On Wed, Apr 07, 2004 at 03:42:47PM -0400, Ian Grigg wrote:
Trei, Peter wrote:
Frankly, the whole online-verification step seems like an unneccesary complication.
It seems to me that the requirement for after-the-vote verification ("to prove your vote was counted") clashes rather directly with the requirement to protect voters from coercion ("I can't prove I voted in a particular way.") or other incentives-based attacks.
You can have one, or the other, but not both, right?
Suppose individual ballots weren't usable to verify a vote, but instead confirming data was distributed across 2-3 future ballot receipts such that all of them were needed to reconstruct another ballot's vote. It would then be possible to verify an election with reasonable confidence if a large number of ballot receipts were collected, but individual ballot receipts would be worthless. [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]