[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Secret votes HOWTO



On Sat, Mar 31, 2001 at 06:01:35PM -0500, Raul Miller wrote:
> On Sat, Mar 31, 2001 at 02:48:51PM -0800, John H. Robinson, IV wrote:
> > user-supplied random data plus system-generated random data would
> > probably be required, to prevent collision between Alice and Bob both
> > supplying the same random data.
> 
> Alternatively, the user's debian-id could be included (since this is
> guaranteed to be unique for any valid voter).

i was thinking something like:
---cut here---
To: vote-counter@debian.org
From: Alice <alice@example.org>
Subject: My Vote

[12345]
3125

To: Alice <alice@example.org>
From: vote-counter-responder@debian.org
Subject: Your vote has been counted

Your ID is 3125-8888
---cut here---

where 3125 is the user supplied, and 8888 is the system supplied.
and the votes would be listed as:

---cut here---
--1-- 3125-0837
12345 3125-8888
54321 7777-5433

the following people voted:
alice bob charlie
---cut here---

or whatever. if you hash it, then the user can't tell if the result has
been mucked with or not. 

and if you used debian-id (what is this? the UID on the debian systems?)
then a simple lookup could tell the Thought Police who voted how.

> However, you still need some source of randomness (user-supplied is best,
> I think) to avoid dictionary analysis of the acknowledgement hash.

only if the user could indeed verify that her salt is part of the hash.
otherwise you could get into the ``everyone that votes 12345 gets the
hash of 0xDEADBEEF''

-john



Reply to: