Pages:
Author

Topic: Bitcoin's first industrial purpose (Read 4225 times)

legendary
Activity: 2940
Merit: 1090
January 27, 2012, 07:09:40 PM
#31
Yes, it seems clear here that the voter is being given a "private key" that someone else, or a machine controlled by someone else, already has or generates on the spot and possibly retains copies of and possibly even transmits by some means to remote backups.

That is not at all the same thing as a private key in any normal "Alice and Bob" scenario.

"Alice and Bob" normally are not accustomed to asking attacker A to provide Alice with "her" private key... Normally she generates it "herself".

-MarkM-
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
January 27, 2012, 06:24:48 PM
#30
Luckily PulpSpy meanwhile took out some speculations on how all the voters use bitcoins to vote in his concept. As a very radical enemy of voting machines I still have to answer to this one:

Voting MUST be anonymous and you must be able to prove our assigned ID is unique (but not linked to you which defeats anonymity).

Both can be accomplished with digital signatures.

Imagine a two part system

Verification & Public Key Creation
Voter verifies identity and is given a smart card.  He uses a terminal which verifies his voter ID and generates a 128 bit nonce.  The hash of voter ID and nonce is the private key.  The terminal could then print this nonce out or provide it as a QR code.   The terminal generates a public key from this private key.  The smart card is loaded with public key.

Voting & Vote Counting
User inserts smartcard, and votes.  The voting record is digitally signed by public key and added to vote log (which is made public via a website).  Later voter can use his private key to ensure that vote is in vote log and hasn't been modified.

How can I be sure there is not Dummy1 through Dummy1000000000 that the above mentioned machine assigns the right to vote, too?

I see no way to allow purely digital voting that I would vouch for. The voter has to understand the process and be able to verify the process end to end with no idea of hardware and software.
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
January 27, 2012, 06:15:50 PM
#29
How will using the blockchain but not bitcoins themselves change the value of the coins?
Or do you mean bitcoin as a technology ?

If bitcoin was used as a standard tool at the heart of democracy as part of its voting process by any bigger country, this would give it a ton of trust. This country could not just outlaw bitcoin over 13 guns being sold over at the silk road.
newbie
Activity: 6
Merit: 0
January 27, 2012, 02:12:53 PM
#28
I am one of the authors of CommitCoin. I wanted to add a few points of clarification about CommitCoin to the discussion. The paper is available here:

http://people.scs.carleton.ca/~clark/papers/2012_fc.pdf

Does CommitCoin fork the blockchain?

No. It uses the same blockchain as Bitcoin.

Does CommitCoin burn money?

No. CommitCoin is actually carefully designed to not burn money. Instead of doing the obvious thing, substituting a message for a public key fingerprint and sending coins to it, we propose substituting the message in for the private signing key of a new account. You then compute the resulting public key and public key fingerprint, and sending 2 small amounts of bitcoins (for example the minimum transaction) to the new account.

Then using the new account, we send the 2 amounts of bitcoins back to the original account one at a time. This does a few things: (1) it introduces the actual public key (not just fingerprint) into the transcript, (2) by sending the money back, nothing gets burned, and (3) we use a crypto trick: for the second transaction, we use the same randomness in the ECDSA signature as we did for the first signature. This causes the private key to leak: you can compute it by inspecting the values in the block chain. Since the private key is actually the message, you can thus compute the message.

Is this safe to do?

It is not exactly riskless. First you have to make sure that the message has enough randomness to function as a private key. We sidestep this issue by only putting "commitments" (which are randomized) into the block chain.

The first transaction sending the money back to the original account is safe.

The earliest peers to receive the second transaction can compute the private key, and thus create a different transaction (signed with the right key, which they just learned) sending the amount to themselves for instance. If they rebroadcast their fraudulent competing transaction fast enough, or include it in a block that they themselves solve, it may get put into the block chain instead the real one.

