[cryptography] Prerendering as a security idea (was: RSA is dead.)

ianG iang at iang.org
Thu Dec 26 02:41:50 EST 2013

On 25/12/13 02:38 AM, Bill Frantz wrote:
> On 12/25/13 at 2:05 PM, iang at iang.org (ianG) wrote:
>> So, assuming I sober up by the morn, and SO doesn't notice, where's
>> Ping's code?
> See <http://zesty.ca/pubs/yee-phd.pdf> p217ff

Thanks!  I had a quick look, it's in Python, I'm squeezed out.  Also, 
there is only a description of the bugs in the thesis, which is no fun.

In order to justify YAPing, here is a snippet from the thesis, which I 
saw as the big idea in Ka Ping's thesis:

What is prerendering?

In a typical voting computer, much of the software code is responsible 
for generating the user interface for the voter. This includes the code 
for arranging the layout of elements on the screen, drawing text in a 
variety of typefaces and languages, drawing buttons, boxes, icons, and 
so on. In a voting computer with audio features, this also includes code 
for manipulating or synthesizing sound. (Some voting computers, such as 
the Avante Vote-Trakker [11], contain speech synthesis software.) The 
user interface is generated in real time—the visual display and audio 
are produced (“rendered”) as the voter interacts with the machine.

Prerendering the ballot.  The software in the voting computer could be 
considerably simplified by moving all this rendering work into the 
preparation stage— /prerendering/ the interface before election day.  1 
Both Ptouch and Pvote realize this idea.

Today’s DRE machines use a ballot definition that contains only 
essential data about the ballot: the names of the offices, the names of 
the candidates running for each office, and so on.  But the ballot 
definition could be expanded to describe the user interface as well. For 
a visual interface, this would include images of the screen with the 
layout already performed, buttons already placed, and text already 
drawn. For an audio interface, this would include prerecorded sound 
clips. Everything presented to the user would be prepared ahead of time, 
so that all the software complexity associated with rendering can be 
taken out of the voting computer.

The ballot definition could specify not just appearance but also 
behaviour—the locations where images will appear, the transitions from 
screen to screen, the user actions that will trigger these transitions, 
and so on. This is exactly the case for both Ptouch and Pvote: the 
ballot definition is a high-level description of the entire user 
interface for voting.

1 It was Steve Bellovin who prompted my line of research by suggesting 
prerendering for voting machines.

> I'm enjoying my son's gin and tonics. He makes the best ones in the world.
> Merry Christmas and Happy New Year1

And to all!

More information about the cryptography mailing list