[bitcoin-dev] Bulletproof CT as basis for election voting?

ZmnSCPxj ZmnSCPxj at protonmail.com
Mon Mar 12 04:14:42 UTC 2018


Good morning Jose,

By my understanding, the sender needs to reveal some secrets to the receiver, and the receiver will then know if it received 0 or 1 coin from that sender.  (At least from my understanding of MimbleWimble; it might not be the case for CT, but MW is an extension of CT so...)

If voters send vote-coins directly to The Party, then The Party knows the votes of particular voters, and may then dispatch subcontractors to dispatch those voters.  It may be possible to have aggregators/mixers, but then you would have to trust the aggregators/mixers operate correctly and send to the correct destination party, and that the mixers are not recording voters.

Maybe in combination with something like CoinSwap or CoinJoin protocol would work to obscure the source of coins: a voter would have to swap several times with many, many other voters to ensure increased anonymity set (and then maybe some voters may report their transactions to The Party).

In any case sending directly from the tx of the Voting Authority to another tx to your selected The Party would let The Party members who secretly control the Voting Authority records to figure out, which voters got which txouts of the Voting Authority (presumably the Voting Authority has strict public records of which txout went to which voter, in order to prevent the Voting Authority secretly giving multiple vote-coins to a single One Man, All Votes).

Regards,
ZmnSCPxj


​Sent with ProtonMail Secure Email.​

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐

On March 11, 2018 8:44 PM, JOSE FEMENIAS CAÑUELO via bitcoin-dev <bitcoin-dev at lists.linuxfoundation.org> wrote:

> If I understand Bulletproof Confidential Transactions properly, their main virtue is being able to hide not the senders/receivers of a coin but the amount transferred.
> 
> That sounds to me like a perfect use case for an election.
> 
> For instance, in my country, every citizen is issued a National ID Card with a digital certificate.
> 
> So, a naive implementation could simply be that the Voting Authority, sends a coin (1 coin = 1 vote) to each citizen above 18. This would be an open transaction, so it is easily auditable.
> 
> Later on, each voter sends her coin to her preferred party, as part of a Bulletproof CT, along with 0 coins to other parties to disguise her vote.
> 
> In the end, each party will accrue as may votes as coins received.
> 
> Is there any gotcha I’m missing here? Are there any missing features required in Bulletproof to support this use case?
> 
> bitcoin-dev mailing list
> 
> bitcoin-dev at lists.linuxfoundation.org
> 
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev




More information about the bitcoin-dev mailing list