Should we discontinue EVMs?

[Rahul Mehta]

Each of the 5 types will be separate chips from the fab's POV. How would you control and distinguish them? Also, chips come in asynchronously, CU boards gets assembled asynchronously, and the boards gets into the units asynchronously. The chips come in in lots, gets through quality control, and gets into store. They are then drawn into kits of daily assembly lots for issue into board assembly. You can't have control on the process without having very strict intrusive control in the production facility of BEL.

There are two separate theories : trojan-in-ROM and trojan-in-microcode .

Now first : do you have any questions with trojan in ROM theory? Except that it can be proved (after you get court order).

As per chips, you can

1. tell manufacture to send type-1 chips only from date D1 to D2, mark them as shipment-1 on the case which stores the chips.

2. tell manufacture to send type-2 chips only from date D2 to D3 etc.

In general chip arrive asynchronously. But if someone wants control, he can have control without raising any doubts.

This process is under control of top guys in BEL.

IOW, based on batch number, shipment number or any other label, top guy can know that all 100-200 chips in a box will be of type-k and type-k only. He can order the staff that use all boxes 1-N before you open box N+1. So the lot-1 will have only chips with type-1 trojan.

-----

Take the simple matter of mask id and batch code that is stamped on the device. The mask id MUST be different for the "types" because masks are different. If you stamp 5 different mask ids, the fab is required to explain the reason (where none can be given) and give verification test data for each masks. If they are forced into stamping the same mask id (impossible in a fab. Accuracy of mask id is paramount importance in QC of a fab), then you loose all traceability to which type chip you have within the package.

Then there is this issue of despatch. Orders are placed on BEL with instruction to ship certain qty to the constituencies. It needs intrusive control at despatch to ensure type match to a constituency.

If 'god forbid' a mixup happens, ie some machines of type 1 and some machines of type 2 gets sent to one constituency, you loose all bets. This is very easy to happen.

In all, the scheme is unviable.[/quote]

Wrong. All manufacturing process have tight control. Eg we are manufacturing some 2000 custom hw equipment. The manufacture has all the details of which chip went in which box. If the top guy wants control over this process, he can ensure that Lot-1 chips will go into Lot-1 EVMs only and no where else. Also, the mixup will be random and will hurt Congress , as all will benefit equally and lose equally.

---

Raja Bose,

Consider following conversion.

X : One can make fake Rs 500 notes
Y : Make a fake note to prove that.

You see the fallacy in argument of Y?

I have given a THREE step process to rig 100,000 booths. And each step explain what to do. Your posts have lots of "general" , vugue and universal counter-arguments, but does not spell out which step you think is infeasible. Such vague criticism is expect from BA in Moral Values type of people. But I expect technical counter-arguments from you.

[Raja Bose]

Consider following conversion.

X : One can make fake Rs 500 notes
Y : Make a fake note to prove that.

You see the fallacy in argument of Y?

People have already proven the above by presenting actual fake Rs.500 notes as evidence of excellent forgeries. Unfortunately you or anybody else have not done so with regard to the EVM. If you want to go by the above argument: Either provide a physical EVM which has been compromised in the way you suggest or build one. Now do you see the fallacy in your argument?

Considering your example, if one were to go by assumption X alone, then there would be no paper currency in this world!

[Rahul Mehta]

.... Either provide a physical EVM which has been compromised in the way you suggest or build one.

I showed you how 100,000 rigged EVMs can be made with 5 types of Trojan, each having a Trojan-k (1 <= k <= 5) in each.

And I showed you how they can be made to favor the congress candidate number by ensuring that nCandidates has one of the 15 values in 1-64.

Every step in my process is give to the LAST level of details.

[Dileep]

It is impossible to make 5 different chips and pass them off as the original to BEL. Drop that line of thought. It had a faint chance if it is only ONE rigged chip. 5 different chips is out of question.

Reasons:

1. Each of the 5 types have a different mask set. The wafer fab tracks production through the automatic lines based on mask id. So, if you start with certain mask set, the end product is going to come out with that mask id stamped on the chip. This is automated, and can't be changed.

2. When custom ICs are fabbed, the customer tracks them using the mask id. Any change in mask has a system to go around, and the fab gives a set of verification documents for the customer. The first step in incoming QC for custom fabs is verifying the mask id. You can't simply ask your staff to wink & nod this discrepancy, because a number of people in BEL is involved. They KNOW the chip is for EVM. They are citizens who vote. They will see through the foulplay.

3. The ICs are ALWAYS sample tested for power consumption, which is going to fail.

So, the only standing method is corrupting the software within BEL.

