You're right that this is a simple electronic voting scheme. The thing
is that cryptographers are working on e-voting for decades and the idea
to use homomorphic commitments (or encryption) and zero-knowledge
proofs is not new in this area. It's rather the case that e-voting
inspired a lot of work on homomorphic crypto and related zero-knowledge
proofs. For example, range proofs are overkill in e-voting. You just
need to ensure that the sum of all my votes (over all candidates) is 1.
E-voting protocols typically require some "bulletin board", where
ballots are stored. A blockchain could indeed be helpful in specific
cases (but not in all cases)...
If you're interested in that stuff, I'd suggest you to read some
literature about e-voting. (For example,
https://arxiv.org/pdf/1801.08064 looks interesting for the connection
to blockchains -- I haven't read it though). There are pretty
sophisticated protocols in the literature. And I think that this
mailing list may not be the best place to discuss these.
On Sun, 2018-03-11 at 13:44 +0100, JOSE FEMENIAS CAÑUELO via bitcoin-
Post by JOSE FEMENIAS CAÃUELO via bitcoin-dev
If I understand Bulletproof Confidential Transactions properly, their
main virtue is being able to hide not the senders/receivers of a coin
but the amount transferred.
That sounds to me like a perfect use case for an election.
For instance, in my country, every citizen is issued a National ID
Card with a digital certificate.
So, a naive implementation could simply be that the Voting Authority,
sends a coin (1 coin = 1 vote) to each citizen above 18. This would
be an open transaction, so it is easily auditable.
Later on, each voter sends her coin to her preferred party, as part
of a Bulletproof CT, along with 0 coins to other parties to disguise
In the end, each party will accrue as may votes as coins received.
Is there any gotcha I’m missing here? Are there any missing features
required in Bulletproof to support this use case?
bitcoin-dev mailing list