Re: Spec for anonymous voting



Ross Golder wrote:

>On Wed, 2005-06-01 at 20:38 +0200, David Neary wrote:
>  
>
>>The hash is then encrypted with the election committee private key, to 
>>prevent just anyone from generating a voting token, but to allow the 
>>election committee to generate one at will for a user [4,5].
>>    
>>
>
>Wouldn't encrypting the hash require that the recipient has d/led and
>installed the election committee's public key, and that the user has
>some basic knowledge of public key encryption such that they can decrypt
>their token (user #3 may have trouble here).
>
>Did you mean that the hash would be 'signed' with the elections
>committee private key?
>  
>
>From my reading of the document, the intent was to encrypt the hash, and
use the encrypted hash as the token.

This is so that people can't generate new voting tokens in order to vote
as other people, however it isn't clear from the description how this is
better than using randomly generated tokens.

In fact, it seems less anonymous than randomly generated tokens:
assuming the tokens are published along with the election ballots (which
would be required in order for a member to verify their vote), you could
find out how someone voted by doing the following:

   1. hash their (firstname, surname, email) triple
   2. decrypt all the voting tokens using the election committee public key
   3. see which voting token matches the hash

James.




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]