HACK SIV — End of Day 3 Report (8/8)

1. DEF CON officially opened. What a hurricane of energy.

Here are some Frequently Asked Questions from discussions in the DEF CON halls:

a) What's the cryptography used?

Elliptic Curve ElGamal. See https://docs.siv.org/technical-specifications

b) Is it auditable? Does it leave a paper trail?

Check out the Verifiability section: https://docs.siv.org/verifiability

c) How does authentication work?

https://docs.siv.org/authentication

d) What about malware on voter's devices?

https://docs.siv.org/mitigating-attacks/malware

e) I wish I had my laptop / I don't write that much code anymore / I just know the fundamentals of security.

You don't necessarily have to submit code, you can simply explain a vulnerability. And if you don't have your laptop, you can still review the protocol and see if you can think of something.

f) How do I start hacking? Do I come in person?

It's all happening online, but you can also visit us @ the DEF CON Voting Village.

Check out hack.siv.org for the full contest rules. And especially the Hacking Resources section near the bottom for getting started.

And other updates:

Lots of new joiners to Signal group & email-announcements list. Welcome everybody! 👋
Really fun discussions in the Signal group this morning. So awesome and inspiring.
- Join the group if you haven't already!
- FYI Signal's recently launched username support means you can join without leaking your phone number
First mock election launched this morning! Check it out https://siv.org/election/1723075118561/vote?auth=link to be able to start poking at the core voter interface easily, without needing to install anything.
- (Reduced auth requirements, since it's only a mock election)
- In case you haven't seen it, it asks some very important questions like TABS vs SPACES, and Best Hacker Movie.
- So far we have not received any vulnerabilities with it.
We made a big breakthrough! To figure out how we're going to uniquely auth for Sunday's Prize Awarding Vote. Details to-be-announced, but we're very happy with it. Had been trying to figure it out for days.
There were 6 new submissions today, bringing the total to 9. We haven't had a chance to properly respond to them yet — it's been a whirlwind of a day — but will list them here nonetheless: 1) The first was the most provocative submitted so far: "I will pay you $1 to vote for this issue".
- Also see what SIV has written about this topic: https://docs.siv.org/mitigating-attacks/vote-selling 2) A followup about a docs nit: "coercion resistance !== receipt-freeness" 3) Questions raised about possible BGP (Border Gateway Protocol) attacks? 4) Another contributor added on to BGP issues above, specifically pointing to some global BGP attacks that took place in 2010, rerouting 15% of all internet traffic for a bit 5) And another concern raised: "If SIV is adopted, jurisdictions may be too tempted to stop offering other paper voting options, effectively forcing digital voting on people, despite our intentions otherwise" 6) Lastly, another concern raised that too much advanced tech might dangerously erode voters' trust in results' legitimacy, if people can't understand it.

We need to properly respond to each of these. Some we like more than others.

Hate to say it, but we do think there's still lots of room for higher quality submissions.

And the last update for this report: Now that we have some submissions, we can begin getting a rough interface together for Sunday's Public Vote to Award $ to the most deserving submissions. Check out the draft here: http://siv.org/election/1723163812399/vote?auth=preview.
- One important thing you may notice about it... your best submissions aren't up there yet! https://github.com/siv-org/siv/issues/new/choose

Reminder: all the core contest info can be found @ hack.siv.org.

siv-org / siv

HACK SIV — End of Day 3 Report (Thurs 8/8) #192