This is just the problem between the chair and keyboard how to implement the rest of encryption to enforce anonymity of the vote.
My point was that you can’t do symetric key efficiently when you don’t have assymetric key confirmed by both parties.
I agree that for example you can vote anonymously just by using dedicated software on your computer that will identify you and then sign and encrypt payload that you can send anonymously from wherever you want - even from the moon. Just make sure we don’t include any metadata in signed and encrypted file.
And actually I am missing point 8
All software dedicated to this process must be open source
This is just the problem between the chair and keyboard how to implement the rest of encryption to enforce anonymity of the vote
That’s not what that phrase means. Ensuring anonymity requires a fundamentally different process than signing with an asymmetric key – involving zero-knowledge proofs, a separate theory from cryptography. A PEBCAK would be when the process is correct and unchanged, but the human (in the chair, at the keyboard) does something contrary (or otherwise inconsistent) with the process.
And yes, the software must be distributed consistent with the OSI’s definition of open source. (Or consistent with the Debian Free Software Guidelines, which are older but substantially the same, even if it is not packaged for Debian.)
This is just the problem between the chair and keyboard how to implement the rest of encryption to enforce anonymity of the vote.
My point was that you can’t do symetric key efficiently when you don’t have assymetric key confirmed by both parties.
I agree that for example you can vote anonymously just by using dedicated software on your computer that will identify you and then sign and encrypt payload that you can send anonymously from wherever you want - even from the moon. Just make sure we don’t include any metadata in signed and encrypted file.
And actually I am missing point 8
That’s not what that phrase means. Ensuring anonymity requires a fundamentally different process than signing with an asymmetric key – involving zero-knowledge proofs, a separate theory from cryptography. A PEBCAK would be when the process is correct and unchanged, but the human (in the chair, at the keyboard) does something contrary (or otherwise inconsistent) with the process.
And yes, the software must be distributed consistent with the OSI’s definition of open source. (Or consistent with the Debian Free Software Guidelines, which are older but substantially the same, even if it is not packaged for Debian.)