This still doesn't burn money (no impact on inflation) but users of CommitCoin should be prepared to "pay" a small amount if the nodes are dishonest.

How do you build a voting system from this?

The article may not have captured this fully: the verifiable voting example is 95% Scantegrity and only 5% CommitCoin. We are only adding a small amount of additional verification for a particular corner case in Scantegrity.

Scantegrity is an electronic optical scan voting system. You vote on paper and the paper is collected, but it is also scanned electronically (the tallies from both should match and this is standard optical scan). But even if someone were able to modify both the paper ballots and hack the database, Scantegrity will be able to detect it; it uses an additional layer of verification based on crypto. It is a very cool voting system and worth looking into more. The main designer is David Chaum, who pioneered cryptographic cash. Scantegrity on Wikipedia:
http://en.wikipedia.org/wiki/Scantegrity

CommitCoin is used only once in the election. It is used to commit to some election auditing data that must have been generated before the election starts for the audit to be valid. Since CommitCoin allows you to "carbon date" messages, you can come along after the election and be sure the election data was fixed prior to the voting period.

It is not the case that every voter is sending their votes into the block chain (although this could be an interesting modification).

Can you have both secret ballots and verifiable results?

Yes. Crypto can do seemingly impossible things. One of those things is having a voting system where ballot is anonymous (you can't prove how you voted) and yet you can make sure that your ballot is included unmodified in the final tally!  Crypto voting systems are often called E2E or end-to-end verifiable. Scantegrity is one, there are others. Scantegrity is the only one that has been used in an actual governmental election (two municipal elections in Takoma Park, Maryland, USA).

Is carbon dating just a fancy way of saying timestamping?

No, carbon dating is actually a very different concept. The block chain does both timestamping and carbon dating. Transactions are time-stamped and other nodes do some general vetting of the timestamp before accepting it for inclusion into the block chain. So if you generally trust the bitcoin network, the timestamp is enough.

But let's say you didn't trust the network at all (even in the extreme case of a 51% attack). If I show that we've put a commitment into block 145535 (which we did), there have been tens of thousands of blocks created since then. Even if I controlled the network, there is no way I could actually compute all those blocks in any time less than a certain amount of time (based on how much computational power you think I have). It would take on the order of months.

The accumulation of blocks after something is inserted is akin to the accumulation of carbon on a physical object. You have a sense of the rate of accumulation (and this can't be arbitrarily changed), you know how much accumulation there has been, and so you can estimate a date. It will be fuzzy. But its enough to distinguish, for example, something that happened a month before an election from something that happened a day after the election (if you are making the decision a few days after the election).

hero member
Activity: 728
Merit: 500
January 19, 2012, 03:53:02 PM
#27
put it this way.

A few weeks ago Romney "won Iowa"

After a recount,  it was found that he "lost Iowa" to Santorum....  . he was claiming victory and off to New Hampshire ... and everyone in New Hampshire was voting for Romney because "he won Iowa.".. when in fact he lost it.

It could be argued that if we had a honest voting system in the United States based on bitcoin and viewable blockchain,  would have had a completely different election outcome in one state,  and potentially 2 so far.  Who knows what the real voting numbers where when you can't even certify 8 counties in New Hampshire ,  much less the whole country.

For all we could have known Ron Paul won the election in 2008.

The fact is that our election system is broken,   if it wasn't we wouldn't have the disaster we had in 2000 when we didn't even know who the president was.

This needs to happen.

It's worse than that, they still don't have all the votes:

Quote
State officials said they still had not received any results from eight of the state’s 1,774 precincts. But now, they said, it was too late for the missing votes to count.

“It’s done,” said a party spokesman, who asked that his name not be used. About the missing votes, he said: “We never got ’em. We tried to track ’em down, and for whatever reason, we don’t have them.”
http://www.washingtonpost.com/politics/r....uRAQ_story.html

If you watched it going on there was all this talk of missing vans... etc.

