HACK SIV — Public Prize Awards: Now Live

[dsernst]

We're now ready to start inviting the DEF CON registered voters to the $5,000 Public Prize Awards Vote.

The ballot has been finalized — you can see it, and vote if you'd like, in this UNOFFICIAL version here.

For the official version, the election's decryption key was split into 4 parts, with each 1/4 fraction held by the following privacy protectors:

• The production SIV.org server
• @dsernst (myself), on my personal device
• @dglittle, on his personal device
• @arianabuilds, on her personal device

All registered voters were also invited to be additional Privacy Protectors themselves as well.

The registered voters will now be sent their personal invitations to vote in the official version.

Votes will be accepted for 24 hours, then the election will be closed, at approximately noon PT tomorrow, Thurs 8/15/2024.

[dsernst]

Confirming that I @dsernst used my own separate device to participate in a 4-of-4 Distributed Keygen Ceremony, which resulted in an election public key of:

• 8cb22979a35e32b79bf5399fe97058319fdb9a89064ae61e8db8c91cb26d252b

The fractional public keys were:

• siv.org server: dace5b61ea5dd50bdfd8dabb2c9de5ffcacbc0a136f97bd137a953dd3dbb5c77
• @dsernst: 3e4ab0b8aa4d86a8fd4808035fe4c0c5b9aaa541d0a9dd03bd069694f061a055
• @dglittle: 1443f6639f9a7e5a24d02c3ff12dc1067e8afcfdb443c597c623deeb21bc9857
• @arianabuilds: c823a8c96d11e93e5b5fc9486f769278ddbb336f34d705f351e04cc1923bcf1f

I also affirm that I am committed to ensuring the privacy of the vote, and will only use my fractional key to unlock encrypted votes after they are thoroughly shuffled for anonymization.

[dglittle]

Confirming that I @dglittle used my own separate device to participate in a 4-of-4 Distributed Keygen Ceremony, which resulted in an election public key of:

• 8cb22979a35e32b79bf5399fe97058319fdb9a89064ae61e8db8c91cb26d252b

The fractional public keys were:

• siv.org server: dace5b61ea5dd50bdfd8dabb2c9de5ffcacbc0a136f97bd137a953dd3dbb5c77
• @dsernst: 3e4ab0b8aa4d86a8fd4808035fe4c0c5b9aaa541d0a9dd03bd069694f061a055
• @dglittle: 1443f6639f9a7e5a24d02c3ff12dc1067e8afcfdb443c597c623deeb21bc9857
• @arianabuilds:  c823a8c96d11e93e5b5fc9486f769278ddbb336f34d705f351e04cc1923bcf1f

I also affirm that I am committed to ensuring the privacy of the vote, and will only use my fractional key to unlock encrypted votes after they are thoroughly shuffled for anonymization.

[arianabuilds]

Confirming that I @arianabuilds used my own separate device to participate in a 4-of-4 Distributed Keygen Ceremony, which resulted in an election public key of:

• 8cb22979a35e32b79bf5399fe97058319fdb9a89064ae61e8db8c91cb26d252b

The fractional public keys were:

• siv.org server: dace5b61ea5dd50bdfd8dabb2c9de5ffcacbc0a136f97bd137a953dd3dbb5c77
• @dsernst: 3e4ab0b8aa4d86a8fd4808035fe4c0c5b9aaa541d0a9dd03bd069694f061a055
• @dglittle: 1443f6639f9a7e5a24d02c3ff12dc1067e8afcfdb443c597c623deeb21bc9857
• @arianabuilds:  c823a8c96d11e93e5b5fc9486f769278ddbb336f34d705f351e04cc1923bcf1f

I also affirm that I am committed to ensuring the privacy of the vote, and will only use my fractional key to unlock encrypted votes after they are thoroughly shuffled for anonymization.

