public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Tim Ruffing <tim.ruffing@mmci.uni-saarland.de>
To: bitcoin-dev@lists.linuxfoundation.org
Subject: Re: [bitcoin-dev] Bulletproof CT as basis for election voting?
Date: Mon, 12 Mar 2018 10:32:55 +0100	[thread overview]
Message-ID: <1520847175.2339.14.camel@mmci.uni-saarland.de> (raw)
In-Reply-To: <90096274-9576-4A08-A86A-E1C4F3E3B5DE@gmail.com>

You're right that this is a simple electronic voting scheme. The thing
is that cryptographers are working on e-voting for decades and the idea
to use homomorphic commitments (or encryption) and zero-knowledge
proofs is not new in this area. It's rather the case that e-voting
inspired a lot of work on homomorphic crypto and related zero-knowledge 
proofs. For example, range proofs are overkill in e-voting. You just
need to ensure that the sum of all my votes (over all candidates) is 1.
 
E-voting protocols typically require some "bulletin board", where
ballots are stored. A blockchain could indeed be helpful in specific
cases (but not in all cases)...

If you're interested in that stuff, I'd suggest you to read some
literature about e-voting. (For example, 
https://arxiv.org/pdf/1801.08064 looks interesting for the connection
to blockchains -- I haven't read it though). There are pretty
sophisticated protocols in the literature. And I think that this
mailing list may not be the best place to discuss these.

Best,
Tim 



On Sun, 2018-03-11 at 13:44 +0100, JOSE FEMENIAS CAÑUELO via bitcoin-
dev wrote:
> If I understand Bulletproof Confidential Transactions properly, their
> main virtue is being able to hide not the senders/receivers of a coin
> but the amount transferred.
> That sounds to me like a perfect use case for an election.
> For instance, in my country, every citizen is issued a National ID
> Card with a digital certificate. 
> So, a naive implementation could simply be that the Voting Authority,
> sends a coin (1 coin = 1 vote) to each citizen above 18. This would
> be an open transaction, so it is easily auditable.
> Later on, each voter sends her coin to her preferred party, as part
> of a Bulletproof CT, along with 0 coins to other parties to disguise
> her vote.
> In the end, each party will accrue as may votes as coins received.
> 
> Is there any gotcha I’m missing here? Are there any missing features
> required in Bulletproof to support this use case?
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev


      parent reply	other threads:[~2018-03-12  9:33 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-03-11 12:44 [bitcoin-dev] Bulletproof CT as basis for election voting? JOSE FEMENIAS CAÑUELO
2018-03-12  4:14 ` ZmnSCPxj
2018-03-12  6:46   ` ZmnSCPxj
2018-03-12  9:32 ` Tim Ruffing [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1520847175.2339.14.camel@mmci.uni-saarland.de \
    --to=tim.ruffing@mmci.uni-saarland.de \
    --cc=bitcoin-dev@lists.linuxfoundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox