Topic: Consensus-based society with provable trust-free voting - page 5. (Read 11117 times)

Without government granting those corporations their legal shield, and without the cloak of legitimacy granted to the government, companies would not be able to pull off the shit they do today, nor the shit the government pulls.

I meant society in a general way, but basically it's a group of people with common goals and interests willing to work together.

The problem, as I see it, is that voting with your wallet on the free market doesn't solve the land ownership conflicts very well. All the questions like who will build the roads and bridges, who will protect the rivers from pollution.

Determining consensus on these issues via explicit voting system before any action is taken might be more cost effective and peaceful conflict resolution process than just allowing everyone to do as they wish, build 10 bridges in one place competing with each other and only then realize that 8 of them are making losses instead of profits and need to be destroyed thus wasting resources and hurting the environment.

Letting private corporations rule the market would create danger that governments of today will be replaced with corporations of tomorrow and looking at how corporations are structured today after the idea of central governance at the top of the pyramid we might as well just get even worse system than we have today.

The idea is to first gather money towards a common goal for a group of people willing to work together.
A good example would be building a school for a small neighborhood.
So people who are interested in this would have to pay a certain fee to a certain Bitcoin address.
The voting system is then needed to decide how to manage that money, so that we don't disconnect ourselves from decision making and later blame others for failures. Yes, that's what we've been doing for centuries now, so we are very good at it We still might want to listen to the opinions of experts on matters like which materials to buy and where, but the final decision remains with us.

So allowing just any address on the blockchain to cast a vote on how to spend that budget would not make much sense. Therefore only those who paid to that address and thus contributed to that budget become a "voting member". There is no registering for voting other than paying a full membership fee to that address. There was also an idea of splitting "voting membership" and "benefits membership", so that voting remains anonymous, while benefits need to be claimed explicitly.
In the example above you provide proof of your "benefits membership" when you go to that school.


Yes, this is how I see it as well.
With the new monetary paradigm where everybody can mine or attempt to build their own blockchain,
the old political systems no longer work very well.
So the money will be abundant (while still remaining scarce in each particular system) and it's what to do with it and how to efficiently put it to work that becomes a problem.

With decentralized provable trust-free voting system, people can vote with their money for the outcome of the projects they care about. It's more like having shares in a company on the free market rather than having rights to vote in a centralized non-voluntary democratic society.

Interesting idea   What's wrong with just letting any verified signature of an address represent a vote?  Why do you need a membership fee and list of "registered voters" on top of the existing structure? 


I think this "problem" (big money influencing votes) is inherent in voting systems and once people recognize that money has an influence and embrace that as part and parcel of voting we will have a much more open and fair voting systems.  When you need something not directly influenced by money you can do what Democritus suggested (and is currently the topic of another thread), namely select people at random to make your decision. 

Very often when provably fair (verifiable) voting systems are suggested they are shot down because the act of verification means that you can prove who you voted for and thus sell your vote. 

Strictly speaking you are correct.
Although the idea was to have a voting system in its original sense (one-person<->one-vote),
it turns out that it doesn't work that way no matter how you spin it.

With centralized approach there is always a risk of fraud when some people register many times using their fake identities or central issuer's buddies get a bunch of voting tokens for free or central issuer is threatened with violence to manipulate voting tokens in some way. So we never actually had a provable one-person<->one-vote system anyway, we only had an illusion of one, which is even worse, because we trusted it and we let it slide totally out of our control.

But the good news is that this new decentralized system doesn't need to apply to the old principles of democracy (one-person<->one-vote), because with new monetary paradigm in ideal situation (when everybody starts to mine at the same time) money is abundant and it would be fair to vote with your money. The other key difference is that you don't have to pay if you don't want to vote and you don't have to participate in any particular consensus group if you don't like what is going on there. The problem of course is that a particular large group might achieve a consensus that they will fight and conquer nearby territories and enforce their rules on the people they capture, but that would be their consensus and it's totally outside of the scope of this system to try to prevent this.

I guess Satoshi tried to resolve a similar kind of problem when thinking about initial distribution of coins.
Here is the quote form his Bitcoin.pdf paper on page 3:
So he never got to the point of making it one-person<->one-vote either.

now that I understood better what you have in mind I would not even call it voting any more because there can be an arbitrary number of votes from an arbitrary number of voters.

Once it is generally understood that the current design holds water, one could create a node software for distributed peer-to-peer voting system with trust-free handling of the voting procedure and the ability to prove that all the votes are legit (in terms of the constraints of the proposed system - which is currently one-fee-per-domain<->one-vote-per-topic or one-fee-per-domain/one-nonce-per-topic<->one-vote-per-topic for more important issues).

