Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Do you have any details about the kind of mechanism that they used?

If it's a private/public kind of mechanism, they should be able to disclose the public key for signature verification.

If it's not, and it's some kind of a HMAC, and the political parties have all access to the key... Then this doesn't protect at all against the threat implied (the different parties don't trust each other, and both claim that they are trying to "steal" the election), since these signatures could be forged by any of the political parties with access to the key

Even in the former case, it could be possible that a machine could be compromised, and could have emitted two tallies (one for the actual election, and another one with different numbers and forged signatures). In that case, we would still want to check that the local polling station can confirm that the Acta that we're seeing is congruent with what they have




Here’s a FAQ about the security features of the voting machines https://www.smartmatic.com/wp-content/uploads/2022/11/FAQ_Cy...

I also agree the parties should disclose the public key and the parameters to calculate the hash.

The code and the keys are stored in a database that is audited by political parties before the election. What I’m not certain about is whether they have access to it at this time.

Proving the validity of the acts should be trivial, especially for any party who had access to the audited database. There is little point in forging fake ones.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: