Discussion:
[bitcoin-dev] Bulletproof CT as basis for election voting?
JOSE FEMENIAS CAÑUELO via bitcoin-dev
2018-03-11 12:44:47 UTC
Permalink
If I understand Bulletproof Confidential Transactions properly, their main virtue is being able to hide not the senders/receivers of a coin but the amount transferred.
That sounds to me like a perfect use case for an election.
For instance, in my country, every citizen is issued a National ID Card with a digital certificate.
So, a naive implementation could simply be that the Voting Authority, sends a coin (1 coin = 1 vote) to each citizen above 18. This would be an open transaction, so it is easily auditable.
Later on, each voter sends her coin to her preferred party, as part of a Bulletproof CT, along with 0 coins to other parties to disguise her vote.
In the end, each party will accrue as may votes as coins received.

Is there any gotcha I’m missing here? Are there any missing features required in Bulletproof to support this use case?
Tim Ruffing via bitcoin-dev
2018-03-12 09:32:55 UTC
Permalink
You're right that this is a simple electronic voting scheme. The thing
is that cryptographers are working on e-voting for decades and the idea
to use homomorphic commitments (or encryption) and zero-knowledge
proofs is not new in this area. It's rather the case that e-voting
inspired a lot of work on homomorphic crypto and related zero-knowledge
proofs. For example, range proofs are overkill in e-voting. You just
need to ensure that the sum of all my votes (over all candidates) is 1.

E-voting protocols typically require some "bulletin board", where
ballots are stored. A blockchain could indeed be helpful in specific
cases (but not in all cases)...

If you're interested in that stuff, I'd suggest you to read some
literature about e-voting. (For example,
https://arxiv.org/pdf/1801.08064 looks interesting for the connection
to blockchains -- I haven't read it though). There are pretty
sophisticated protocols in the literature. And I think that this
mailing list may not be the best place to discuss these.

Best,
Tim



On Sun, 2018-03-11 at 13:44 +0100, JOSE FEMENIAS CAÑUELO via bitcoin-
Post by JOSE FEMENIAS CAÑUELO via bitcoin-dev
If I understand Bulletproof Confidential Transactions properly, their
main virtue is being able to hide not the senders/receivers of a coin
but the amount transferred.
That sounds to me like a perfect use case for an election.
For instance, in my country, every citizen is issued a National ID
Card with a digital certificate.
So, a naive implementation could simply be that the Voting Authority,
sends a coin (1 coin = 1 vote) to each citizen above 18. This would
be an open transaction, so it is easily auditable.
Later on, each voter sends her coin to her preferred party, as part
of a Bulletproof CT, along with 0 coins to other parties to disguise
her vote.
In the end, each party will accrue as may votes as coins received.
Is there any gotcha I’m missing here? Are there any missing features
required in Bulletproof to support this use case?
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
ZmnSCPxj via bitcoin-dev
2018-03-12 04:14:42 UTC
Permalink
This post might be inappropriate. Click to display it.
ZmnSCPxj via bitcoin-dev
2018-03-12 06:46:39 UTC
Permalink
This post might be inappropriate. Click to display it.
Loading...