Chaumian blinding & public voting?

howiegoodell at comcast.net howiegoodell at comcast.net
Fri Oct 31 14:07:02 PST 2003 

Hello --

David Chaum has a new system that is an optical one-time pad.  It requires a 
printer that prints squares on both sides of a transparent 2-layer ballot.  To 
the voter it looks like ordinary printing with a solid black border.  Then s/he 
separates the layers, hands one in for counting and either tosses or takes home 
the other.  Each layer by itself appears random (both border and text become a 
random hash), but several organizations successively applying their keys can 
reveal the totals while scrambling the individual identities.  No individual 
organization, or even the polling place computers, can tamper with the result 
without a high probability of being caught; the voter can't prove how they 
voted, and the voter and each of the organizations can verify that their vote or 
handling was preserved.  

This is based on my recollection of his talk last Spring; see if he's posted 
something online.

Howie Goodell

--
         Howie Goodell 
Controls, Embedded, and UI Software
CompSci Doctoral Cand.  UMass Lowell
Howie at GoodL.org  http://GoodL.org
> 
> Is is possible to use blinding (or other protocols) so that all votes
> are published, you can check that your vote is in there, and you
> (or anyone) can run the maths and verify the vote?   Without being
> able to link people to votes without their consent.
> 
> Currently voting is trusted because political adversaries supervise the
> process.
> Previously the mechanics were, well, mechanical, ie, open for
> inspection.
> The current genre of voting machines.. well, you know the scam.
> And still reliant on a few adversarial human monitors.
> 
> Something like this:
> The day after elections a list of hex codes -votes- are published.  You
> can find
>  in that list the code that you received (on paper) when you voted, to
> verify
> that your vote counted.
> You can run an algorithm on any subset of codes, including just
> your own, and learn which candidate that code corresponds to.
> Everyone can run on the entire dataset, verifying the tally.
> You don't have to divulge which code is yours if you want it
> to remain secret.  Perhaps the code could contain not only
> the intended vote, but a unique voter ID so that hexcodes could
> not be added to the dataset (cf dead people not allowed to vote except
> in Chicago) without setting off alarms.
> Perhaps anyone could verify that someone voted, or not, but could
> not figure who they voted for without their cooperation.
> 
> Apologies if I should know this, I haven't gotten my head around
> all the M of N, blinding, database translucency, etc protocols.
> 
> 
> 
>  E3-I: This message has been scanned for viruses and dangerous content by UML's 
> antivirus scanning services.

More information about the cypherpunks-legacy mailing list