[dsernst]

We've just done the post-election shuffle and decentralized decryption of results. They are now posted here: https://siv.org/election/1723655385175

As far as I can tell, everything went perfectly with the shuffle & decryption. My fractional key was not used for anything other than decrypting the 4-times shuffled votes.

[arianabuilds]

I also confirm that everything went well, as far as I can tell. My fractional key was not used for anything other than decrypting the 4-times shuffled votes.

[dglittle]

I also confirm that everything went well, and that my fractional key was not used for anything other than decrypting the 4-times shuffled votes.. as far as I can tell.

[dsernst]

Reposting the raw-json of the unlocked vote results here, so it's hashed, and mirrored off of our server, with another source timestamping (this GitHub comment).

https://github.com/siv-org/hack.siv.org/commit/ba0c16b66d49a7dfaf28bc096f5a4b1892549367

[dsernst]

Now that the preliminary results have been posted, everyone is invited to investigate for any anomalies. Don't hesitate to ask questions. If you are open to writing down specific things that you confirm correct, or are concerned by, sharing such things would also help other people have a clearer picture too.

In a perfect scenario, 100% of the voters would be able to publicly say "I confirmed my anonymized vote is present in the final tally." Then we can achieve 100% common knowledge (https://en.wikipedia.org/wiki/Common_knowledge_(logic)) that all voters are satisfied by the legitimacy of results.

And that extends to non-voters too. Similar public comments from submitters, and other people observing this process are also welcome and appreciated.

[arianabuilds]

@cjackett @phish @mspecter @GABuras @Automatic476 @anon-person404 @pmeyerson @pleasework-sh @worldpeaceworker @aaspring — We have invited the voters to verify that their vote is in the final tally (details here: http://simp.ly/publish/cqqKhx), & we'd also like to invite you, the submitters, to check for any anomalies or ask us direct questions too.

[arianabuilds]

Voter Verification Phase

We invited all voters to personally verify their vote is in the final tally & provided them with a Verification Guide (https://app.simplenote.com/publish/cqqKhx).

Summary:

• 7 of 7 have confirmed voter verification.
• 3 of the 7 did so publicly, the other 4 in direct messages to us. (anonymized screenshots below)
• 1 of the 7 had trouble fully verifying. We gave them options to resolve, & they are now satisfied (anonymized email thread below)

Voter 1

This voter confirmed via a message in the HACK SIV public group chat —

Voter 2

This voter confirmed via direct email to us.

Voter 3

This voter confirmed via direct email to us.

Voter 4

This voter confirmed by commenting directly under the unlocked-votes mirrored to github.

Voter 5

This voter confirmed via direct email to us.

Voter 6

This voter attempted to verify their vote. But has been unable to locate their verification #. We are still working with them to resolve.

On Aug 16, 2024, at 3:53 PM, Ariana Ivan wrote:

Hi! Are you open to help post-election audit the HACK SIV vote?

• Quickest method takes less than 3 min
• Everyone else could see and gain confidence from the fact that you verified your vote. We can actually hit 100% for this small vote
• No one should learn how you voted

Initial draft of a guide here: https://app.simplenote.com/publish/cqqKhx

You can also text David on Signal to go through this process step-by-step.

Appreciate your engagement, Ariana

On Fri, Aug 16, 2024 at 11:26 PM REDACTED wrote:

Yea but I don’t have the original email. My votes looked correct when I looked the other day (when 3 voters had voted )

On Fri, Aug 16, 2024 at 11:57 PM Ariana Ivan wrote:

Thanks for letting me know.

Here's your custom voter link again. You need to open it from the same device, same browser to find your private Voter Verification info: https://siv.org/election/1723655385175/vote?auth=REDACTED

Let me know if this works.

Thanks!

On Sat, Aug 17, 2024 at 10:00 AM REDACTED wrote:

No dice.

[Screenshot REDACTED]

On Sat, Aug 17, 2024 at 1:16 PM Ariana Ivan wrote:

Ok, thanks for the update!