[Dileep]

Is it possible to insert FIVE DIFFERENT rigged binaries into sets of processors, while you are supposed to program only the original version? The answer is a resounding NO.

The software is a very tightly controlled entity. Replacing it even once is impossible. Think about switching around FIVE different versions.

That is not possible EVEN in RahulWorld.

[Rahul Mehta]

It is impossible to make 5 different chips and pass them off as the original to BEL. Drop that line of thought. It had a faint chance if it is only ONE rigged chip. 5 different chips is out of question.

Reasons:

1. Each of the 5 types have a different mask set. The wafer fab tracks production through the automatic lines based on mask id. So, if you start with certain mask set, the end product is going to come out with that mask id stamped on the chip. This is automated, and can't be changed.

2. When custom ICs are fabbed, the customer tracks them using the mask id. Any change in mask has a system to go around, and the fab gives a set of verification documents for the customer. The first step in incoming QC for custom fabs is verifying the mask id. You can't simply ask your staff to wink & nod this discrepancy, because a number of people in BEL is involved. They KNOW the chip is for EVM. They are citizens who vote. They will see through the foulplay.

I am familiar with ASIC manufacturing and has read about all these safeguards. All these processes are kept to ensure that mistakes dont happen, get detected if happen and someone in middle/bottom chain cannot make unauthorized changes. But all these process can be altered to ensure that TOP management of company *can* rig when they want, and in a way that no one can know. Here we are assuming that Japanese company collaborated to do what Sonia/Chawala and top guys in BEL asked. So these processes are not show stopper or speed breaker.

3. The ICs are ALWAYS sample tested for power consumption, which is going to fail.

The rigged part of the microcode is to be executed ONLY when EVM stays on for over 6 hours and nVotes exceeds 400. Since under test conditions EVM never stays on for 6 hours, this instruction will never invoked. And so the power consumption increase will never occur and never detected during tests.

--

So, the only standing method is corrupting the software within BEL. Is it possible to insert FIVE DIFFERENT rigged binaries into sets of processors, while you are supposed to program only the original version? The answer is a resounding NO. The software is a very tightly controlled entity. Replacing it even once is impossible. Think about switching around FIVE different versions.

Yes. And if the lock bits of OTP ROM are set, then ROM cannot be read. Out of good intentions, BEL could have decided to set lock bits lest someone can read ROM from stolen EVM. So now AFAIS, ROM cannot be read.

Now the topmost 3-4 guys *can* in BEL keep Binary#1 in Lot-1, Binary#2 in Lot-2, if they have decided to do so. The guys at top with 1-2 guys in middle can pull this trick. We are assuming that top 3-4 guys sold out (for cash or because they hated BJP). Now if they sold out, putting 5 different types of binaries, one in binary each Lot of 20000 EVMs is possible . You can keep claiming that even with (top 3 guys plus middle 2 guys), Sonia cant put rigged binaries in EVM. But this is a claim even Sonia-fans wont buy. No one has such faith in so called "processes", when humans at top decide to sell out.

-----

Now aside, why do my friends in electronics say that once lockbits are set, ROM cannot be read? And they say that it is common to set lockbits in all production to ensure that competitors and hackers cannot steal the code. So now are sure that ROM code can be read after setting lockbits? How? The processor will not co-operate with the device and send the ROM contents.

If ROM cannot be read, the rigger in BEL can peacefully rig the code. Who will ever prove that code was rigged, if ROM cannot be read back?

So pls re-answer this question : can OTP ROM be read after setting lock bits?

This is important. Because only thing that can stop people at top from putting trojan is "what if someone finds out". But if no ROM reader is there, then they can just relax and add all trojans they want.

[Pranav]

Supreme Court wants the hen to go to the fox for justice!

---------------------------------------------------------------------

SC declines to hear plea on 'faulty' EVMS
http://timesofindia.indiatimes.com/NEWS ... 824811.cms

Dhananjay Mahapatra, TNN 27 July 2009, 11:50am IST

NEW DELHI: The Supreme Court on Monday refused to entertain a PIL alleging susceptibility of electronic voting machines (EVMs) to manipulation.

A Bench headed by Chief Justice K G Balakrishnan while declining to hear the PIL, directed the petitioner, V V Rao, to make a representation before the Election Commission in connection with the matter, PTI reported.

Rao, in his petition, said several experts and election watch groups have claimed that EVMs could be manipulated. They have analyzed electronics results of several constituencies and indicated that there is something drastically wrong with the EVMs, the petition said.

The existing EVMs are vulnerable and should not be used for any election till the time the machines are made tamper proof, Rao claimed in his petition.