I'm not sure I understand the tech behind this method, so these may be a dumb questions: How long would it take to count the votes? Wouldn't this increase the likelihood of a "51% attack" since the incentive to do so is no longer purely economic?
hero member
Activity: 662
Merit: 545
January 19, 2012, 03:42:31 PM
#26

Volia,  2 days later....  

Clark and his colleague Aleksander Essex at the University of Waterloo, also in Ontario, realised they could convert a message - for example, a list of codes that securely link voters to their votes - into a Bitcoin address. Sending a tiny fraction of a bitcoin - a small transaction - to that address would allow the holder of that list to store it in the public record without revealing its contents. When they later publish the message for verification, anyone can repeat the conversion to a Bitcoin address and confirm its age by checking the public record.

Faking Bitcoin's public record would be very difficult as you'd need more computing power than the rest of the Bitcoin network combined - a feature that ensures the currency's security.

The pair have used their method, known as CommitCoin, to close a loophole in a voting system they helped develop. In the Scantegrity system, voters receive a confirmation code from the list that is cryptographically linked to their selected candidate and can be used to check on the election website that their vote is counted.

Now, if an unscrupulous election official tries to change votes they would be outed, because the code used to record the vote would change, and would not match up with the BitCoin network entry. "CommitCoin allows you to not trust anyone," says Clark.



When i first came here i came up with https://bitcointalksearch.org/topic/m.677567.  an idea to use bitcoin and bittorrent as a new distribution model for music/movies.  

Quote
I imagine a mesh of bittorrent technology and bitcoins ability to combat double spending. Instead of the p2p system of block sharing only consisting of tokens or whatever, could we not also use it as a torrent network? Perhaps this could be used to combat piracy and also evolve the old distribution model of media into a more efficient, secure system. I imagine somehow it could be set up so that if a user where to purchase a movie/song with a bitcoin and that his unique coin key would forever be identified with that user/purchase combination. Or perhaps every view costs a very small amount, I would have to understand how bitcoin works properly to find a way to implement its protocol in this instance but I feel there should be an easy way.

Bittorrent is currently working on technology that allows the streaming of movies through a p2p system. Once this technology advances this could potentially work.
Perhaps the massive Hollywood production firms could contribute computing power to run/mine the system and theoretically keep costs down to a minimum and passing the savings onto consumers.

Fans could create mining pools with the promise all proceeds could go towards funding a tv season/movie/album etc. To take that another step further new "Kickstart" services could pop up where screen writers/artists could pitch their creative ideas in hopes fans would join a mining pool to fund said project.  Pioneer One (http://en.wikipedia.org/wiki/Pioneer_One) could start doing this right now.
Does any of this sound feasible or am I just way too stoned?

after mulling over the idea a bit more perhaps something similar to the current torrent bitcoin website where users pay per GB in bitcoin and this is how your "account" is created for said file.  this way content creators get payed.
sr. member
Activity: 448
Merit: 251
Bitcoin
January 19, 2012, 02:49:38 PM
#25
put it this way.

A few weeks ago Romney "won Iowa"

After a recount,  it was found that he "lost Iowa" to Santorum....  . he was claiming victory and off to New Hampshire ... and everyone in New Hampshire was voting for Romney because "he won Iowa.".. when in fact he lost it.

It could be argued that if we had a honest voting system in the United States based on bitcoin and viewable blockchain,  would have had a completely different election outcome in one state,  and potentially 2 so far.  Who knows what the real voting numbers where when you can't even certify 8 counties in New Hampshire ,  much less the whole country.

For all we could have known Ron Paul won the election in 2008.

The fact is that our election system is broken,   if it wasn't we wouldn't have the disaster we had in 2000 when we didn't even know who the president was.

This needs to happen.



donator
Activity: 1218
Merit: 1079
Gerald Davis
January 18, 2012, 06:54:53 PM
#24
How can voting be anonymous?

You have to provide some kind of ID to vote, but your actual vote should be kept secret.

