this post was submitted on 28 Feb 2024
1396 points (93.7% liked)

tumblr

3432 readers
283 users here now

Welcome to /c/tumblr, a place for all your tumblr screenshots and news.

Our Rules:

  1. Keep it civil. We're all people here. Be respectful to one another.

  2. No sexism, racism, homophobia, transphobia or any other flavor of bigotry. I should not need to explain this one.

  3. Must be tumblr related. This one is kind of a given.

  4. Try not to repost anything posted within the past month. Beyond that, go for it. Not everyone is on every site all the time.

  5. No unnecessary negativity. Just because you don't like a thing doesn't mean that you need to spend the entire comment section complaining about said thing. Just downvote and move on.


Sister Communities:

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[โ€“] vane@lemmy.world -1 points 8 months ago* (last edited 8 months ago) (1 children)

This is just the problem between the chair and keyboard how to implement the rest of encryption to enforce anonymity of the vote.

My point was that you can't do symetric key efficiently when you don't have assymetric key confirmed by both parties.

I agree that for example you can vote anonymously just by using dedicated software on your computer that will identify you and then sign and encrypt payload that you can send anonymously from wherever you want - even from the moon. Just make sure we don't include any metadata in signed and encrypted file.

And actually I am missing point 8

  1. All software dedicated to this process must be open source
[โ€“] bss03@infosec.pub 1 points 8 months ago* (last edited 8 months ago)

This is just the problem between the chair and keyboard how to implement the rest of encryption to enforce anonymity of the vote

That's not what that phrase means. Ensuring anonymity requires a fundamentally different process than signing with an asymmetric key -- involving zero-knowledge proofs, a separate theory from cryptography. A PEBCAK would be when the process is correct and unchanged, but the human (in the chair, at the keyboard) does something contrary (or otherwise inconsistent) with the process.

And yes, the software must be distributed consistent with the OSI's definition of open source. (Or consistent with the Debian Free Software Guidelines, which are older but substantially the same, even if it is not packaged for Debian.)