this post was submitted on 28 Feb 2024
1393 points (93.6% liked)
tumblr
3432 readers
199 users here now
Welcome to /c/tumblr, a place for all your tumblr screenshots and news.
Our Rules:
-
Keep it civil. We're all people here. Be respectful to one another.
-
No sexism, racism, homophobia, transphobia or any other flavor of bigotry. I should not need to explain this one.
-
Must be tumblr related. This one is kind of a given.
-
Try not to repost anything posted within the past month. Beyond that, go for it. Not everyone is on every site all the time.
-
No unnecessary negativity. Just because you don't like a thing doesn't mean that you need to spend the entire comment section complaining about said thing. Just downvote and move on.
Sister Communities:
-
/c/TenForward@lemmy.world - Star Trek chat, memes and shitposts
-
/c/Memes@lemmy.world - General memes
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This is inconsistent with the preservation of democracy, as it allows a third party to confirm exactly who you voted for, and reimburse or punish you for it.
Mainly you'll have to tweak point 3, to use existing E2E.verified voting approaches which are only tangentially related to asymmetric encryption (and private keys).
We might use asymmetric encryption and private keys for some parts of identity verification, but you wouldn't sign your ballot with it.
This is just the problem between the chair and keyboard how to implement the rest of encryption to enforce anonymity of the vote.
My point was that you can't do symetric key efficiently when you don't have assymetric key confirmed by both parties.
I agree that for example you can vote anonymously just by using dedicated software on your computer that will identify you and then sign and encrypt payload that you can send anonymously from wherever you want - even from the moon. Just make sure we don't include any metadata in signed and encrypted file.
And actually I am missing point 8
That's not what that phrase means. Ensuring anonymity requires a fundamentally different process than signing with an asymmetric key -- involving zero-knowledge proofs, a separate theory from cryptography. A PEBCAK would be when the process is correct and unchanged, but the human (in the chair, at the keyboard) does something contrary (or otherwise inconsistent) with the process.
And yes, the software must be distributed consistent with the OSI's definition of open source. (Or consistent with the Debian Free Software Guidelines, which are older but substantially the same, even if it is not packaged for Debian.)