Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The systems I know don't require voters to keep a private key pair.


Then how else do you validate the identity of the voter? What do you gain if you can't prevent fraud by inserting fake votes?


* You have a list of people who voted. That's public.

* You have a list of votes. That's public (and not correlated with the above) by anonymous tokens.

* You have an anonymous token, which lets you verify your own vote.

If the list of people who voted doesn't match up to real people, that's detectable. If I go into Massachusetts and find 10% of the people claimed to have voted don't exist, I can confirm fraud. If someone who didn't voted has there vote counted, that also confirms fraud.

Anyone can count up and add up the votes. That's public too.

And anyone can confirm their own vote was counted.


How are those tokens less complicated to use than a private keypair? How do you ensure that the votes are cast anonymously, without leaking metadata from timing, etc?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: