This preview shows page 1. Sign up to view the full content.
Unformatted text preview: earch Tips (Publisher: John Wiley & Sons, Inc.) Author(s): Bruce Schneier ISBN: 0471128457 Publication Date: 01/01/96 Search this book:
Go! Previous Table of Contents Next
----------- Chapter 6 Esoteric Protocols
6.1 Secure Elections
Computerized voting will never be used for general elections unless there is a protocol that both maintains individual privacy and prevents cheating. The ideal protocol has, at the very least, these six requirements: 1. Only authorized voters can vote. 2. No one can vote more than once. 3. No one can determine for whom anyone else voted. 4. No one can duplicate anyone else’s vote. (This turns out to be the hardest requirement.) 5. No one can change anyone else’s vote without being discovered. 6. Every voter can make sure that his vote has been taken into account in the final tabulation. Additionally, some voting schemes may have the following requirement: 7. Everyone knows who voted and who didn’t. Before describing the complicated voting protocols with these characteristics, let’s look at some simpler protocols. Simplistic Voting Protocol #1
(1) Each voter encrypts his vote with the public key of a Central Tabulating Facility (CTF). (2) Each voter sends his vote in to the CTF. (3) The CTF decrypts the votes, tabulates them, and makes the results public. This protocol is rife with problems. The CTF has no idea where the votes are from, so it doesn’t even know if the votes are coming from eligible voters. It has no idea if eligible voters are voting more than once. On the plus side, no one can change anyone else’s vote; but no one would bother trying to modify someone else’s vote when it is far easier to vote repeatedly for the result of your choice. Simplistic Voting Protocol #2
(1) Each voter signs his vote with his private key. (2) Each voter encrypts his signed vote with the CTF’s public key. (3) Each voter sends his vote to a CTF. (4) The CTF decrypts the votes, checks the signatures, tabulates the votes, and makes the results public. This protocol satisfies properties one and two: Only authorized voters can vote and...
View Full Document
- Fall '10