[cryptography] Prerendering as a security idea (was: RSA is dead.)
iang at iang.org
Thu Dec 26 02:41:50 EST 2013
On 25/12/13 02:38 AM, Bill Frantz wrote:
> On 12/25/13 at 2:05 PM, iang at iang.org (ianG) wrote:
>> So, assuming I sober up by the morn, and SO doesn't notice, where's
>> Ping's code?
> See <http://zesty.ca/pubs/yee-phd.pdf> p217ff
Thanks! I had a quick look, it's in Python, I'm squeezed out. Also,
there is only a description of the bugs in the thesis, which is no fun.
In order to justify YAPing, here is a snippet from the thesis, which I
saw as the big idea in Ka Ping's thesis:
What is prerendering?
In a typical voting computer, much of the software code is responsible
for generating the user interface for the voter. This includes the code
for arranging the layout of elements on the screen, drawing text in a
variety of typefaces and languages, drawing buttons, boxes, icons, and
so on. In a voting computer with audio features, this also includes code
for manipulating or synthesizing sound. (Some voting computers, such as
the Avante Vote-Trakker , contain speech synthesis software.) The
user interface is generated in real time—the visual display and audio
are produced (“rendered”) as the voter interacts with the machine.
Prerendering the ballot. The software in the voting computer could be
considerably simplified by moving all this rendering work into the
preparation stage— /prerendering/ the interface before election day. 1
Both Ptouch and Pvote realize this idea.
Today’s DRE machines use a ballot definition that contains only
essential data about the ballot: the names of the offices, the names of
the candidates running for each office, and so on. But the ballot
definition could be expanded to describe the user interface as well. For
a visual interface, this would include images of the screen with the
layout already performed, buttons already placed, and text already
drawn. For an audio interface, this would include prerecorded sound
clips. Everything presented to the user would be prepared ahead of time,
so that all the software complexity associated with rendering can be
taken out of the voting computer.
The ballot definition could specify not just appearance but also
behaviour—the locations where images will appear, the transitions from
screen to screen, the user actions that will trigger these transitions,
and so on. This is exactly the case for both Ptouch and Pvote: the
ballot definition is a high-level description of the entire user
interface for voting.
1 It was Steve Bellovin who prompted my line of research by suggesting
prerendering for voting machines.
> I'm enjoying my son's gin and tonics. He makes the best ones in the world.
> Merry Christmas and Happy New Year1
And to all!
More information about the cryptography