Topic: A fraud-proof voting system based on Bitcoin and Zerocoin - page 2. (Read 9088 times)

This is partially true (and may indeed be an advantage of the blockchain-based system, although I would still accept it if my government did the blind-signature thing).  However, even in the system described by me (which is of course not my invention, but I don't find a good link at the moment) every participant can check that their vote was actually counted, and that not too many votes have been cast in total.  It is true, though, that the authority could publish fake votes for those voters that don't exercise their right to vote (and that it could get away with forging votes if the voters don't check them).  It needs active control by the voters, but the possibility is there to uncover any fraud attempts.

If the central authority cheats, how would you know? With a blockchain, the evidence is in the inconsistency between the results the authority announces, and the results indicated by the blockchain. With a central authority that "keeps track that no-one votes twice", there's no way to know if the central authority is doing its job.


Yes, it's totally anonymous, because the step where the ZeroVoteCoin is redeemed for a VoteCoin doesn't reveal which VoteCoin was used to mint the ZeroVoteCoin that's being redeemed.

Is this vote anonymously ?

It is also in this case.  And as I explained, I'm of the impression that you need a central authority for voting anyway (at least to specify who is allowed to vote, like a citizen registry).  The only real need for the central authority in the blind signature scheme is for signing votes, which corresponds basically "only" to this function of voter registry.

You don't need to trust a central authority. The vote is publicly auditable.

I always thought that it would be possible to implement a public, verifiable and still "private" voting system based on blind signatures only, without the need of such complicated constructs like Zerocoin?  It needs a central authority, but I presume that this is inevitable for votes anyway because someone must be in charge of putting the voted-for government into office and things like this.  (And one needs a registry of voters, as already specified in the OP.)

Then each voter can (authenticated by their public key) can have their vote blind-signed by the authority, which keeps track that no-one votes twice.  But because of the blinding, they cannot determine who voted for which candidate.  In the end, everyone publishes their unblinded vote through some anonymous channel (e. g., Tor).  All votes are displayed publicly, such that everyone can check the result, that each vote is signed by the authority, that their own vote is contained and that the number of votes matches that of participants and whatever else they want.

What's the advantage of a blockchain based protocol?

True, if you consider vote buying a type of electoral fraud, the scheme is not fraud-proof. I think a variation of this scheme could probably be made that's resistant to vote buying too, using tamper-resistant hardware devices that generate and store a random private key and serial number, and limit the voter's access to them. The device could be designed to destroy the private key and serial number upon use, and each voter would return their device to the electoral body, who would be responsible for verifying that it hadn't been tampered with, after they've voted.

hmm  I think I made a similar proposal in a thread a bit back, but not with the zerocoin bit.

Yes because you retain the private key you can prove you voted for X.  So the system breaks down. 

Seems good, despite the fact that you could still sell your voting right to someone else...

Thanks   Hmm, it hadn't even occurred to me that it might be patentable. I'm borrowing everything from already existing schemes.


The same key-pair could be used for different votes. The important thing is that the private key remain secret.

Very interesting

Could the same key-pair be used for different votings or for each voting you would need a new key-pair to be associated with each voter identity?

That... looks absolutely fantastic.

If you can patent that, I would suggest you do so.

This post in Reddit inspired me to come up with a way to use Bitcoin technology to create a voting system that is both fraud proof and private (conceals who people voted for).

I believe this is possible using a blockchain modeled on Bitcoin and the Zerocoin extension.

Here's how it would work:

There would be a public record showing the name of each voter and the public key that is linked to them. The public key is provided by the voter themselves, so they can be certain that only they have the private key for it.

It would be something like this, just more comprehensive in terms of the personal details posted about the voter (it has to be enough information to identify each person):

Voter name	Voter pubkey
Alice	1D7JGuHSq3oTzLPnD4VEFuGhunM2FcMfMq
Bob	1FxpXuFQw5nVHBt5rdmC4c8FgCbZ9NXQ1a
Carol	12aTDVyvthfLtxSeJHVbJ8MG5GRhVJr6Lo
Dan	12bKM37peormM5anhKeBB4qVdVKotmfNUw
Erin	186P6ZnpiERtpcv5GoVQiW3ns5DK1pQL8D

Next, each voter would be credited with 1 VoteCoin to their public address. Before a certain date, all voters would be required to mint a ZeroVoteCoin, which must be paid for with their 1 VoteCoin (which they can spend using their private key), similar to the Zerocoin scheme where a bitcoin is spent to mint a zerocoin. They would save the secret serial number they used to mint the ZeroVoteCoin, for later use.

On election day, each voter uses their secret serial number to create a zero knowledge proof that they minted a ZeroVoteCoin, in order to redeem their ZeroVoteCoin for a VoteCoin, and credits the new VoteCoin to the public key of the candidate they want to vote for. The candidate with the most VoteCoins is elected. Since the Zerocoin scheme obscures which VoteCoin credited the ZeroVoteCoin that was later redeemed, the public knows that a particular VoteCoin was used, by a particular person, but not which candidate they voted for.

See a graphical representation below (click for large version):