerocash and zerocoin, this statement is not actually
> true anymore.

Verification in election means that voter can verify that vote is 
correctly recorded. Voting system becomes an oracle that answers some 
question, and depending, on the answer you can tell that vote is 
correctly recorded.

Let's combine human coercion setting with oracle:

1) Coercer has access to voter's voting material, ids, keys, etc.

2) Coercer uses voting material together with expected, coerced vote 
values to form a request to an oracle.

3) Coercer checks oracle's reply. Reply indicates if voter put expected 
vote, or not. Thus, coercer checks if victim did "the right thing", 
closing coercion loop of information, i.e. verification by an attacker.


Note that it doesn't matter what sort of mathematics is involved. It 
doesn't matter if votes are mixed in some complex calculation or not. 
All that is important here is a presence of oracle to check one's vote.

If you don't have an oracle to do checking, you'd have to trust some 
server, and server becomes a point of failure that can be quietly hacked.


When you put paper into a ballot box, there are no oracle for checks:

1) We assume that paper is in the box, cause this is how physical 
objects behave.

2) We also assume that pencil marks on paper don't change location, 
while in box. Pencil marks don't move themselves.


With paper we rely on an overall physical setting. Thus, we don't really 
ask for an oracle in paper counting. We do ask for observation, to see 
that nothing happens with the ballot box, that assumed invariants stay true.


Seriously, tell us what particular algorithms/approaches can give an 
oracle without coercion downside. Let's hack it together.

<fuming like you>

I am also pissed by the fact that common statements about privacy in 
election don't convey particular aspect of a problem. Phrase "no 
anonymity with secure e-voting" is true, but it is abstract enough to 
make us think that some advances in crypto can fix it. Yet, oracle dance 
happens on a more general (fundamental) level of info flow. In other 
words, that description with oracle is close to being "for any oracle", 
thus, is close to real "no-go" proof. Abstract enough wording leaves 
room for grant-writing, but it keeps our emotional hopes a bit too high. 
I wish academics didn't have to write grant proposals. (What is scream 
emoji?)

</fuming like you>

More information about the kwlug-disc mailing list