* Russ Allbery <email@example.com> [2021-04-13 15:51]:
As Kurt mentioned (but buried in one of those debian-vote threads), take a look at Belenios if you aren't already familiar with it. As a bonus, the developer is a member of the Debian project.
I certainly wouldn't mind if Stephane were willing to help us setup a nifty e-voting solution and advise us on the best way to proceed. My main concern is that Belenios might actually be a bit too powerful (and therefore unnecessarily complex), because we do not need most of the strong privacy guarantees. Correct me if I am wrong, but as far as I understood it, we cannot avoid that *someone* in the project has the opportunity to connect ballots with voters (because someone has to administrate the registrar), unless we involve a third party in the credential generation. In that case, we might just as well bite the bullet and let the Secretary tally the votes just as it is done right now. And let's not forget that any server application we do not need to host is a server application that can't be hacked. Besides, I don't think we need to worry very much that the Secretary might leak individual voting behavior, because if a leak occurs, he or she will be the prime suspect pretty much instantly, which creates a powerful disincentive. With these assumptions, the current scheme using pseudonym hashes is almost good enough, it just lacks a way to prove that each pseudonym really matches with exactly one voter. That is a much simpler problem to solve: my proposal is basically an adaptation of the Chaum-Fiat-Naor protocol, which solves a related problem for blind signatures on money checks (to be precise, it is the part that convinces the signer that the data is correct without actually seeing the data). With all that being said and having made my case, I am open for any reasonably secure solution (including Belenios) that we can agree on, and I will help implement it if I can. Cheers Timo -- ⢀⣴⠾⠻⢶⣦⠀ ╭────────────────────────────────────────────────────╮ ⣾⠁⢠⠒⠀⣿⡁ │ Timo Röhling │ ⢿⡄⠘⠷⠚⠋⠀ │ 9B03 EBB9 8300 DF97 C2B1 23BF CC8C 6BDD 1403 F4CA │ ⠈⠳⣄⠀⠀⠀⠀ ╰────────────────────────────────────────────────────╯
Description: PGP signature