you don’t need to be an aviation expert to trust the plane will fly.
likewise e-voting systems pass through cryptography experts auditing to verify it does what it says it does.
said that the voting solution can also provide cryptographic proof that your vote was unaltered, and accounted for, without need to expose your actual vote.
the claims about database altering, are also false as the vote is cryptographically signed and unalterable.
also there is another feature where you can recast vote on top of your previous one and the last vote will be the valid one. This is crucial for countries where the bad guys can come at your place and under distress (gun) force your vote. you can then recast safely invalidating the forced vote.
e-voting solutions is really interesting and in an alternate reality I think we could have had a mainstream e-voting and more even direct-democracy vs our current democracy by proxy (elected officials)
each citizen gets an anonymized private key via a secure channel (eg. postal) and use that to vote.
votes are double enveloped:
outer envelop: anonymized id
+ inner envelop: vote.
mixnet separates the votes and cryptographically shuffles them to decouple relationships.
only at the end the shuffled votes are decrypted using the private key of the election itself that was split using shamir secret sharing (eg 5 out of 7 shares to reconstruct)
the thing that’s not clear from the article and it’s a shame is that it seems the failure was the hardware (the 3 USB keys) not the election software. This could be simply avoided by having redundancy on the hardware (2 USBs per share) or more shares themselves (5 out of 9 shares)
Weirdly this reminds me of the Raft consensus protocol: two nodes cancel each other when failing consensus as you can't tell which is the valid one, three gives you better chances, if one fails you have the other two that can get consensus. Of course in the off chance you have two failures you cannot get consensus with the only living node. Adding another two nodes make you robust to two failures.
Now replace fail with lying and you have the exact same problem.
likewise e-voting systems pass through cryptography experts auditing to verify it does what it says it does.
said that the voting solution can also provide cryptographic proof that your vote was unaltered, and accounted for, without need to expose your actual vote.
the claims about database altering, are also false as the vote is cryptographically signed and unalterable.
also there is another feature where you can recast vote on top of your previous one and the last vote will be the valid one. This is crucial for countries where the bad guys can come at your place and under distress (gun) force your vote. you can then recast safely invalidating the forced vote.
e-voting solutions is really interesting and in an alternate reality I think we could have had a mainstream e-voting and more even direct-democracy vs our current democracy by proxy (elected officials)