• bss03@infosec.pub
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    8 months ago

    This is just the problem between the chair and keyboard how to implement the rest of encryption to enforce anonymity of the vote

    That’s not what that phrase means. Ensuring anonymity requires a fundamentally different process than signing with an asymmetric key – involving zero-knowledge proofs, a separate theory from cryptography. A PEBCAK would be when the process is correct and unchanged, but the human (in the chair, at the keyboard) does something contrary (or otherwise inconsistent) with the process.

    And yes, the software must be distributed consistent with the OSI’s definition of open source. (Or consistent with the Debian Free Software Guidelines, which are older but substantially the same, even if it is not packaged for Debian.)