On Thu, Apr 04, 2002 at 10:10:39AM -0500, Andrew Pimlott wrote:
> I grant you that it is susceptible to someone who "gets to" you
> before the vote. This seems very hard to defend: the enemy can just
> insist that you send him your signed vote, and let him submit it.
> To beat this, you would have to be able to revoke the coerced vote
> in a way that makes the enemy think the vote he sent was counted,
> but makes you certain that yours was counted and his was not. Too
> hard for me.
Actually, it's pretty easy. As part of the vote, you have an "order id",
and whichever of these is highest, no matter what order the votes were
received in, is accepted. So you give the bully the vote he wants, with
`one bazillion' in the order field, and then submit the vote you really
wanted with `one bazillion and one' in the order field. You need to be
careful with your acks and naks in this case though.
> Obviously, the server rejects duplicate id's (and forces the voter
> to resubmit). Ok, there is a slight problem: if the secretary is
> crooked, and two people submit the same id and the same vote, he can
> forge a vote. But if people are told to choose their id's randomly,
> the chance can be made negligible.
It's trivial for Debian users to generate high quality 128 bit random
numbers, so it's also trivial to avoid collisions with something so near
to certainty it's not worth worrying about.
Cheers,
aj
--
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.
Vote [1] Bdale!
Attachment:
pgpK3AGLoFWbG.pgp
Description: PGP signature