[Dileep]

I am familiar with ASIC manufacturing and has read about all these safeguards. All these processes are kept to ensure that mistakes dont happen, get detected if happen and someone in middle/bottom chain cannot make unauthorized changes. But all these process can be altered to ensure that TOP management of company *can* rig when they want, and in a way that no one can know. Here we are assuming that Japanese company collaborated to do what Sonia/Chawala and top guys in BEL asked. So these processes are not show stopper or speed breaker.

They are show stoppers. The operations are done by automatic machines. You can't reprogram them to fake a mask id. It is impossible to have five different chips to have the same mask id.

3. The ICs are ALWAYS sample tested for power consumption, which is going to fail.

The rigged part of the microcode is to be executed ONLY when EVM stays on for over 6 hours and nVotes exceeds 400. Since under test conditions EVM never stays on for 6 hours, this instruction will never invoked. And so the power consumption increase will never occur and never detected during tests.

It is not the execution. These are CIRCUITRY that is always powered up. Repeating the same misconception 1000 times won't make it so on silicon. The microcode makes silicon circuitry on the chip that must be powered up.

So, the only standing method is corrupting the software within BEL. Is it possible to insert FIVE DIFFERENT rigged binaries into sets of processors, while you are supposed to program only the original version? The answer is a resounding NO. The software is a very tightly controlled entity. Replacing it even once is impossible. Think about switching around FIVE different versions.

Yes. And if the lock bits of OTP ROM are set, then ROM cannot be read. Out of good intentions, BEL could have decided to set lock bits lest someone can read ROM from stolen EVM. So now AFAIS, ROM cannot be read.

Now the topmost 3-4 guys *can* in BEL keep Binary#1 in Lot-1, Binary#2 in Lot-2, if they have decided to do so. The guys at top with 1-2 guys in middle can pull this trick. We are assuming that top 3-4 guys sold out (for cash or because they hated BJP). Now if they sold out, putting 5 different types of binaries, one in binary each Lot of 20000 EVMs is possible . You can keep claiming that even with (top 3 guys plus middle 2 guys), Sonia cant put rigged binaries in EVM. But this is a claim even Sonia-fans wont buy. No one has such faith in so called "processes", when humans at top decide to sell out.

No. The top guys have no real control on the programming. The Quality engineer issues the documentation, the programmer burns and verifies the software, and the quality inspector checks the programming is correct.

OK, since you are repeating the "Top 3 guys" a lot, please detail how exactly they are going to replace the binaries.

1. The binary is kept by the Quality engineer.
2. The image is issued to the programmer station by the QE
3. The Quality Inspector checks the file size and MD5 hash of the binary.
4. The QI sets up the programming station by loading the binary, and using the built in size/checksum check of the programmer
5. The operator runs the shift programming the devices. The lockbit is not set at this time.
6. The QI does random checks on the devices to verify that they are programmed correctly.
6. The devices are sent for board assembly.
7. During board level testing the binary is read and the hash is checked.
8. After the functional test, the lockbit is set.

Now tell me, how the Top3 can corrupt this system?

Now aside, why do my friends in electronics say that once lockbits are set, ROM cannot be read? And they say that it is common to set lockbits in all production to ensure that competitors and hackers cannot steal the code. So now are sure that ROM code can be read after setting lockbits? How? The processor will not co-operate with the device and send the ROM contents.

If ROM cannot be read, the rigger in BEL can peacefully rig the code. Who will ever prove that code was rigged, if ROM cannot be read back?

So pls re-answer this question : can OTP ROM be read after setting lock bits?

If the lockbit is set, OTP ROM can not be read.

But a hash of the image can be read for the verification purpose.

[Dileep]

Supreme Court wants the hen to go to the fox for justice!

---------------------------------------------------------------------

SC declines to hear plea on 'faulty' EVMS
http://timesofindia.indiatimes.com/NEWS ... 824811.cms

Dhananjay Mahapatra, TNN 27 July 2009, 11:50am IST

NEW DELHI: The Supreme Court on Monday refused to entertain a PIL alleging susceptibility of electronic voting machines (EVMs) to manipulation.

A Bench headed by Chief Justice K G Balakrishnan while declining to hear the PIL, directed the petitioner, V V Rao, to make a representation before the Election Commission in connection with the matter, PTI reported.

Rao, in his petition, said several experts and election watch groups have claimed that EVMs could be manipulated. They have analyzed electronics results of several constituencies and indicated that there is something drastically wrong with the EVMs, the petition said.

The existing EVMs are vulnerable and should not be used for any election till the time the machines are made tamper proof, Rao claimed in his petition.

The next step is of course, going to the people

[Muppalla]

You forgot a big thing. All the judges are extremely corrupt. This is as per expectations onlee.

