[8547] in cryptography@c2.net mail archive
Re: smartcards, electronic ballots
daemon@ATHENA.MIT.EDU (Dan Geer)
Sun Feb 4 18:56:03 2001
Message-Id: <200102042249.RAA17738@world.std.com>
To: cryptography@c2.net
In-reply-to: Your message of "Sun, 04 Feb 2001 10:38:13 EST."
<3.0.6.32.20010204103813.00868d90@pop.sprynet.com>
Date: Sun, 04 Feb 2001 17:49:02 -0500
From: Dan Geer <geer@world.std.com>
As seems universally the case in security design, there must
be ugly tradeoffs. In particular (and without quoting acres
of prior material), the proposed requirements for verifiability
and non-coercibility are at odds and one must yield to the
other. Paper systems make this tradeoff by, on the one hand,
the polling booth (non-coercibility once within) and, on the
other hand, the supervision of the counting process by opponents
(verifiability by proxy), at a cost of zero technology. Bettering
this in the real world is challenging.
--dan
======================================================================
as used here
verfiability
-- voter may verify that his vote counted as he intended it to count
non-coercibility
-- voter cannot be compelled to show how he voted, during or after
proposition:
If the voter can verify, then he can be coerced to do so.
contrapositive:
If voter cannot be coerced, then he cannot verify.
======================================================================
