Timo Röhling <[email protected]> writes: > I would like to implement a cryptographic protocol that provides the > same level of verifiability for secret votes as the currently used > public votes. In particular, I would like to see some additional proof > that the published hash values actually belong to eligible voters.
As Kurt mentioned (but buried in one of those debian-vote threads), take a look at Belenios if you aren't already familiar with it. https://www.belenios.org/ It presumably would need some work to be usable for Debian votes due to needing integration with PGP signatures and our keyring, and unfortunately we can't use the really cool homomorphic encryption mode because we want to do Condorcet, but it otherwise seems like the right sort of direction. As a bonus, the developer is a member of the Debian project. I would rather an existing system like that, which has already undergone some cryptographic peer review, than for us to try to come up with something novel. Secure online voting is an insanely hard problem, and while we have enough unique conditions that we can probably relax the constraints that make it unsafe for general population political elections, there are still a lot of ways it can go wrong that are very inobvious. -- Russ Allbery ([email protected]) <https://www.eyrie.org/~eagle/>
