applied cryptography - protocols, algorithms, and source code in c

And if alice discovers that the ctf changed her vote

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: no one can vote more than once—the CTF would record votes received in step (3). Each vote is signed with the voter’s private key, so the CTF knows who voted, who didn’t, and how often each voter voted. If a vote comes in that isn’t signed by an eligible voter, or if a second vote comes in signed by a voter who has already voted, the facility ignores it. No one can change anyone else’s vote either, even if they intercept it in step (3), because of the digital signature. The problem with this protocol is that the signature is attached to the vote; the CTF knows who voted for whom. Encrypting the votes with the CTF’s public key prevents anyone from eavesdropping on the protocol and figuring out who voted for whom, but you have to trust the CTF completely. It’s analogous to having an election judge staring over your shoulder in the voting booth. These two examples show how difficult it is to achieve the first three requirements of a secure voting protocol, let alone the others. Voting with Blind Signatures We need to somehow dissociate the vote from the voter, while still maintaining authentication. The blind signature protocol does just that. (1) Each voter generates 10 sets of messages, each set containing a valid vote for each possible outcome (e.g., if the vote is a yes or no question, each set contains two votes, one for “yes” and the other for “no”). Each message also contains a randomly generated identification number, large enough to avoid duplicates with other voters. (2) Each voter individually blinds all of the messages (see Section 5.3) and sends them, with their blinding factors, to the CTF. (3) The CTF checks its database to make sure the voter has not submitted his blinded votes for signature previously. It opens nine of the sets to check that they are properly formed. Then it individually signs each message in the set. It sends them back to the voter, storing the name of the voter in its database. (4) The voter unblinds the messages and is left with a se...
View Full Document

{[ snackBarMessage ]}

Ask a homework question - tutors are online