-
First, thank you so much for compiling this list. 😃👍 I just wish I'd found this earlier : )
(EDIT: I found the sentence "_So it's important to emphasise that AES-GCM-SIV (and nonce-misuse resistan…
-
### We're now ready to start inviting the DEF CON registered voters to the $5,000 Public Prize Awards Vote.
The ballot has been finalized — you can see it, and vote if you'd like, in [this UNOFFICI…
-
Jotting down notes on this idea, brainstormed w/ Josh D:
Unclear if it's feasible, viable, or desirable, but interesting to consider as like half-SIV to intro skeptics:
------
SIV backed by P…
-
**Help us help you**
Out tink configuration uses 2.2 with a few small build patch for a conflicting RapidJSON installation.
** Bug report **
We use a very up to date version of Ubuntu (24.04…
-
The Project is that we want to create a Bounty Reward System
### Hack SIV — Win Money
There are multiple parts needed for this:
1. Creating — do we need to create some landing page? Where…
-
> A malicious SIV server can currently attack the Observer such that the votes are effectively public to SIV. The attack is simple: the server sends down some malicious JS that copies the observers’ s…
-
Lots of talking and presenting today. 50+ deep conversations about internet voting.
We were featured in Reuters: https://www.reuters.com/technology/can-online-voting-be-secure-experts-las-vegas-try…
-
> SIV needs a more formal threat model.
>
> Formally stating what adversaries you expect to prevent what sorts of attacks is a really important part of designing any cryptographic system. When exam…
-
> Also, what service is actually intended to host the SIV server? If it’s a third party (e.g. aws), it has control over the election as well.
> [...]
> The goal is not to cast aspersions on the vend…
-
> Defense against malicious clients (e.g. a malicious browser extension) are also not described well in the documentation. There's statements about the use of QR codes here, though (again), it is uncl…