Re: DEP-16 Confidential votes

To: Russ Allbery <rra@debian.org>
Cc: debian-project@lists.debian.org
Subject: Re: DEP-16 Confidential votes
From: Timo Röhling <timo@gaussglocke.de>
Date: Wed, 14 Apr 2021 18:57:08 +0200
Message-id: <[🔎] 20210414165708.6g33r3flj3kazydn@mail.gaussglocke.de>
Mail-followup-to: Russ Allbery <rra@debian.org>, debian-project@lists.debian.org
In-reply-to: <[🔎] 87k0p594ss.fsf@hope.eyrie.org>
References: <[🔎] 20210413223159.6revqwltushn5t7x@mail.gaussglocke.de> <[🔎] 87k0p594ss.fsf@hope.eyrie.org>

* Russ Allbery <rra@debian.org> [2021-04-13 15:51]:

As Kurt mentioned (but buried in one of those debian-vote threads), take a
look at Belenios if you aren't already familiar with it.
As a bonus, the developer is a member of the Debian project.

I certainly wouldn't mind if Stephane were willing to help us setup
a nifty e-voting solution and advise us on the best way to proceed.

My main concern is that Belenios might actually be a bit too powerful
(and therefore unnecessarily complex), because we do not need most of
the strong privacy guarantees.

Correct me if I am wrong, but as far as I understood it, we cannot avoid
that *someone* in the project has the opportunity to connect ballots
with voters (because someone has to administrate the registrar), unless
we involve a third party in the credential generation. In that case, we
might just as well bite the bullet and let the Secretary tally the votes
just as it is done right now. And let's not forget that any server
application we do not need to host is a server application that can't be
hacked.

Besides, I don't think we need to worry very much that the Secretary
might leak individual voting behavior, because if a leak occurs, he or
she will be the prime suspect pretty much instantly, which creates a
powerful disincentive.

With these assumptions, the current scheme using pseudonym hashes is
almost good enough, it just lacks a way to prove that each pseudonym
really matches with exactly one voter. That is a much simpler problem to
solve: my proposal is basically an adaptation of the
Chaum-Fiat-Naor protocol, which solves a related problem for blind
signatures on money checks (to be precise, it is the part
that convinces the signer that the data is correct without actually
seeing the data).

With all that being said and having made my case, I am open for any
reasonably secure solution (including Belenios) that we can agree on,
and I will help implement it if I can.

Cheers
Timo

--
⢀⣴⠾⠻⢶⣦⠀   ╭────────────────────────────────────────────────────╮
⣾⠁⢠⠒⠀⣿⡁   │ Timo Röhling                                       │
⢿⡄⠘⠷⠚⠋⠀   │ 9B03 EBB9 8300 DF97 C2B1  23BF CC8C 6BDD 1403 F4CA │
⠈⠳⣄⠀⠀⠀⠀   ╰────────────────────────────────────────────────────╯

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: DEP-16 Confidential votes
  - From: Stéphane Glondu <glondu@debian.org>

References:
- Re: Re: DEP-16 Confidential votes
  - From: Timo Röhling <timo@gaussglocke.de>
- Re: DEP-16 Confidential votes
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Re: DEP-16 Confidential votes
Next by Date: Re: DEP-16 Confidential votes
Previous by thread: Re: DEP-16 Confidential votes
Next by thread: Re: DEP-16 Confidential votes
Index(es):
- Date
- Thread