Re: snake-oil voting?

1999-09-27 Thread Ed Gerck 



Anonymous wrote:

> There is a wide variation in the amount of validation done at polling
> places.  In the local region none of this is done; you are asked to sign,
> bug your signature is not checked.  No ID is required, and observers
> from political parties are not present.

In California, the situation regarding validation is different and improving
security-wise, see http://www.ss.ca.gov/elections/elections_q.htm with:

In late 1995, the Secretary of State was authorized by the Legislature and Governor to 
begin development of our
first-ever statewide voter registration database. By building this cumulative database 
and eliminating many of
the duplicate or erroneous registrations, known as "deadwood", currently on the 58 
county's voter rolls, the
state and counties can reduce election costs and take another step toward prevention 
of fraudulent voting. For
the first time, county elections officials will be able to maintain their voter 
registration files with the assistance of
other elections offices throughout the state, as well as interfacing with the 
Department of Motor Vehicles and
the Bureau of Vital Statistics. Duplicate registrations can be cancelled, persons who 
have died can be removed
from voter rolls, and cross-county registrations can be updated once the CALVOTER 
database is in place.

Of relevance here, is that cryptographic protocols may have a better security support 
if
registration data is reliable and can be verified in more than one channel (eg, using 
DMV data).

> It seems clear that the system is primarily oriented towards preventing
> fraud by election officials and those involved in setting up the
> electronic voting.

I can't see VoteHere providing that, as I explained before -- the system
is more towards "One Name, Any Vote" than what it claims to be, as
"One Person,  One Vote".  There is no way you can verify if a vote
with my name was just stuffed into the ballot, for example -- but if everyone
would verify and if everyone would have just one name and if everyone
would be 100% honest and if everyone would tell all the others what
it verified, then it would work ;-) but, then, no protocol is necessary
or even possible for the sheer size of msgs involved.

Cheers,

Ed Gerck

Re: grabbed video as a source of entropy

1999-09-27 Thread John Gilmore 

See http://lavarand.sgi.com/

John

Re: Ecash without a mint, or - making anonymous payments practical

1999-09-27 Thread bram 

On Mon, 27 Sep 1999 [EMAIL PROTECTED] wrote:

> One small final comment:  physical cash is not really anonymous (bills have
> serial numbers, and certainly coins may contain secret marks. Why?

I believe at least part of the reason is to make heists difficult - Places
which have loads of nice new bills almost always have them with sequential
serial numbers. There have been many cases of a huge heist getting pulled
off successfully and then the robbers were unable to dispose of the cash
they got because it was too easy to trace.

-Bram

IBM to built crypto-on-a-chip into all its PCs

1999-09-27 Thread Robert Hettinga 


--- begin forwarded text


Date: Mon, 27 Sep 1999 17:01:05 +0100
From: Somebody
To:  [EMAIL PROTECTED]
Subject: IBM to built crypto-on-a-chip into all its PCs



   Posted 27/09/99 12:09pm by Tony Smith

   IBM to built crypto-on-a-chip into all its PCs

http://www.theregister.co.uk/990927-12.html


IBM will tomorrow launch an all-in-one encryption chip designed to 
protect documents stored on desktop PCs and servers.

The chip, as yet unnamed, will be initially installed in IBM's 300PL 
PC, but will soon be built into the company's full line of desktop 
systems. Actually, the 300PL may not feature the new chip since it's 
based on Intel's i820 chipset and, as Intel revealed today, 
the i820's release 
has been delayed indefinitely.

IBM said users will pay no more for a hardware encryption-enabled PC 
than they will for a machine without the chip.

In addition to handling key encryption -- the technology most usually 
associated with document protection -- the chip will also generate 
and verify digital signaturees.

IBM's plan is clearly to make its machines more appealing to the 
growing number of computer users buying desktops solely to surf the 
Internet at do a little online shopping. The move should also make 
its PCs more attractive to companies performing business-to-business 
transactions over the Net.

Of course, Big Blue is keen to be seen as acting in everyone's 
interest here, which is why the company's general manager for desktop 
systems, Anne Gardner, told Reuters: "We want this to become an 
industry standard. We want this on as many desktops as possible."

However, IBM clearly wants to retain a lead, which no doubt explains 
Gardner's reluctance to discuss any plans the company may have to 
licence the technology to motherboard vendors. All she would say on 
the subject was a vague "you may see something along those lines in 
the future".

Probably IBM will first want to see how attractive the technology is 
to punters. At least the approach of using an ancillary encryption 
chip should keep IBM safe from the nightmare Intel faced when it 
attempted to railroad CPU ID numbers on users.


--- end forwarded text


-
Robert A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: Ecash without a mint, or - making anonymous paymentspractical

1999-09-27 Thread Lynn . Wheeler 



One of the things provided by X9.59 is that it is privacy/anonymous neutral at
point-of-sale &/or merchant webserver ... and in fact, with AADS accounts for
hardgood shipments ... an X9.59-like protocol for address-authorization
transaction... similar to X9.59 for payment-authorization ... not only
eliminates name/address from the payment transactions at a webserver ... but can
also eliminate the name/address at merchant webservers.

merchant webservers get accounts ... for payments by financial institutions ...
and accounts for name/address by shippers (i.e. policing name/address privacy at
a couple dozen shippers is much simpler than policing name/address privacy at 20
million merchant webservers).

The economics of anonymity

1999-09-27 Thread Robert Hettinga 

-BEGIN PGP SIGNED MESSAGE-

At 10:12 AM +0300 on 9/27/99, [EMAIL PROTECTED] wrote:


> One small final comment:  physical cash is not really anonymous (bills
> have serial numbers, and certainly coins may contain secret marks. Why?

To prevent forgery, of course.

Blinding, statistical testing, expiration dates, and issue-epochs, and do
the same thing with digital bearer instruments.


The reason I think that digital bearer transactions will be cheaper than
digital book-entry transactions is because an asset changes hands
irrevocably, because its transfer instantaneous, because the transaction
is pre-authorized by signature or hash-value, and because there is no
need to store records of the transaction in several places at once for an
indeterminate period of time. (as many as seven or eight duplicate sets
of book entries, kept for at least 7 years, for an American check-cleared
credit card transaction, for instance).

If you bundle those transactions, like with a few (unmentioned :-))
"counter cash" schemes, you only get some form of execution, but only
delayed clearing and settlement. The asset itself is not readily
spendable for other assets without an awful amount of overhead and risk,
as Mondex has shown us. (For instance, your limit on Mondex transactions,
both up and down the transaction-size ladder, is limited by the capacity
quickly evolve a monoculture of smart cards, all of which must be
functionally equivalent, replaceable only en masse, and all at
significantly higher cost than a software upgrade to a more generic
secure device would be.)


For small value transactions, like with MicroMint, you keep a statistical
sample to prevent double spending and throw most used digital bearer
certificates away on redemption, while using a fixed expiration date to
prevent long-term forgery.

For high value transactions, like with Chaum and Brands blind signatures,
you keep a single record of all transactions, but you have a
financially-calculable expiration date to deal with key theft and keep
the size of the spent-certificate database manageable.

I claim that both of the above will prove to be three orders of magnitude
cheaper -- in risk-adjusted system-wide transaction cost, and certainly
to the "merchant", the receiver of the asset in question -- than an
equivalent book-entry electronic transaction settlement mechanism.

Since electronic book-entry settlement achieved the same dramatic
reduction of transaction cost over paper bearer transactions, I expect
that, sooner or later, digital bearer settlement will become the dominant
asset-transfer mechanism, certainly in total value transferred, and, if
the same promise holds for microtransactions, in total transaction counts
as well.

I agree with you, Amir, that ultimately this has to be proven in the
market.

Which is why I started IBUC.

Cheers,
RAH

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 6.5.1 for non-commercial use 

iQEVAwUBN+9dzsUCGwxmWcHhAQGypwgAhE8bBpz3hsycdE4al37TNsPNGcCxLkvD
51Ljnn+f9qtprkThOtW8qeKMgSAcIo5hBmZN6SkoB0dYEdSiG8uxDXtR5AnJfn/I
ZJjIDAP1tRWlmJSn+dA2F6gFhuZhCISb5FNq6MwPYSyrjJQGmEZTM+zC7clw9oAq
raTCzz/pa/h4zEBOkVMwcP5gId564VR9klDGF/7K87oHNduoWfHaBYj3lLid/22k
DfXdZTqNIFaFvOMcyAyoGAJ7BpiLU11xc9KSNigGbT25iDA8XDI+MS/jZJ3hz6u7
nJkZEMqzN9SdffKhXPe+pt2CyuaB0tQvji0S//xo3jfvPHK9pExE0A==
=Dbgb
-END PGP SIGNATURE-
-
Robert A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: Ecash without a mint, or - making anonymous payments practical

1999-09-27 Thread amir . herzberg 



Steve takes an issue with me for my belief that anonymous payments will involve
overhead that may make them less popular than non-anonymous payments. He says,

> There is no reason to expect anonymous system will be more expensive than
> the current book-entry variety, in fact quite the contrary.

Of course, it doesn't make any sense that adding any requirement, esp. a
non-trivial one such as anonymity, will result in a less expensive system. In
particular anonymity does not remove the technical requirements of book-keeping
to prevent duplication.

But, I don't see the point in arguing about this. Let us implement the best
systems - with and without anonymity - and then compare.

Again: I'm _not_ against anonymity, on the contrary (even done a bit of research
in this area). However my main goal is to facilitate commerce in digital goods
and services. I think this is a difficult goal as it is without adding the
anonymity requirement. I feel better knowing that this will not prevent
anonymity solutions, since the hybrid approach allows them to be an extension of
the basic payment scheme.

One small final comment:  physical cash is not really anonymous (bills have
serial numbers, and certainly coins may contain secret marks. Why?

Best Regards,
Amir Herzberg
Manager, E-Business and Security Technologies
IBM Research - Haifa Lab (Tel Aviv Office)
http://www.hrl.il.ibm.com
New e-mail: [EMAIL PROTECTED]
New Lotus notes mail: amir herzberg/haifa/ibm@IBMIL