[vera_k]

I suppose it's a procedural matter. The people having concerns with EVMs have to sue the Election Commission as that is the agency using the devices.

[Dileep]

Well, mark my words. EVMs will be shot down. The disinformation campaign is on. The netas don't want them because they loose the "in control" feeling. That is irrespective of party.

Am I sad? No. People get what they deserve.

The only good thing happened is the increase in my post count.

[Muppalla]

Well, mark my words. EVMs will be shot down. The disinformation campaign is on. The netas don't want them because they loose the "in control" feeling. That is irrespective of party.

Am I sad? No. People get what they deserve.

The only good thing happened is the increase in my post count.

EVMs will NOT be shot down. The disinformationist have to prove themselves as right. The EC has to come public with all the information that they can to save the EVMS. Why should they hide anything as they are good anyway? Give the binary code and a process about how to verify them. Publish all the vendors and what they do.

I do not think there is any reason for EVMs to be shot down unless there is something to hide.

[Dileep]

It is the mindset Mupalla.

90% of the people don't understand anything about the EVM. And 90% of the babus believe in keeping secrets. The concept of "disclose if you don't have anything to hide" is alien in the Indian context. Here it is "hide everything unless you are forced to disclose"

So, EC is not going to disclose anything.

Even if EC discloses everything, netas will still incite people, because they wouldn't understand squat of it.

Let me ask this. How many of us, the readers of this thread, would understand if the source code is published?

I would, because I make a living out of that. But I am a supporter anyway!

Would RM? I don't think so. What about Pranav? No way. What about ravi_ku. I doubt it.

So, what is the use in publishing the code?

The ONLY way for the EVM to survive is by all parties agreeing to have an expert comittee, and to honour its recommendation.

But I have seen experts arguing at the Rahul Mehta levels of dishonesty. I HAVE debated with them myself, and got disgusted. (No, not Rahul Mehta. A well known professor, author of textbooks and principal of more than one govt engg colleges. He finally gave in though)

Imagine Rahul Mehta on the panel!! He can be nominated to the panel. After all, he has the qualifications.

Would that panel come to a verdict? Not till Rahul Mehta dies of natural causes at age 101. But all other panelists would be dead before him, so he will turn in a "NO" verdict anyway.

No Sah! EVMs will be shot down.

[Raja Bose]

EVMs will NOT be shot down. The disinformationist have to prove themselves as right.

Unfortunately in India, emotion and lemming-like behavior rules the senses right from day 0 - otherwise how do you think we got invaded so many times?

[Rahul Mehta]

Unfortunately in India, emotion and lemming-like behavior rules the senses right from day 0 - otherwise how do you think we got invaded so many times?

I thought in your world view, I was the only bad guy. But now it looks like each of the 114 cr commons, spare a few "self certified" rational people, is an idiot, moron, emotional (read : temperamental nutcase) and has lemming like behavior.

Dileep,

It is also possible that "experts" who support EVMs are dishonest. After all, "human processes" can stop a billion dollar fraud is nothing but a dishonest fraud. And statements like "Japanese have high ethics and so they will never rig a chip" is equally fraudulent statement.

And as for transparency, you yourself agree that ROM code cannot be read now if lockbits are set. And most likely, BEL would have set lockbits. So how will "transparency" ensure that code in EVMs is the trojan-free code BEL will show now?

I wont want to be any in committee. I believe in putting my views in public fora, such as website and/or advertisements or whatever, and let (sic) people decide. Yes, the people whom you call as stupid emotional morons are my God. Makkal Theerpu Mahesan Theerpu. I dont believe in expert committees. I personally know too many experts who are far far more corrupt that any neta you know (eg Ketan Desai of medical council)

[Rahul Mehta]

.

Anyone knows exactly when number of candidates are inputed in EVM?

I read somewhere that it is done just 1-2 day before EVM is sent to booth, but cant find that link.

I dont suspect any foul play here, and officer would always put right number of candidates. But in my write up, I want to include this link and exact paragraph from EC's manual.

[Tanaji]

And as for transparency, you yourself agree that ROM code cannot be read now if lockbits are set. And most likely, BEL would have set lockbits. So how will "transparency" ensure that code in EVMs is the trojan-free code BEL will show now?

Why do you MISLEAD repeatedly Rahul? I know, you are a neta agent... but even they dont lie as much as you do on this thread. This is what Dileep said:

If the lockbit is set, OTP ROM can not be read.

But a hash of the image can be read for the verification purpose.

You conveniently leave out the hash part of what Dileep said. It cant be an inadvertent slip, it must have been deliberate since you are a careful reader... What part of hash verification do you not understand? You have been given links before as to how hashes collisions are rare... and please do not use techobabble like "padding" to explain it.

Once again, it is clear that you are the flag bearer of whatever Neta's agenda that is supporting you. But at least stay truthful for once.

[Dileep]

It is also possible that "experts" who support EVMs are dishonest.

I satisfy my conscience, and thanks to one poor village farmer RIP, it is an honest one.

After all, "human processes" can stop a billion dollar fraud is nothing but a dishonest fraud. And statements like "Japanese have high ethics and so they will never rig a chip" is equally fraudulent statement.

Do not spin my words.

The Japanese have a highly evolved quality system by which they maintain how quality and performance levels. There will be plenty of Rahul'esq dishonest people there, but the system is made in such a way that a single, or small group of people can't subvert it.

Have you ever worked under an ISO 9000 system Rahul? I have and am. In fact I helped created the quality system for the plants that runs downstairs. Do you know what involves to change one binary in production.

Yes, It is next to IMPOSSIBLE to sneak something into ANY respectable production facility. In Japan, that is IMPOSSIBLE by any means.

And as for transparency, you yourself agree that ROM code cannot be read now if lockbits are set. And most likely, BEL would have set lockbits. So how will "transparency" ensure that code in EVMs is the trojan-free code BEL will show now?

Use the verify facility.

I wont want to be any in committee. I believe in putting my views in public fora, such as website and/or advertisements or whatever, and let (sic) people decide. Yes, the people whom you call as stupid emotional morons are my God. Makkal Theerpu Mahesan Theerpu. I dont believe in expert committees. I personally know too many experts who are far far more corrupt that any neta you know (eg Ketan Desai of medical council)

Sure. It is easy to influence the gullible public. Netas like you always do. Then you laugh at them. You can't tolerate honest and intelligent people who can hold a fact, worse, an opinion. Your kind kill an opponent and "go to the people". And of course, you tell the "makkal" what theerpu you like, and they give it to you.

[Rahul Mehta]

I usual, your post has more garbage and useful contents. I will reply to useful part.

But a hash of the image can be read for the verification purpose .

I replied to that before.

At the time of writing in a ROM, I can burn file-X in ROM and put hash image of file-Y in ROM, if the ROM burner allows me to do so. So while burning Trojan, I will be burning hash of Trojan-less file.

[Dileep]

At the time of writing in a ROM, I can burn file-X in ROM and put hash image of file-Y in ROM, if the ROM burner allows me to do so. So while burning Trojan, I will be burning hash of Trojan-less file.

The hash is generated by the controller itself from the binary. I gave you a reference datasheet of an Atmel controller. Read that to get an idea.

[Rahul Mehta]

The hash is generated by the controller itself from the binary. I gave you a reference datasheet of an Atmel controller. Read that to get an idea.

Dileep,

I am *assuming* here that chip maker will provide necessary all co-operation to Sonia to rig the chip needed to rig the poll.

So chip maker will provide me ways by which I can write some dummy-hash-bytes along with other bytes in ROM. And when chip is asked to provide the hash, it would not actually calculate the hash but instead provide that "dummy hash bytes" that I had put at the time of burning. Now I dont need "expert" to say that "such micro-controllers cant be made". Because I know they can made - it is TRIVIAL, more TRIVIAL than putting 5 Trojans.

But then, you claim that "Japanese are honest and would never assist Sonia in doing something against industry norms". . Such bhakhti has no cure. You can keep your bhakti. I dont wont to risk 100,000 booths just because you have bhakri in processes in BEL, Japanese integrity etc.

(Many times, when I claimed that task-X can be done with 100 guys, you claimed that it would need 1000 guys. This was still tolerable for me. But the bhakti you show in processes, Japanese chip makers etc is really irritating me and making me believe that it is bluff.)

[Tanaji]

Because I know they can made - it is TRIVIAL, more TRIVIAL than putting 5 Trojans

RahulWorld... where everything is trivial, space and time laws dont apply, everyone from PM, President, HM, EC, Collectors are corrupt.

Only Rahul Mehta is immune and honest.

Speaks volumes about the psychology doesn't it?

[Rahul Mehta]

RahulWorld... where everything is trivial, space and time laws dont apply, everyone from PM, President, HM, EC, Collectors are corrupt.

Only Rahul Mehta is immune and honest.

Speaks volumes about the psychology doesn't it?

Tanaji,

Can you one for a change confine to THREAD and TOPIC?

Since beginning, we had assumed that PM, Sonia, CEC, Union Home Min are corrupt. And since begging we have assumed that in Congress ruled states, DCs will provide all favors that cant later hurt him. And we also assumed that even in non-Congress states, DCs will provide small favors. Illicit favors from 1000s of middle/small employees was ruled out.

