User:Icyflame/Metakgp Suggested Voting System (Proposal)
This page goes on to detail a secure, anonymous voting system where N voters to vote 1 person among K candidates.
Major Flaw: This was a system that I (@Icyflame) came up with, mainly for fun. It can't be used because once the nonce values are released then the votes don't remain anonymous anymore.
System[edit | edit source]
Before the poll[edit | edit source]
- Prepare the voter list. This is a list of publicly known identifier for every voter. This list is public
- Every voter on the voter list is identified by a unique string generated by hashing an identifier that identifies the voter (publicly known) (eg: email address) and a nonce (known only the organizing party) (eg: timestamp)
- This identifier is sent to the voter, through a private medium (eg: email, private message, RSA / PGP Encrypted key exchange if inherent security of the medium is questionable)
Casting a vote[edit | edit source]
- Each vote is the hash of the private identifier of a voter, followed by the unique identifier of one of the candidates (lowercase string matching [a-z]+)
- This checksum is now published publicly (such as a Wiki talk page, or added to a Google Sheet) by every voter
Counting the votes[edit | edit source]
- Once all votes have been cast, the list of votes will be read-only, and no one will be able to edit it. This includes the voters, candidates, and the organizing party
- For every voter, the checksums are calculated for every candidate's unique identifier (calculation of N*K checksums using the chosen hash algorithm)
- At this point, we have a list of N checksum strings for every one of the K candidates
- Inclusion check for every one of the votes in one of the K lists, will give us the count of votes cast for every candidate
Post polling process[edit | edit source]
- Organizing party will now release the list of unique identifiers and nonces used for every voter, so that a voter can make the counts for themselves
Analysis of the system[edit | edit source]
- As the list of votes is public, the total number of votes cast is known to all parties, and voter fraud through votes being cast for non-existent people is not a threat (cross-referenced with the voter list, which is also public)
- Since every vote requires a private identifier, voter fraud through impersonation is not possible (as long as the private exchange medium is sufficiently secure)
- A non-zero resource cost is involved in calculating the N*K hashes for the candidates. Although, this is very minimal. On a 4-core Intel i5 machine with 8 GB of RAM, 1 million SHA 256 digests can be calculated in ~12 seconds, with Ruby's inbuilt Crypto library.
- Ensuring that the checksum is correctly generated is the voter's responsibility (tools: using an online tool or sha256sum / sha1sum inside coreutils)
- This process assumes the presence of a willing party who will organize the process and finally count the votes and subsequently release the nonce values
- The organizing party need not be trusted by any of the parties. Tampering is not possible because at the end of the process the nonces are published, any party able to prove malpractice can force a re-election
- This process assumes that all voters will have access to a computer and an internet connection during the period of voting
- Suggested hashing algorithm is SHA256, with Hex checksums which have a length of 64 when
Possible issues?[edit | edit source]
- Once the nonce values are released, the votes don't remain anonymous anymore. Using the nonce values and publicly known identifiers that were used for every user, the private keys sent to each of the voters can be computed. Following this, the hash values computed using these private keys and the candidate identifiers can be computed, and a simple search will revel who voted for whom.
- The private identifier key exchange is the most cumbersome in this whole process