Exactly.  You must authenticate the voter but as the same time ensure individual votes can't be linked back to the person casting the vote.  That presents unique challenges if you want the vote to be provable but it isn't impossible as the rest of the post shows.
legendary
Activity: 1441
Merit: 1000
Live and enjoy experiments
January 18, 2012, 06:16:47 PM
#23
With hashing, this gives bitcoin  time-stamping ability for any content on the Internet. Invaluable.
False prophets like Bob Prechter and Jon Nadler should be very scared.
donator
Activity: 1218
Merit: 1079
Gerald Davis
January 18, 2012, 05:59:47 PM
#22
I am skeptical this would work. I fail to see how they can gaurantee each code corresponds to exactly one voter.

Since the voters are unlikely to compare codes, the is little risk in assinging duplicates if you vote for the "wrong" candidate, and extras for the "right" candidate.

Computers are too insecure for e-voting, and likely will be for generations.

I didn't read it, so perhaps I shouldn't be responding, but I don't think voting is done anonymously. So I would supply identification that the address is linked to my vote.

What this does is prevent your vote from being changed by linking it with the public ledger that is the block chain.

Well the answer is in the middle.

Voting MUST be anonymous and you must be able to prove our assigned ID is unique (but not linked to you which defeats anonymity).

Both can be accomplished with digital signatures.

Imagine a two part system

Verification & Public Key Creation
Voter verifies identity and is given a smart card.  He uses a terminal which verifies his voter ID and generates a 128 bit nonce.  The hash of voter ID and nonce is the private key.  The terminal could then print this nonce out or provide it as a QR code.   The terminal generates a public key from this private key.  The smart card is loaded with public key.

Voting & Vote Counting
User inserts smartcard, and votes.  The voting record is digitally signed by public key and added to vote log (which is made public via a website).  Later voter can use his private key to ensure that vote is in vote log and hasn't been modified.

donator
Activity: 1218
Merit: 1079
Gerald Davis
January 18, 2012, 05:44:29 PM
#21
Except now where is the list of commits stored to verify against the single hash?

Anywhere else on the internet.

Such a scheme uses the block chain as a means to certify a list published somewhere else, a function not co-dependent on what amounts to using the block chain as a cloud hard drive.

The hashes themselves aren't necessarily secret, as they are useless without knowing what they are of.  One could publish the list, and include only the tree root in the block chain.  Unlike Bitcoin, where all transactions are needed to verify the complete history, if the list of commits were lost, the results would not be catastrophic system-wide - it would merely deprive the users of the commitment function the ability to prove their commitment.  A risk they could remedy simply by keeping a copy of the list so it doesn't get lost.

I guess I find that a less elegant solution.  I would rather pay 0.0000001 BTC more have the hash for my single commit included in the blockchain and never be dependent on something which can be lost. 
legendary
Activity: 1008
Merit: 1001
Let the chips fall where they may.
January 18, 2012, 05:23:58 PM
#20
I am skeptical this would work. I fail to see how they can gaurantee each code corresponds to exactly one voter.

Since the voters are unlikely to compare codes, the is little risk in assinging duplicates if you vote for the "wrong" candidate, and extras for the "right" candidate.

Computers are too insecure for e-voting, and likely will be for generations.
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
January 18, 2012, 02:57:22 PM
#19
Except now where is the list of commits stored to verify against the single hash?

Anywhere else on the internet.

Such a scheme uses the block chain as a means to certify a list published somewhere else, a function not co-dependent on what amounts to using the block chain as a cloud hard drive.

The hashes themselves aren't necessarily secret, as they are useless without knowing what they are of.  One could publish the list, and include only the tree root in the block chain.  Unlike Bitcoin, where all transactions are needed to verify the complete history, if the list of commits were lost, the results would not be catastrophic system-wide - it would merely deprive the users of the commitment function the ability to prove their commitment.  A risk they could remedy simply by keeping a copy of the list so it doesn't get lost.
donator
Activity: 1218
Merit: 1079
Gerald Davis
January 18, 2012, 02:10:48 PM
#18
Someone could already offer a CommitCoin service without having to burn any coins, the same way Merged Mining works for namecoin.  Merged Mining adds one extra field to the bitcoin block - which is the hash of the commit used for namecoin.  No reason it has to be just namecoin.