As pert my psychology , you have "proved" 1000s of times that I !@#$%^&* . And I have never disputed that. Why dont you ask admins to put that on FRONT page so that you dont have to repeat it again and again?

[Dileep]

Dileep,

I am *assuming* here that chip maker will provide necessary all co-operation to Sonia to rig the chip needed to rig the poll.

So chip maker will provide me ways by which I can write some dummy-hash-bytes along with other bytes in ROM. And when chip is asked to provide the hash, it would not actually calculate the hash but instead provide that "dummy hash bytes" that I had put at the time of burning. Now I dont need "expert" to say that "such micro-controllers cant be made". Because I know they can made - it is TRIVIAL, more TRIVIAL than putting 5 Trojans.

Read the datasheet. The hash is progressively built while programming, so having a fixed hash in the controller won't work. Because it will fail programming.

But then, you claim that "Japanese are honest and would never assist Sonia in doing something against industry norms". . Such bhakhti has no cure. You can keep your bhakti. I dont wont to risk 100,000 booths just because you have bhakri in processes in BEL, Japanese integrity etc.

You are a master of raising strawmen. You are now taking ONE out of the big list of difficulties in your path, and trying to pass that off as the single problem.

This is textbook case of strawman technique. That won't fly here.

Yes, it is one of the difficulties. So is a number of others. Each of the difficulty adds up to the total problem, and the net effect makes it astronomical.

(Many times, when I claimed that task-X can be done with 100 guys, you claimed that it would need 1000 guys. This was still tolerable for me. But the bhakti you show in processes, Japanese chip makers etc is really irritating me and making me believe that it is bluff.)

You are irritated because I am relentlessly pursuing your dishonest tactics, and proving them wrong. You are used to the other BRFites who give up after some time. You thought I would.

That is why you are irritated.

And I am not only irritated. I am indignated at the utter dishonesty you have shown here, raising out of the world arguments with the online equivalent of a "straight face".

[Tanaji]

Since beginning, we had assumed that PM, Sonia, CEC, Union Home Min are corrupt. And since begging we have assumed that in Congress ruled states, DCs will provide all favors that cant later hurt him. And we also assumed that even in non-Congress states, DCs will provide small favors. Illicit favors from 1000s of middle/small employees was ruled out.

Who is "we"? Just because you assume certain things about them, doesn't mean others do. You believe that there is a grand conspiracy between the CIA, the PM, the CEC, Sonia, HM and Collectors to rig the elections. A lot of us here do not subscribe to this theory. Your efforts at peddling this theory have been objected to and proved to be either physically, mathematically, technically impossible or were found to be possible but impractical.

Just because reality does not agree with RahulWorld doesn't mean others have to ignore reality like you do. We like obeying time and space laws, thank you, very much.

[Dileep]

None of the EVM baiters in the main media claimed these corruption. In fact RM himself won't dare to raise them in the public media. He started with Chawla as corrupt. When that didn't fly, he kept increasing the corruption index.

It still doesn't fly.

I am sure he will up the ante till he accuse the rest of the 1,199,999,999 citizens of this country is corrupt.

It still wouldn't fly.

Then, a curious thing will happen. RM is not programmed to accept defeat. So, the next step would be either to accept defeat, or accuse that RM himself (since everyone else in the country is already accused to be corrupt) is corrupt.

Like the bot in Star Trek, he will then self destruct

[Sanku]

Like the bot in Star Trek, he will then self destruct

My god Dileep, you have seen THAT episode and remember it? You are OLD

[vera_k]

If there is a case to be made against the EVMs, it can be based off the Indiresan Committee's report. The Indiresan Committee's report acknowledged the possibility of a trojan based attack, and asked for the addition of timestamped keystroke logging as a defensive mechanism in new EVMs.

The point was brought up that the keystroke logging is not a sufficient defense for the possibility of a trojan because the trojan can always tamper with the log to hide the activation keystrokes. That makes sense to me.

In fact a simple trojan that just splits votes evenly between the top 2 or 3 scoring candidates on a machine should not even need activation. But collectively such EVMs will skew results if they are predominantly used in booths favoring one party or the other.

[Raja Bose]

I thought in your world view, I was the only bad guy. But now it looks like each of the 114 cr commons, spare a few "self certified" rational people, is an idiot, moron, emotional (read : temperamental nutcase) and has lemming like behavior.

You don't have to be a bad guy to do something bad (Road to Hell is Paved with Good Intentions). You fall in that category (Dileep might not agree with me there! ). As to the claims of "self-certified", you are the only one I see on this thread who is "self-certified". The rest of us do this stuff for a living (where self-certification is not a valid option) and going by your responses in the last few pages, I sure hope you don't!