This system can be used for variety of cases. One example is voting on a motion in a distributed bond/stock market. Another example is managing the budget of an organization like Bitcoin Foundation with members paying their membership fees in Bitcoin. Also if people want to build a society with principles based on consensus rather than central governance then this system can be used as a basis for its legal framework. Yet another example is to model a for-profit corporation/company after this idea and see if it proves to be competitive on the global market.

This system would NOT need a central issuer of the voting tokens nor the central place where topics for voting are submitted. This should eliminate the risks related to abuse of power given with centralized approach.

The unresolved issues I still have with the current design is finalizing and archiving the achieved consensus. When voting window for a particular topic hash is closed all the nodes already have most of the set of valid votes they received and recorded during that window. So every node can already see the result of the vote, but someone still needs to announce the result and have most of the voted peers agree with it and sign it with their respective private keys and only then it can be marked as completed and archived into a chain of topics for a given domain address. I have a few ideas how to do it, but I don't yet feel I have completely nailed it.

PS: Since this thread turned into somewhat technical discussion of the underlying principles of the system it might be a wise idea for moderators to split the technical part into another sub-section of this forum if needed.

EDIT: corrected terms in the first paragraph.
EDIT2: added examples of various use-cases (second paragraph)

What will all this nice brainstorming be used for?

Yes, as long as each of those addresses paid the full membership fee to a fixed public address you will be able to vote 1000 times. Note that the annual membership fee might be substantial. I thought I somewhat explained it in the OP (paragraph 4) but maybe it needs more clarification.

This fixed public address called budget or domain address might need to be a part of the vote structure thus making it a quadruple of the form {Domain address, Member address, Topic Hash, Vote message}.
Topic hashes would then be grouped around domain addresses and would not intersect globally.
This will allow the voting P2P network to span across multiple domains/organizations/societies.
I originally thought that domain addresses and their respective networks would be isolated and thus domain address would be hard-coded in the system or pre-configured in the settings somewhere.

Each voting node would be able to verify using blockchain that votes are coming from the addresses which paid the full membership fee to the domain address before registering the vote in the local database.
Obviously a few other conditions need to be met to deem the vote as valid:
 - signature on the vote message must be valid (checked against member address)
 - vote message must be one of the allowed answers (stored in the database) for a given topic hash
 - conflicting duplicates for a pair of {member address, topic hash} are removed, pair banned with proof
 - exact duplicates are ignored (not repeatedly registered in the database, not propagated to other peers)
 - topic hash must be in the list of active topics for a given domain address
 - topic hash is the hash of {domain address + topic's question + topic's answers list} stored in the database

This approach still allows big money to buy the voting outcome the same way it allows big money to perform a 51% attack on the underlying monetary system but it will at least make it obvious that the number of valid votes is greater than the estimation of the actual members in the group, not that it helps much.
How to handle this situation is still an open question.
One of the possible solutions is to make topic questions secret thus not allowing "outsiders" to vote in a meaningful way even if they paid for it. Topic answers still need to be in the system as it is part of the vote verification mechanism.

EDIT:

Small correction: It should be possible to feed the topic's question and the list of topic's answers into the unchanged system as the hashes of the actual question and the actual answers thus allowing full validation of the votes and the topic hash itself (topic hash would then be a hash of hashes) while keeping the whole content of the topic secret. Vote messages coming from the members would then be hashes of the actual answers.
Those members who paid the voting fee but don't know the question/answers would still be allowed to vote, but would have no clue of what they are voting for.
Maybe some other things need to be made secret or the system needs to be compartmentalized in some way. But the basis of the concept remains the same - only those who paid are allowed to vote and it is provable via blockchain. Current design fully satisfies this criteria.

Also it should be possible to keep the initial assessment and eventual approval of topics for voting within the voting P2P network itself thus reducing the risk of certain topics being suppressed on the external (centralized?) system where they are discussed (if that external system is needed at all)

And thanks for keeping this topic alive, guys!

EDIT2:

There are at least 2 possible solutions for 1000-votes-per-person problem that I can think of apart from the fact that he/she would need to pay for all of them.

One would be to add another field into the vote structure making it a quintuple of the form:
{Domain address, Member address, Topic hash, Vote message, Nonce}
while adding another rule into the vote verification mechanism (as described above):
 - hash of the whole vote quintuple is less that the current vote difficulty (derived from monetary difficulty)
Thus adding the requirement for members to be at least small miners. The time required to find the nonce for a single vote should be one third or one half of the voting window allowing for variance maybe less assuming there are several topics to be voted on within given window.

Another solution for small group to avoid external influence on their voting process is to create their domain address in secret and allow very short window of time for members to pay their membership fee after which any addresses paid to that domain address would be discarded and not allowed to vote.
These rules along with how much fees and how frequently they need to be paid (yearly, monthly, etc) must become the "domain policy" which should be stored in the voting distributed database for votes verification and protected with signatures from the domain address private key(s) (multiple keys if domain address is multisig). Domain policy needs to keep version number to allow amendments and the way to recognize which policy is the latest one. The amended policy would then be broadcast to the network the same way as votes are broadcast preferably not within any voting window for that domain.

