On Thu, Apr 04, 2002 at 10:10:39AM -0500, Andrew Pimlott wrote: > I grant you that it is susceptible to someone who "gets to" you > before the vote. This seems very hard to defend: the enemy can just > insist that you send him your signed vote, and let him submit it. > To beat this, you would have to be able to revoke the coerced vote > in a way that makes the enemy think the vote he sent was counted, > but makes you certain that yours was counted and his was not. Too > hard for me. Actually, it's pretty easy. As part of the vote, you have an "order id", and whichever of these is highest, no matter what order the votes were received in, is accepted. So you give the bully the vote he wants, with `one bazillion' in the order field, and then submit the vote you really wanted with `one bazillion and one' in the order field. You need to be careful with your acks and naks in this case though. > Obviously, the server rejects duplicate id's (and forces the voter > to resubmit). Ok, there is a slight problem: if the secretary is > crooked, and two people submit the same id and the same vote, he can > forge a vote. But if people are told to choose their id's randomly, > the chance can be made negligible. It's trivial for Debian users to generate high quality 128 bit random numbers, so it's also trivial to avoid collisions with something so near to certainty it's not worth worrying about. Cheers, aj -- Anthony Towns <email@example.com> <http://azure.humbug.org.au/~aj/> I don't speak for anyone save myself. GPG signed mail preferred. Vote  Bdale!
Description: PGP signature