And please spare us this "taking it to the commons" BS - you know as well as I do that most of the 114 cr commons are not qualified to assess the technology behind the EVM and will fall for whatever techno-babble you peddle as long as it sounds somewhat plausible (they will never realize that God is in the details). They will be impressed that you have a computer degree from US and yet it will never cross their mind that your knowledge of embedded systems is equivalent to my knowledge of cardiac surgery. It does not imply that the commons are idiots or morons, it is just that everybody cannot be expected to be technically qualified enough to understand the nuances. Hence, all your grandiose claims of letting the commons make the judgement is just one of subtly influencing them to make the judgement you like. This is a time worn technique used by every 2-bit neta we have, to incite the public to do the dirty work (now do I have to teach you history?) - you bet the commons are your God! And given our prickly Nehruvian sense of self-importance, God forbid if one tells a common that he/she may not be technically qualified to judge the security or lack thereof of an EVM - That is why you have expert committees and distinguished panels.

Again, I ask you...Build and show what you are claiming. Repeating your theory 1000 times does not make it a theorem...this is not the religious theology we are talking about. Once you show the technical part, then we can move on to the execution phase of involving Chawla, his goons, their mother-in-laws etc. If you cannot present an implementation of your theory, your theory is no good practically - isn't that what distinguishes engineering from pure mathematics? - you should know, since you claim to be an engineer.

[Muppalla]

I blame this EVM phobia squarely on the EC and the associated babus. There are ample ways to just make all these freaks shut up. Their un-necessary and useless secrecy is creating the devils in the minds of the people and the exploiters.

They should just publish a document and videos in YouTube for every allegation that is coming out to beat out the freaks.

[Rahul Mehta]

If there is a case to be made against the EVMs, it can be based off the Indiresan Committee's report. The Indiresan Committee's report acknowledged the possibility of a trojan based attack, and asked for the addition of timestamped keystroke logging as a defensive mechanism in new EVMs. The point was brought up that the keystroke logging is not a sufficient defense for the possibility of a trojan because the trojan can always tamper with the log to hide the activation keystrokes. That makes sense to me. In fact a simple trojan that just splits votes evenly between the top 2 or 3 scoring candidates on a machine should not even need activation. But collectively such EVMs will skew results if they are predominantly used in booths favoring one party or the other.

In the Modulo-5 trojan scheme I mentioned, the Trojans are inserted at the time of burning ROM. And ROM cant be read, and if chip is made to give a planted hash, it would give planted hash. So there is no way to detect a trojan attack if it happened from top.

A trojan that would favor Recognized Parties over unrecognized/independents can also be made. And all elitemen would favor them, as that would reduce the pain they to take in bribing newcomers.

---

Raja Bose,

We commons are very much capable of judging that the scaremongering against paper ballots you have created is fake. We are capable of judging that if there is camera in booth, and actions in booth areas are tried in fast track courts, rigging will become nearly impossible. As per you argument to build something, I can build the rigged Modulo-5 Trojans which I mentioned.

[Dileep]

In the Modulo-5 trojan scheme I mentioned, the Trojans are inserted at the time of burning ROM. And ROM cant be read, and if chip is made to give a planted hash, it would give planted hash. So there is no way to detect a trojan attack if it happened from top.

The hash is verified after each byte is written while programming. So, a fixed hash will not work, as the programming operation will fail.

In any case, you need to make a modified controller to do it, which I have proven is impossible. The logic for faking each and every hash cycle, as the memory is being programmed, will be trememdously huge to even fit in a chip.

A trojan that would favor Recognized Parties over unrecognized/independents can also be made. And all elitemen would favor them, as that would reduce the pain they to take in bribing newcomers.

Of course ANY kind of trojans could be made, but none could be loaded on the controller, that's all.

Raja Bose,

We commons are very much capable of judging that the scaremongering against paper ballots you have created is fake. We are capable of judging that if there is camera in booth, and actions in booth areas are tried in fast track courts, rigging will become nearly impossible. As per you argument to build something, I can build the rigged Modulo-5 Trojans which I mentioned.

You are not a commoner. You are a Neta. An intelligent and crooked one to boot.

Yes, you can make any kind of trojan, but you haven't shown one viable way to get it into the chip

[Dileep]

If there is a case to be made against the EVMs, it can be based off the Indiresan Committee's report. The Indiresan Committee's report acknowledged the possibility of a trojan based attack, and asked for the addition of timestamped keystroke logging as a defensive mechanism in new EVMs.

