I want make to a untraceable voting system that would allow registered users to vote on some sensitive issue in a way, that would make it impossible to track votes back to users in a case of database compromise (including being "compromised" by overly curious DB admin).
Detailed setup:
I have some solutions in mind which I post as my own answer after grace period.
Assuming the DB Admin has no access to the application code that will have the voting system, and assuming that the DB Admin viewing the votes is not an issue (just linking a vote to a person)
In your table where you store the user votes, create an extra column that will contain a salted hash of some info from the user that cast the vote (name, username, e-mail, b-day, combination of those). This is the important thing, the DB Admin should not know how the user unique value that is stored in the DB, is first generated and then encrypted.
Just assume that the user token that you came up with (name, email) is a password, and you want to store in the DB without people knowing what the actual password is. More info can be found here Best way to store password in database
So with your per user hashing/salting algorithm, each time a user wants to cast/edit or delete their vote, you can first generate the hash, then try to find a record with that hash value in the voting table, and act on it accordingly. ( insert if it doesn't exist, update if it does, and delete if the user wanted that)
Once the voting process is closed, you can even discard the hashed values for the answers for that voting process, so that there is no way ever to link the votes to users
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With