[habeanf]

That's not a valid argument. Nothing is secure from all known threats.

The question is how (in)secure is the system. In this case, the voting protocol doesn't provide a means of verification.

Secure voting protocols have been around for quite a few years. jjuhl left this comment above https://news.ycombinator.com/item?id=13032602

Dan Boneh's Crypto 2 coursera course (https://www.coursera.org/learn/crypto2#) covers the concept.

There are voting protocols that use the same foundations as public-key crypto to allow for vote verifiability - you can validate that your vote has been taken into account in the tally without sacrificing the privacy of your vote. There are solutions for voter fraud too.

[pdkl95]

> Nothing is secure from all known threats.

Of course. That's why it's important to reduce the attack surface. Adding electronics (or worse, software) adds a huge amount of attack surface. The attack could be at any point from the CPU-internals to the software.

> the voting protocol doesn't provide a means of verification

Yes. That's a feature. Any new system cannot re-enable voter coercion.

> Homomorphic encryption

I already mentioned[1] that video yesterday. It's an interesting idea, but even Prof. Rivest in the video isn't claiming it's ready for use.

More importantly, the reply by marten-de-vries[2] brings up a very good counter argument to any voting system based on fancy math: the general population won't accept it. The voting process doesn't work unless the population considers it legitimate, and it will be hard to convince them if they first have to learn enough math to understand homomorphic (or public-key) encryption.

This is still interesting research that may evolve into a new type of voting protocol in the future.

[1] https://news.ycombinator.com/item?id=13020917

[2] https://news.ycombinator.com/item?id=13021517

[habeanf]

> Adding electronics (or worse, software) adds a huge amount of attack surface. The attack could be at any point from the CPU-internals to the software.

You're missing the point. The voting protocol is built in such a way that you can verify that your vote was cast as intended, and that your vote was counted in the tally. Once everyone agrees on the voting protocol you don't need to trust someone else's electronics, you can do it on your own device, and use open source software.

> the voting protocol doesn't provide a means of verification Yes. That's a feature. Any new system cannot re-enable voter coercion.

You can have vote verification without enabling coercion. If you have a vote receipt it does not imply you can prove or disprove how you voted, but it does allow you to verify that your vote was included in the tally.

> More importantly, the reply by marten-de-vries[2] brings up a very good counter argument to any voting system based on fancy math: the general population won't accept it. The voting process doesn't work unless the population considers it legitimate, and it will be hard to convince them if they first have to learn enough math to understand homomorphic (or public-key) encryption.

I disagree. The general population doesn't know how RSA or AES work but we have HTTPS and the green-lock-thingy. You don't need to know how or why something works in order to reap its benefits.

[pdkl95]

> You're missing the point. The voting protocol is built in such a way that you can verify that your vote was cast as intended

No, you're missing the point. You don't know that the crypto was calculated properly, because you are not going to be calculating the crypto by hand. Prove - in the voting booth - that someone hasn't changed the software to give you the wrong crypto token.

> If you have a vote receipt it does not imply you can prove or disprove how you voted, but it does allow you to verify that your vote was included in the tally.

Do you not see that this is is a contradiction? Someone coercing you simply demands that verification.

"Bring your verification receipt if you want to keep your job."

> HTTPS and the green-lock-thingy

TLS doesn't rely on the public understanding it for legitimacy. The public doesn't care about how it works; they care about if it's a reliable security feature. Legitimacy is lost if there are too many public failures.

Voting requires an understanding how the winner was decided. Your proposal will never be accepted if it is, in the eyes of the general public, a black box you submit your vote into that is only interpreted by a priesthood that they have to trust to interpret the votes. Adding up votes is understandable, but homomorphic encryption might as well be black magic.

This understanding is more important than ever, because we are currently experiencing a revolt against technocracy. Brexit and Trump are aspects of this revolt. If you think you can get the population to accept a voting protocol they don't understand, then you haven't been paying attention to the current political climate.

[vehementi]

Check out the many threads about this on HN about why electronic voting is not going to be secure enough