1 comment

[ 2.0 ms ] story [ 10.7 ms ] thread
I wrote a paper late last year that demonstrated a practical attack against ballot secrecy for a Canadian online voting vendor. Thought you all might find it interesting.

A third-party observer can deduce (with a high probability) the candidate a voter voted for, despite the voter's connection to the voting serve being encrypted. This is because the length of the encrypted data leaks information.