Yeah, it needs to be one coin one vote.  Kind of like proof of stake. 

So I create a thousand bitcoin addresses and vote a thousand times?

After giving more thought to the duplicate vote problem I now think that the correct behavior would be to do the following:

1) if incoming votes are exact duplicates of the ones already stored in the node's local database they are simply the echo of many other peers re-broadcasting them and must be ignored.

2) if incoming vote is a conflicting duplicate of the one stored in the database (the vote message is different) then it cannot be ignored as it might leave the distributed database in inconsistent state*. Therefore it is removed from the database and originating Bitcoin address is put onto a node's local suspension list for a short period of time (say 5 minutes) during which all votes from that address are ignored. This will prevent the spamming. After the timeout has expired new vote can be cast from that address with any vote message as all previous versions were deleted.

3) if some nodes disconnect during the voting window they need to acquire the missing votes from other peers for topic ids active within that window to keep their database consistent with others.
The mechanism to achieve this is to ask other peers for each active topic id the number of votes they have for that id then pick the one with the biggest number (longest chain analogy) and start downloading the most recent votes checking against local database for missing ones and recording them.

* A determined attacker can use his Bitcoin address to start propagating conflicting duplicate votes from different "ends" of the network causing part of the peers to record one version while other peers would first see and record another.

EDIT:

I have found at least three problems with allowing an address to re-vote after sending conflicting duplicates thus by default it must be disallowed. The behavior then would be for every node receiving a conflicting duplicate from an address to remove any version it already had in the database and permanently add that address to a suspension list for a particular topic id. The suspension list must contain proof of duplicates therefore it needs to keep the address along with at least two conflicting votes it received.

When nodes reconnect to the network before asking other peers for missing votes they first ask for the longest suspension list with the proof to check that they didn't miss the removal of any conflicting duplicates and then ask for valid votes as described in 3) above.

If a malicious node reports a number of valid votes N for a particular topic id which turns out to be the largest number across the network but fails to provide the declared number of votes after the timeout T then nodes reconnecting with the network should keep asking other peers with lesser declared number before the numbers finally add up. If there is at least one honest peer they will get the complete database eventually.

In order to avoid fraud in reshuffling the topic ids with the topic contents in the external system the topic ids must be represented as hashes of the topic's content (or at least the title) which must include a clearly defined list of acceptable answers followed by a meaningful question. It might be just {"yes", "no"} or something more complex like {"red", "green", "blue"}. The node's local database would need to have a reference to a topic's answers list (to be able to verify incoming vote messages) and the topic's question to verify that the whole topic's content (answers list + question) hashes to topic id.

There might be other corner cases to look into and I'll post them here together with solutions as I find them, but in general the concept starts to converge or so it seems.

That would open up possibilities for spamming the network. Some malicious member would simply send 1000 of duplicate votes per second causing all nodes to rewrite their repository with the latest one.

On the side note, one another area where this system might be helpful is the basis for legal framework if society decides that it needs one. Basically people can vote directly for the laws governing their society.

I'd do it the other way around, to allow someone to change their vote. But hey, it's your system.

I forgot to clarify that the vote is actually a triplet of the form {Bitcoin address, Topic ID, Vote message}
The message is signed with address's private key.

If multiple votes come with the same Bitcoin address and the same Topic ID the system would normally accept the first one and store it in the repository and after this point all duplicates will be rejected.
In fact as majority of nodes in the network store the original vote in their local repositories even propagating duplicates will become close to impossible.

Good point!
I think consensus-based system would work better in some cases while creating unnecessary complexity in other. I don't insist at all. It will find its place eventually if people find it useful.

so how do you prevent multiple votes? or don't ya?

You know, there's already a system in place that ensures that your decisions make a difference, provides services only to those who pay for them, and allows the public to send messages direct to the service providers...


"The market is a democracy in which every penny gives a right to vote." -Ludwig von Mises

I was thinking along the lines of paying membership fee once per year and voting as many times as the need arises within that year. Also the fee is not refundable, so if the person or group decides to leave the system not only do they loose the benefits that the system provides they also loose their membership fee.
That should provide some stickiness to the system so it won't fall apart at the earliest occasion.

Consensus should be achieved by majority of votes which are all equal as the fee paid to enable this ability was also equal. I think it better keep it that way or otherwise big money will simply buy the outcome of the vote.

this kind of split is a good idea. you can send out the id tokens to all the voters, then send the vote tokens to the ids. anonymous vote tokens can then be mixed and set with the voting value. should not be too hard to implement.