[8569] in cryptography@c2.net mail archive
Re: smartcards, electronic ballots
daemon@ATHENA.MIT.EDU (R. Hirschfeld)
Tue Feb 6 14:57:10 2001
Date: Tue, 6 Feb 2001 11:00:45 +0100 (MET)
Message-Id: <UTC200102061000.LAA04544.ray@kayak.cwi.nl>
From: "R. Hirschfeld" <R.Hirschfeld@cwi.nl>
To: geer@world.std.com
Cc: cryptography@c2.net
In-reply-to: <200102042249.RAA17738@world.std.com> (message from Dan Geer on
Sun, 04 Feb 2001 17:49:02 -0500)
Reply-To: ray@unipay.nl
To pick nits, this is not completely accurate. What is at odds with
non-coercibility is the ability to demonstrate to a third party how
one voted. But there are techniques that allow a voter to verify that
his/her vote was counted correctly without being able to prove this to
others. (Not that these are necessarily practical for a real-world
voting system.)
> Date: Sun, 04 Feb 2001 17:49:02 -0500
> From: Dan Geer <geer@world.std.com>
>
>
>
> As seems universally the case in security design, there must
> be ugly tradeoffs. In particular (and without quoting acres
> of prior material), the proposed requirements for verifiability
> and non-coercibility are at odds and one must yield to the
> other. Paper systems make this tradeoff by, on the one hand,
> the polling booth (non-coercibility once within) and, on the
> other hand, the supervision of the counting process by opponents
> (verifiability by proxy), at a cost of zero technology. Bettering
> this in the real world is challenging.
>
> --dan
>
> ======================================================================
> as used here
>
> verfiability
> -- voter may verify that his vote counted as he intended it to count
> non-coercibility
> -- voter cannot be compelled to show how he voted, during or after
>
> proposition:
> If the voter can verify, then he can be coerced to do so.
> contrapositive:
> If voter cannot be coerced, then he cannot verify.
>
> ======================================================================
>
>
>
