Re: Secret votes HOWTO
On Sat, Mar 31, 2001 at 06:01:35PM -0500, Raul Miller wrote:
> On Sat, Mar 31, 2001 at 02:48:51PM -0800, John H. Robinson, IV wrote:
> > user-supplied random data plus system-generated random data would
> > probably be required, to prevent collision between Alice and Bob both
> > supplying the same random data.
>
> Alternatively, the user's debian-id could be included (since this is
> guaranteed to be unique for any valid voter).
i was thinking something like:
---cut here---
To: vote-counter@debian.org
From: Alice <alice@example.org>
Subject: My Vote
[12345]
3125
To: Alice <alice@example.org>
From: vote-counter-responder@debian.org
Subject: Your vote has been counted
Your ID is 3125-8888
---cut here---
where 3125 is the user supplied, and 8888 is the system supplied.
and the votes would be listed as:
---cut here---
--1-- 3125-0837
12345 3125-8888
54321 7777-5433
the following people voted:
alice bob charlie
---cut here---
or whatever. if you hash it, then the user can't tell if the result has
been mucked with or not.
and if you used debian-id (what is this? the UID on the debian systems?)
then a simple lookup could tell the Thought Police who voted how.
> However, you still need some source of randomness (user-supplied is best,
> I think) to avoid dictionary analysis of the acknowledgement hash.
only if the user could indeed verify that her salt is part of the hash.
otherwise you could get into the ``everyone that votes 12345 gets the
hash of 0xDEADBEEF''
-john
Reply to: