It's really just a matter of trying to make things obvious. You send simple messages at first, allowing the receiver to guess at your format and confirm it with later messages. Then you start sending more complicated messages in the same format.

For example, use a character set of {00,01,10,11}, which I'm going to simplify as {0, 1, space, next} for display purposes. You receive:

0 0 0 0
0 1 0 1
0 0 1 1
0 1 1 10
0 10 1 11
0 10 110 1000 ...

1 0 0 0
1 1 1 1
1 1 0 0
1 0 1 0
1 10 10 100
1 11 11 1001 ...

Get it? Atoms would be done the same way. They even have an implicit order for sending!

NAND is only universal in the context of circuits. A program composed only of a series of NANDs is trivially not turing-complete because it terminates. You need some sort of iterating mechanism in your one instruction.

Not everyone has to verify their vote. An attacker will have to throw away a large number of ballots in order to sway an election. If each voter has a 5% probability of checking their vote and only 100 votes are thrown away, the probability that the attacker is at least detected is greater than 99%.

There's also no need for perfection. The number of reports will be higher when the election is attacked. Apply basic statistics to figure out how likely it is the election was stolen instead of just people making mistakes.

I am constantly amazed at the cynicism from Slashdot about electronic voting. Yes, the existing systems have generally sucked. A lot. But that doesn't mean it's impossible to do.

The fundamental problem which must be addressed is verifiability. In order for the election to be secure, you must have a process which guarantees that tampering will be detected with high probability, **even if a malicious company designs a large portion of the voting machines**. This is not an impossible problem!

For example, suppose you want to be sure your vote is not being flipped. A system which meets that criteria is for the voting process to go as normal, then the machine encrypts and publishes the vote (accessible from the internet), which you verify. Then you are prompted to either check or commit the vote. If you 'check' the vote the machine publishes the encryption keys for the vote, and if you 'commit' then the machine publishes a commitment. All of these actions can be verified by you.

Now, that system isn't perfect (it can compromise the 'secret' part of the ballot). But there are verifiable systems which meet all the criteria for an election. They are not less secure than paper ballots, they are *more* secure. Don't trust the machine, trust the verifiable actions the machine must perform.

That might be interpreted as apathy. It would be better to vote for a *random* candidate in that case. It's unlikely to change the outcome of the election, even if a bunch of people do it, but it sure makes it look close!

In cases where it does swing the election... well, then its likely so many people were misinformed that random chance is better at selecting and "putting the fear" in leaders anyways.

That's overkill. We just need a more accurate measurement to communicate. For example we could define "trustability-ishness" to be Min(P(true | tested true), P(false | tested false)).

So, for example, a 99.9% accurate filter for terrorists when the terrorist rate is 1 in a million:
true positives = 0.000001*0.999 = 0.000000999
true negatives = 0.999999*0.999 = 0.998999001
false positives = 0.999999*0.001 = 0.000999999
false negatives = 0.000001*0.001 = 0.00000001

P(true | tested true) = 0.000000999 / (0.000000999 + 0.000999999) = ~0.000998
P(false | tested false) = 0.998999001 / (0.998999001 + 0.0000001) = ~0.999999

"trustability-ishness" = ~0.000998 = ~0.1% out of 100%

Wow! That 0.1% sure makes things a whole lot clearer. I'm sure there are better definitions, but you get the idea.

That's what I said in the first paragraph. I agree with you. We invent rules to stop games from degenerating into spam-fests. They are useful because the game is funner that way.

My point is that the article contradicts itself. It says all those extra rules are for scrubs, then it says some aren't. My issue is with the start, not the end.

Wow. That's a very poorly structured article. I get his point. He thinks 'scrubs' have too many arbitrary rules, that those types of rules take away from the depth of the game, but that there are extreme cases where such rules are required. But, as written, the article contradicts itself.

He starts by saying: if it's possible you USE it, or you LOSE. All or nothing. If it's overpowered, then the other guy should stop crying and use it right back. Arbitrary rules are for sissies. Then he talks about how we need arbitrary rules in extreme cases like game-freezing glitches and codes to play as boss characters. So which is it!? Stop crying and pick the boss character, or implement an arbitrary rule?

Snopes posted a couple of purposefully incorrect things once, in order to prove a point about not blindly trusting people. The fake stories backfired (or worked, depending on your view) and became real urban legends. Hilarious.

If all people are smart
And some people work at McDonald's
----
Then people who work at McDonald's are smart

Come on! It's a math story!

Smart people would work at McDonalds.

If the information in the vote is incorrect, the challenge reveals it. Do you have a specific example of information which must be published by the machine which is impossible to check statistically?

Assuming all the published information can be checked, you're extremely limited in how the machine can misbehave. It could log votes, but that's true of any voting system [ie. hidden camera in the ceiling].

I'm not really sure how to deal with the statistical coercion, because the number of possible strategies is so broad. How are they secretly communicating whether or not to challenge the vote? How does the enemy link challenged votes to the voter [just because the vote contains unique information doesn't mean it must identify the voter]?

The identifying information is encrypted until the voter challenges the vote. Only the machine holds the key. You can't prove that someone voted for a particular candidate, only that they voted. [Note: The fact that someone voted is impossible information to hide, because it is required to stop people from voting multiple times.]

Worst case scenario is the machine maliciously revealing the key. Actually, the worst case scenario is the machine silently recording the vote [which is not stoppable with a better communication protocol, of course]. It might make sense for a supervising machine to hash and salt the voter id so the individual voting machines don't know who is casting the vote.

You're assuming the vote doesn't contain identifying information. For example the booth could display a value which incremented each time a vote was completed, and which the machine must include in the vote cast. You could also use the time or a hash of the voter's identity. The voter can verify a vote with the correct ID was cast from the machine by challenging the vote, and the poll workers and other machines can verify that the vote ID is behaving correctly.

Where is the new avenue of attack?

I actually do agree that voting from home is a stupid idea. A PC is not a secure environment, with the obvious threat being botnets.

(Reply to other post):
You don't perform the verification with the same machine. That would be a pointless waste of time. Part of the definition of casting a ballot is publishing it (presumably accessible on the internet, obviously encrypted). You then use your PDA or whatever to check that the ballot has in fact been cast, THEN either verify or commit to it.

So an attacker can no longer silently change votes by compromising just a single voting machine.