|
|
Problem here is several,
Computers can not be trusted.
Humans from any single organization can not be trusted.
(I assume some small centralized over site by several opposing parties is safe)
Communication network can not be trusted.
Any cryptographic system based on Primes can be cracked with sufficient CPU power, or Quantum computers.
This covers all DES, AES, RSA, PGP and public key systems
cryptography seems to ignore information theory, specifically what is needed to extract a signal from noise or alter it.
Based on information theory my system is unbreakable
Other considerations here.
Voters must be protected from coercion, such as from a workers Union that might wish to verify someones vote.
Voters want to verify there vote is counted.
Voters should be protected from physical intimidation at a polling station.
Voters must not be allowed to double vote.
In my system solves all of these,
I use several sets of lists that provide mappings, you can think of them as indexed arrays in flat files.
Step 1.) initial code generation.
Input: a list of registered voters is in the system (list A) This remains Private
Input: a list of candidates, or voting options (list B) This is obviously public
Output: a file of codes and mapping for each candidate (list C) ,
this is the only Data Saved and is withheld to after the election.
Some very small % of codes are shared with other voters from other districts. (duplicates from within a district can be removed)
These duplication of codes is also recorded.
The MD5 Hash of (list C) is made public, call this (HASH C)
Output: Printed Tamper proof paper letters with mailing address to each voter
On this is a set of mappings, 1 per each candidate or option to vote for.
This last set of data, with Mapping is not recorded (Mailers D)
Output: (List D) , this assigns a random voter ID to each mailer, and is kept private,
This contains what numbers were shipped in the mailers, but NOT the mapping in (list C)
For example:
List A: Bob, Tom, Bill
List B: Nixon, Kennedy, Johnson
List C: Nixon = 333,444,555
Kennedy = 344, 455, 566
Johnson = 334, 445, 556
Mailers D: (not recorded, or saved) (orders are scrambled in printout in mailers)
Bob gets Nixon= 333, Kennedy = 455, Johnson = 556 , ID = 7777
Tom gets Nixon= 334, Kennedy = 444, Johnson = 566 , ID = 8888
Bill gets Nixon= 344, Kennedy = 445, Johnson = 555 , ID = 9999
List D: 7777 has 455,333,556 (orders are scrambled )
8888 has 566,334,444
9999 has 555,445, 344
Step 2.) The voting -
Voters do not give personal information.
Bob sends 7777 & 455 over his PC to a web site
Tom enters 8888 & 566 at a voting station
Bill gives 9999 & 445 over the phone using touch tones.
These numbers are collected into (list E) and (list F) this is public
(List E) is just the vote numbers
(List F) is the voter ID and Number.
Since none of these number can be mapped to "what" they are voting for, there is nothing that could allow a third party to Bias these votes, any attempt to alter or miss enter data would result in a even distribution of bias and not impact the end results.
Voters could look online to search for that they had voted for its really in the results, but they wouldn't be 100% positive that this is or isn't there vote.
So they couldn't prove who they had voted for.
The only thing connecting a voter to his vote is the mailer, but since codes are
Step 3.) The results
(List D) is verified against (List F) to detect and correct irregularities in (list E) before (List C) is released
(List C) and (List E) are shared publicly.
(List D) is verified against (List F) to detect irregularities, can be used to remove fraud in (list E) before (List C) is released
At this point anyone can compare list E against C to tabulate what the votes really were.
(List C) can be verified against (HASH C) to prove no tampering had occurred.
Since C was locked up on a CD Rom and guarded by all interested parties, so no one can tamper with this.
Since E may or may not be make public in Real time with a small delay.
By sharing E publicly , no one can tamper with this but there exist some risk of vote verification by third parties who have seen there mailer.
SO:
* Voters remain anonymous
* Voters can not prove what there votes were, protection from coercion.
* Voters can do some rough validation of there votes being counted.
Can make sure there number is present, but can not prove it was from them or some other voter.
* Someone wishing to tamer with the results would have to gain access to the computer that generates (list C)
* Someone wishing to tamer with the results would have to gain access to (list C) But the (HASH C) protects that.
* Someone wishing to tamer with the results would have to open Millions of paper letters, and these would get noticed.
* intervening network, computers and other data collection and tabulation equipment wouldn't need to be trusted.
* voting polling stations could just use regular PC's, or vote over the web, phone, text message, bar codes, anything really
I hope this isn't too complicated, considering it's based on very simple principals.
John
|
