Microsoft Proposes Fix For E-Voting Attack 111
Trailrunner7 writes "Microsoft Research has proposed mitigation for a known potential attack against verifiable electronic voting machines that could help prevent insiders from being able to alter votes after the fact. The countermeasure to the 'trash attack' involves adding a cryptographic hash to the receipts that voters receive (PDF). Many verifiable voting systems already include hashes on the receipts, but that hash is typically made from the ballot data for each specific voter. The idea proposed by Microsoft Research involves using a running hash that would add a hash of the previous voter's receipt to each person's receipt, ideally preventing a privileged insider from using discarded receipts to alter votes. The trash attack that the mitigation is designed to address involves election workers or others who might be motivated to change votes gathering discarded receipts and then altering those votes."
lets you buy/sell votes (Score:5, Informative)
Any system that shows how you voted after the fact opens up the possibility of purchasing votes.
That has already been covered and done better... (Score:4, Informative)
This is an old issue and people have done it better for a long time. The vendors (MS included) CHOSE to use half hearted, stupid, and short sighted solution. I saw proposal papers over a decade ago at the ISOC (Internet Society) NDSS conference:
Practical Approach to Anonymity in Large Scale Electronic Voting Schemes
Andrea Rierra and Joan Boerrell
http://www.isoc.org/isoc/conferences/ndss/99/proceedings/papers/riera.pdf [isoc.org]
Start there and get serious.