From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 0D7C91027 for ; Mon, 12 Mar 2018 04:14:52 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail4.protonmail.ch (mail4.protonmail.ch [185.70.40.27]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id EED5F8B for ; Mon, 12 Mar 2018 04:14:50 +0000 (UTC) Date: Mon, 12 Mar 2018 00:14:42 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=default; t=1520828088; bh=lsPppiIuC6UwAJNKsYPH68AcZ8n5vkccOre7LBK/pA8=; h=Date:To:From:Reply-To:Subject:In-Reply-To:References:Feedback-ID: From; b=Jk9oR8vG7mcO9umqI+yG8l+8K9yxz8WL/UGYHeg/oux0HItNjfY89JpBUDE6lJvN5 hkpvYlYWLiGPk4SHBCCZqL1+ZWwtZ2Yy5S6YfVS1nPkk4KNCPVJwEXBKup6Je6QTq+ hhnpZRTVLm8IWS1InvgPPCzGk3mjigLytWW5q1KQ= To: =?UTF-8?Q?JOSE_FEMENIAS_CA=C3=91UELO?= , Bitcoin Protocol Discussion From: ZmnSCPxj Reply-To: ZmnSCPxj Message-ID: In-Reply-To: <90096274-9576-4A08-A86A-E1C4F3E3B5DE@gmail.com> References: <90096274-9576-4A08-A86A-E1C4F3E3B5DE@gmail.com> Feedback-ID: el4j0RWPRERue64lIQeq9Y2FP-mdB86tFqjmrJyEPR9VAtMovPEo9tvgA0CrTsSHJeeyPXqnoAu6DN-R04uJUg==:Ext:ProtonMail MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, FROM_LOCAL_NOVOWEL, RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Mon, 12 Mar 2018 13:11:24 +0000 Subject: Re: [bitcoin-dev] Bulletproof CT as basis for election voting? X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Mar 2018 04:14:52 -0000 Good morning Jose, By my understanding, the sender needs to reveal some secrets to the receive= r, and the receiver will then know if it received 0 or 1 coin from that sen= der. (At least from my understanding of MimbleWimble; it might not be the = case for CT, but MW is an extension of CT so...) If voters send vote-coins directly to The Party, then The Party knows the v= otes of particular voters, and may then dispatch subcontractors to dispatch= those voters. It may be possible to have aggregators/mixers, but then you= would have to trust the aggregators/mixers operate correctly and send to t= he correct destination party, and that the mixers are not recording voters. Maybe in combination with something like CoinSwap or CoinJoin protocol woul= d work to obscure the source of coins: a voter would have to swap several t= imes with many, many other voters to ensure increased anonymity set (and th= en maybe some voters may report their transactions to The Party). In any case sending directly from the tx of the Voting Authority to another= tx to your selected The Party would let The Party members who secretly con= trol the Voting Authority records to figure out, which voters got which txo= uts of the Voting Authority (presumably the Voting Authority has strict pub= lic records of which txout went to which voter, in order to prevent the Vot= ing Authority secretly giving multiple vote-coins to a single One Man, All = Votes). Regards, ZmnSCPxj =E2=80=8BSent with ProtonMail Secure Email.=E2=80=8B =E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90 Original Me= ssage =E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90 On March 11, 2018 8:44 PM, JOSE FEMENIAS CA=C3=91UELO via bitcoin-dev wrote: > If I understand Bulletproof Confidential Transactions properly, their mai= n virtue is being able to hide not the senders/receivers of a coin but the = amount transferred. >=20 > That sounds to me like a perfect use case for an election. >=20 > For instance, in my country, every citizen is issued a National ID Card w= ith a digital certificate. >=20 > So, a naive implementation could simply be that the Voting Authority, sen= ds a coin (1 coin =3D 1 vote) to each citizen above 18. This would be an op= en transaction, so it is easily auditable. >=20 > Later on, each voter sends her coin to her preferred party, as part of a = Bulletproof CT, along with 0 coins to other parties to disguise her vote. >=20 > In the end, each party will accrue as may votes as coins received. >=20 > Is there any gotcha I=E2=80=99m missing here? Are there any missing featu= res required in Bulletproof to support this use case? >=20 > bitcoin-dev mailing list >=20 > bitcoin-dev@lists.linuxfoundation.org >=20 > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev