Ask HN: How would you design a voting system?

1 points by crgwbr ↗ HN
A friend and I were recently discussing the security of electronic voting systems in elections, and I came to the conclusion that it might not actually be possible to design a system that cryptographically ensures votes have not been tampered with.

Using the following constraints...

1) A voter must not be personally identifiable.

2) A voter must only be able to vote once.

3) Every vote must be cryptographically signed in such a way that it can not be tampered with.

4) Client machines (the hardware used to place votes) can not be trusted.

...the best theoretical solution I've come up with would be to issue everyone a PGP key at birth; record the public key in a master database, but not tie it to any other form of personal identity; sign and submit votes using your birth-issued PGP key; only accept votes with a valid signature, produced by a key in the master public key database; exclusively allow voting using hardware owned by the voter (to reduce chance of someone compromising a voting system for an entire city).

Obviously this would never actually happen in the real world. Given the goal, though, of a perfectly secure system, how would you design it? What would be it's weak points?

1 comment

[ 2.7 ms ] story [ 10.2 ms ] thread
I would still prefer a physical ballot to an electronic one.

Something that can be scanned and verified.

I think having the information scanned should be distributed and maybe the block chain tech could help in some way to verify it.