Re: Reaffirm public voting

To: debian-vote@lists.debian.org
Subject: Re: Reaffirm public voting
From: Timo Röhling <roehling@debian.org>
Date: Sat, 5 Mar 2022 21:33:25 +0100
Message-id: <[🔎] 20220305203325.hcv2gxgg537m7zhj@mail.gaussglocke.de>
Mail-followup-to: debian-vote@lists.debian.org
In-reply-to: <[🔎] 87k0d8b304.fsf@hope.eyrie.org>
References: <[🔎] YiHtKyWt2LhDLGVV@layer-acht.org> <[🔎] 87o82kbaub.fsf@hope.eyrie.org> <[🔎] 9bb7b7b7-0c37-bdce-1fee-d34c6411607d@debian.org> <[🔎] 87k0d8b304.fsf@hope.eyrie.org>

* Thomas Goirand <zigo@debian.org>:

1- vote-privacy: the fact that a particular voter voted in a particular
way is not revealed to anyone.
2- Receipt-freeness: a voter does not gain any information (a receipt)
which can be used to prove to a coercer that she voted in a certain way.
3- Coercion-resistance: a voter cannot cooperate with a coercer to prove
to him that she voted in a certain way.
4- Individual verifiability: a voter can check that her own ballot is
included in the election's bulletin board.
5- Universal verifiability: anyone can check that the election outcome
corresponds to the ballots published on the bulletin board.
6- Eligibility verifiability: anyone can check that each vote in the
election outcome was cast by a registered voter and there is at most one
vote per voter.


* Russ Allbery <rra@debian.org>:

I'm personally more interested in using something like Belenios than just
replicating the DPL election scheme mostly because I'm unsure that the DPL
election scheme has had sufficient security analysis and I'd prefer to see
us move onto the firmer footing of a voting system that's had a published
rigorous analysis of its properties and I'm not aware of one for our
current DPL election system.  (I would love to be corrected if one does
exist.)

That analysis is quickly done:

Property 1 holds contigent on the security of HMAC-SHA256
and discounting side channel attacks on the voting server itself.
[Technically, it's violated because the secretary can see all votes,
but I don't think that is a problem in our use-case.]

Property 2 is violated if the vote is confirmed in a
signed email like the public votes (I can't say because I never
participated in a DPL election yet).

Property 3 is violated because the HMAC key can be passed on.

Property 4 holds, as does property 5, because all ballots are
published with the corresponding HMAC_SHA256_HEX values.

Property 6 is violated, because you can trivially add arbitrary
ballots with random HMAC_SHA256_HEX values (unless the voter turnout
is 100%, which seems rather unlikely).

I'm also in favor of using a Belenios derivative, especially since
Stephane already agreed to help us adopt the system for Debian. We
can probably even reduce the complexity a bit because we can live
with a weakened form of property 1 (that is, the secretary may learn
the voting behavior of individual DDs).


Cheers
Timo

--
⢀⣴⠾⠻⢶⣦⠀   ╭────────────────────────────────────────────────────╮
⣾⠁⢠⠒⠀⣿⡁   │ Timo Röhling                                       │
⢿⡄⠘⠷⠚⠋⠀   │ 9B03 EBB9 8300 DF97 C2B1  23BF CC8C 6BDD 1403 F4CA │
⠈⠳⣄⠀⠀⠀⠀   ╰────────────────────────────────────────────────────╯

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Reaffirm public voting
  - From: Russ Allbery <rra@debian.org>

References:
- Reaffirm public voting
  - From: Holger Levsen <holger@layer-acht.org>
- Re: Reaffirm public voting
  - From: Russ Allbery <rra@debian.org>
- Re: Reaffirm public voting
  - From: Thomas Goirand <zigo@debian.org>
- Re: Reaffirm public voting
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Re: Reaffirm public voting
Next by Date: Re: Reaffirm public voting
Previous by thread: Re: Reaffirm public voting
Next by thread: Re: Reaffirm public voting
Index(es):
- Date
- Thread