Here are 3 legitimate reasons your private vote data could be missing:

1. You’re not using the same device and browser you voted from before. The vote data get stored in the browser’s LocalStorage, so wouldn’t be present in other devices or browsers.
2. When you voted, you used a private Incognito window, that automatically clears browser data when it closes.
3. You manually cleared browser data since then, such as using History > Clear Browser Data or similar.

If you think any of these are likely, please say so, so we can note this as an innocent explanation.

If you do not think any of these are likely, please say so. A less innocent explanation (unlikely for this vote - but can’t rule it out), is that malware on your own device changed your vote, and then deleted your private vote data to make it harder to detect.

If you’d like, you are welcome to cast a new replacement vote. We can publicly invalidate your current one and issue you new credentials to vote again. Would you like this?

(Fun facts — in a paper election, we have no option to verify if our vote was tallied correctly or went missing, etc. IF a problem was noticed, the entire election would have to be re-done, instead of being able to fix just the single faulty vote. So I hope this process is as fascinating for you as it is for us, showing how we can have more complete verification and remediation methods for elections. Thanks so much for your engagement!)

On Sat, Aug 17, 2024 at 6:31 PM REDACTED wrote:

I believe it is # 3 though it wasn’t intentional. Between voting and the follow up email my browser software was updated. I did not clear any data from my browser in the mean time.

On Sat, Aug 17, 2024 at 7:28 PM Ariana Ivan wrote:

Ok, thank you for the update.

Here are a few options:

1. We can publicly invalidate your current vote, issue you a new voting credential, and you can cast a new one. We would reshuffle all 7 votes again (the 6 original + your new 1), but it would be easy for other people to see which is yours because it would be the only one with a changed Verification #. (In a larger election with other replacement votes, this wouldn't be an issue.)

2. With your permission, we can ask the election's Privacy Protectors to decrypt just your original encrypted vote, and tell you its Verification # so you can find it in the unlocked results and verify it matches your intent. One of the Privacy Protectors would be able to learn which vote is yours, but no one else.

3. We can leave the situation as-is.

Do you have a preference?

On Sat, Aug 17, 2024 at 10:47 PM REDACTED wrote:

3 is fine.

When I looked at the initial results I saw my votes and they looked correct.

Only comment I would have is about the person voting 4999 for the one issue. Found that a little funny.

Voter 7

This voter confirmed via a message in the HACK SIV public group chat —

[dsernst]

Ok, now with 7 of 7 voter confirmations, and no issues raised by submitters, we're calling these results officially closed.

Here are the final totals by submitter:

SIV Allocations			Public Allocations			Combined Allocations
name	total		name	total		name	total
mspecter	$2,244.92		mspecter	$1,949.31		mspecter	$4,194.23
cjackett	$929.71		cjackett	$1,141.32		cjackett	$2,071.03
aaspring	$566.89		GABuras	$711.10		GABuras	$983.22
anon-person404	$408.17		anon-person404	$536.43		anon-person404	$944.60
GABuras	$272.12		aaspring	$284.93		aaspring	$851.82
anon	$272.11		pleasework-sh	$151.43		anon	$354.99
Automatic476	$113.38		Automatic476	$93.03		pleasework-sh	$242.14
pleasework-sh	$90.71		anon	$82.88		Automatic476	$206.41
pmeyerson	$90.70		pmeyerson	$39.71		pmeyerson	$130.41
worldpeaceworker	$11.34		phish	$7.29		worldpeaceworker	$13.91
phish	$0.00		worldpeaceworker	$2.57		phish	$7.29
total	$5,000.05		total	$5,000.00		total	$10,000.05

Lots more analysis available here in the various tabs: https://docs.google.com/spreadsheets/d/1PLiGplqv6N22nn1fOg503_H_jq_1tsvAJnmAs-c-Axc/edit?gid=0#gid=0

Congratulations to all the winners!

We will start reaching out directly to each of you for payment.