The point was brought up that the keystroke logging is not a sufficient defense for the possibility of a trojan because the trojan can always tamper with the log to hide the activation keystrokes. That makes sense to me.

In fact a simple trojan that just splits votes evenly between the top 2 or 3 scoring candidates on a machine should not even need activation. But collectively such EVMs will skew results if they are predominantly used in booths favoring one party or the other.

What if the keylog is one time programmable?

[Dileep]

Since Rahul Mehta is bringing back old dead arguments back:

1. It is impossible to replace chips at the foundry
- The rigged chip will be a new maskset, which will result in creation of a multitude of traceable records in the fab line.
- The records are made by automatic machinery, and also by a large team of engineers, operators and QC personnel, in various shifts and departments.
- Many of these records will go to BEL, and get into the QC system.
2. A replaced chip will be detected at BEL
- Verification of mask id, datecode, fab traceability records, test reports.
- Power consumption
- Benchmark failure
3. It is impossible to replace a binary at BEL
- BEL Quality system, involving engineers and operators at all levels, in various shifts and departments.
4. A replaced binary will be detected at BEL, or later.
- Hash check, which can't be faked, since the hash is incrementally verified at programming time.

So, you can't get a trojan in.

[Raja Bose]

We commons are very much capable of judging that the scaremongering against paper ballots you have created is fake. We are capable of judging that if there is camera in booth, and actions in booth areas are tried in fast track courts, rigging will become nearly impossible.

1) You are not a common so please drop the "We". Again a trick our 2-bit netas use to convince the masses that they are one of the commons onlee yet all along they sneer at the commons' gullibility which they are taking advantage of. Whipping up the masses is truly an art-form in the Indian political scene.

2) There is no scare mongering against paper ballots. In fact, all the scare-mongering seems to be against EVMs despite the fact that you don't have one iota of physical proof - Sorry sir, but in the real life one demands actual results NOT paper theories. And what's all this so-called action in fast track courts? Do we have them, do they work, how successful are they? - again more theories and paper castles built on thin air.

As per you argument to build something, I can build the rigged Modulo-5 Trojans which I mentioned.

Good. Now do it and put in inside an EVM and show us how it will work/success ratio etc. instead of just claiming that you can do it.

[vera_k]

So, you can't get a trojan in.

Why does the Indiresan Committee think one can? The committee could have relied on the technical explanation of impossibility. That they did not, and had to ask for improvements to mitigate the attack is not reassuring.

[Rahul Mehta]

Why does the Indiresan Committee think one can? The committee could have relied on the technical explanation of impossibility. That they did not, and had to ask for improvements to mitigate the attack is not reassuring.

1. How many EVMs did Indiresan Committee chose at random and reverse engineered it.
(I think : ZERO)

2. Did they check that chip is not using its pin as RF prob and chip does NOT have an RF "receive only no send". (I think : NO)

3. Did they actually read the hash from ROM of EVM and verified that hash is same as that of binary to be used ? (I think : NO)

4. Did they compiled the source code themselves and checked that binary that comes has same hash code as the one CPU gives?

5. DId they even consider the possibility that Japanese could have rigged the chip?

----

IOW, Indiresan Committee only saw documentation and demo. So all their report says is : Demo and documentations are not rigged . It says nothing about EVMs actually in field.

---

(My friends in electronics says that "receive only no send" RF can fit on microcontroller. No one does it as commercial app need sending IDs and ACK. But if one has application like sending candidate number to EVM, it can be done for a price. He will get more details and I will then post more details. And the guy in van need not know that he is rigging EVMs. He could be just thinking that he is driving the van on a route and the van can have equipment that do it).

[Rahul Mehta]

Now do it and put in inside an EVM and show us how it will work/success ratio etc. instead of just claiming that you can do it.

Sure. Ship me EVM PCBs and boxes with rigged chips I suggested (chip has to take code and a wrong hashcode and spit out hash code when asked). The trojan code is ready. I need to see the manual of the chip to write the trojan in that chip's assembly. Thats would take me a few days. Then rigged EVMs with modulo-5 trojans will be at your door step.

.

[Dileep]

So, you can't get a trojan in.

Why does the Indiresan Committee think one can? The committee could have relied on the technical explanation of impossibility. That they did not, and had to ask for improvements to mitigate the attack is not reassuring.

A security measure may have many useful features. Quoting one of them doesn't mean that the corresponding threat is possible. Condoms protect you against STD. You use condom while having sex with your wife. Does that mean your wife have STD?

The keylogging is a good security measure in any case. For example, if you see that a number of votes cast in quick succession, with a delay just over the set guard limit, you can infer that there is something fishy.