Slashdot Mirror

← Back to Stories (view on slashdot.org)

Schneier On Self-Enforcing Protocols

Posted by timothy on from the visibility-rocks dept.

Hollow Being writes "In an essay posted to Threatpost, Bruce Schneier makes the argument that self-enforcing protocols are better suited to security and problem-solving. From the article: 'Self-enforcing protocols are safer than other types because participants don't gain an advantage from cheating. Modern voting systems are rife with the potential for cheating, but an open show of hands in a room — one that everyone in the room can count for himself — is self-enforcing. On the other hand, there's no secret ballot, late voters are potentially subjected to coercion, and it doesn't scale well to large elections. But there are mathematical election protocols that have self-enforcing properties, and some cryptographers have suggested their use in elections.'"

8 of 207 comments (clear)

  1. Why? by mets501 · · Score: 3, Insightful

    After reading that, I was left with the feeling that I had no idea what I had read it for. Was it a call to arms? Was it a rant about our whole world? It seemed to offer more problems than solutions...

  2. Show of hands not self-enforcing by Spazmania · · Score: 4, Insightful

    The show of hands is not self-enforcing precisely because a non-secret ballot is subject to coercion. People vote their peers instead of their conscience.

    Selecting a security protocol that adversely alters the results is a common mistake among information security personnel.

    --
    Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
    1. Re:Show of hands not self-enforcing by UnHolier+than+ever · · Score: 4, Insightful

      No, a show of hands *is* self-enforcing *but* not secret, and therefore subject to coercion, which is why it is rarely used. The article alluded to the fact that there may be a self-enforcing, secret protocol, without going into details of what it could be. If it exists, it would be a good idea to use it. It would also have been a good idea to include it in the article....

  3. Errrr, your suggestion is.....? by drdrgivemethenews · · Score: 3, Insightful

    What is the proposed self-enforcing voting protocol? With no suggestion made, what is the interest of this article to the slashdot community?

    1. Re:Errrr, your suggestion is.....? by Otto · · Score: 4, Insightful

      What is the proposed self-enforcing voting protocol?

      Everybody in the same room makes a mark on a ballot, folds it, puts it in a box with an open top, so all can see it is not subject to being rigged, but still not see the actual votes. At the end, the votes are upended on the floor and everybody looks at them, and can count them themselves.

      Less subject to coercion than a show of hands, still not perfect. However, it is self-enforcing, since all can see the results.

      There's other ways as well, but the point is that everybody needs to know how the system works and to be able to follow all the votes all the way through the system to the final count for it to be self-enforcing.

      --
      - Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
  4. Re:You need trust by nedlohs · · Score: 3, Insightful

    Please resubmit your comment in Swedish so we can make fun of your non-native language errors too.

    Should be great since your English was worse than the post you were criticizing.

  5. Re:Bruce Schneier once decrypted a box of AlphaBit by rjstanford · · Score: 4, Insightful

    And when your boss says, "By the way, if you vote for Dan, you get to keep your job - and I want to see your voting receipt to prove it, or out you go!"? That's one of the main reasons that we have private polling in the first place.

    How about going back to the old ways - electronically generating, at the polling place, an anonymous, very clear, human-readable piece of paper describing your vote. Use machines to create as many as you want, one at a time, on special pieces of paper that are handed out either as you walk in the door and get IDd or upon the insertion of your previous one into a shredder. Once you're happy with it, it goes into the voting box which a) saves it, and b) scans it and records the data, unofficially (ie: the piece of paper wins in a recount).

    Dead simple, totally private, and fully auditable. Plus, with an open standard, there could be different types of paper-generating-machines for people with different needs, no problem. No hanging chads, no huge expense, quick access to unofficial results and about as easy a recount procedure as you could ask for.

    Finally, at the end of the day, do it the CA way and have the boxes opened up and tallied by hand for the major issue and a random selection of minor ones at each station. Anyone can watch, and any discrepancy over .1% of the total is assumed to be computer-tampering and triggers a full manual count for all issues at that station, and a more thorough audit to determine the source of the discrepancy.

    --
    You're special forces then? That's great! I just love your olympics!
  6. Re:You need trust by SleepingWaterBear · · Score: 4, Insightful

    Self limiting protocols are useful only for small scale solutions when it is reasonably possible to validate the results (are you going to be able to review the votes of 1,000 plus voters in a useful timescale)

    This idea seems to come out of nowhere and with no justification other than that the most naive possible method of scaling one particular protocol up doesn't work well. There is no fundamental reason that a well designed self enforcing protocol can't scale very well. As a simple example, let voters gather in groups of 100 or so and tally their votes. Then send someone to report the votes to a larger group (this can happen multiple times to allow for exponential scaling), and make sure the report is publicized (in a local newspaper or on a website designed for the purpose) so that voters can confirm the numbers were reported right. By spreading the work over many people no one person has to do an excessive amount of work, regardless of the number of voters.

    Anonymity is a little trickier to do efficiently, but here's the first idea that comes to mind. Gather your 100 voters in a room with a vote count visible to everyone, and give each voter a private terminal. In a random order ask each voter to make a choice, then to confirm the updated count. Each voter will know his own vote was counted correctly. If 100 voters doesn't seem like enough to ensure anonymity you can use a larger group.

    Obviously there are all sorts of flaws with the plans above, but with proper time to work through the details a workable plan of some sort exists. Just because you don't know a solution to a problem doesn't mean that someone actually willing to think can't come up with one.