Miners can bury extra hashes in their blocks, and those hashes could refer to anything.  They could be hashes of hashes of hashes.  Luke and his mining pool could offer "commitment" services, and sell an unlimited number of "commits" all day long, without needing to send them to the block chain.  He merely sends the hash of all the commits to the block chain, so one hash in a block could stand for one commit, or a million.


Except now where is the list of commits stored to verify against the single hash?
legendary
Activity: 980
Merit: 1004
Firstbits: Compromised. Thanks, Android!
January 18, 2012, 01:04:07 PM
#17
you don't want,  nor could you really have an alternate chain do it...  you need the robust computing power that bitcoin already has...  start forking it and you'll have 3 guys mining (most likely owned by the voting booth company) and controlling everything.

You really have to use bitcoin.

Good point.

Few things would ruin the introduction of a new voting method faster than finding it's been taken over power-wise within days of operation.
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
January 18, 2012, 01:00:02 PM
#16
Someone could already offer a CommitCoin service without having to burn any coins, the same way Merged Mining works for namecoin.  Merged Mining adds one extra field to the bitcoin block - which is the hash of the commit used for namecoin.  No reason it has to be just namecoin.

Miners can bury extra hashes in their blocks, and those hashes could refer to anything.  They could be hashes of hashes of hashes.  Luke and his mining pool could offer "commitment" services, and sell an unlimited number of "commits" all day long, without needing to send them to the block chain.  He merely sends the hash of all the commits to the block chain, so one hash in a block could stand for one commit, or a million.
sr. member
Activity: 448
Merit: 251
Bitcoin
January 18, 2012, 12:37:35 PM
#15
you don't want,  nor could you really have an alternate chain do it...  you need the robust computing power that bitcoin already has...  start forking it and you'll have 3 guys mining (most likely owned by the voting booth company) and controlling everything.

You really have to use bitcoin.


legendary
Activity: 980
Merit: 1004
Firstbits: Compromised. Thanks, Android!
January 18, 2012, 12:25:42 PM
#14
I think any "industrial" use of bitcoins is a good idea, provided fees are included, and there's not too much bloat. (Otherwise, an alternate chain could handle it, and I still think it would just strengthen Bitcoin by confirming the validity of the design.)

This particular use of bitcoins sounds quite promising.
legendary
Activity: 3598
Merit: 2386
Viva Ut Vivas
January 18, 2012, 11:40:25 AM
#13
While I love the idea of being able to verify your vote...it has not been verifiable for a reason.
The ability to verify your vote opens the door to being able to prove that you voted one way or another.
Being able to prove that you voted one way or another opens the door to someone paying you to vote one way or another and then being able to show proof that you did so.

No it doesn't.  Hashes are one way functions.

It would be like saying if people know public address they can recreate the private key and take the funds.


Quote
In the Scantegrity system, voters receive a confirmation code from the list that is cryptographically linked to their selected candidate and can be used to check on the election website that their vote is counted.

So, is this saying that you can verify that your vote was counted but not what your vote was?
donator
Activity: 1218
Merit: 1079
Gerald Davis
January 18, 2012, 11:34:40 AM
#12
While I love the idea of being able to verify your vote...it has not been verifiable for a reason.
The ability to verify your vote opens the door to being able to prove that you voted one way or another.
Being able to prove that you voted one way or another opens the door to someone paying you to vote one way or another and then being able to show proof that you did so.

No it doesn't.  Hashes are one way functions.

It would be like saying if people know public address they can recreate the private key and take the funds.
Pages:
Jump to: