forked from rchain-community/rvote
-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Verifiable proof of shuffle for anonymous voting #27
Comments
One of the draw backs of shuffling is that, you have to redo it when you remove users. Addition is not a major issue I believe. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There are 3 main approaches to on chain voting anonymity. In my understanding this how each works.
I could be wrong as I am just learning. But it initiates the conversation
Users submit encrypted votes with proof of validity. It is sent to group of trusted authorities.
The trusted authorities compute the requisite function using addition and multiplicative structure of underlying cryptographic primitives. The authorities then decrypt it. In my understanding so far it requires a group of trusted parties to decrypt.
If any one authority does not follow the protocol the decryption cannot happen. And if all authorities collude votes are revealed.
You can complement it with threshold signatures but I don't know the details.
Ring signatures allow for signatures where you cannot Identify which signee signed it.
It is spontaneous and requires no setup. You user can pick any signatures and generate a ring signature.
You can further implement linkability and tag linkability, and traceability functions.
(not strictly necessary for ring signatures)
There are 2 attack vectors, if the blockchain start accepting ring signatures it becomes vulnerable to ddos attacks, because ring signatures take time to verify and anonymity prevents easy checking against a ledger with funds.
If the block chain does not accept ring signatures, then user must submit the signature using his private key and anonymity is lost.
Traceable Ring Signature
This takes as input a set of public keys and anyone can take the keys and generate a new shuffle.
The shuffler submits a valid non interactive proof of shuffle, which can be verified on chain
(or in principle can be challenged on chain if compute cost is a problem)
After a number number shuffles, the user can sign with anonymized keys.
Efficient Zero-Knowledge Argument for Correctness of a Shuffle
MixEth: efficient, trustless coin mixing service for Ethereum
Main reasons are,
These are all expensive computations, works for atleast small groups.
The text was updated successfully, but these errors were encountered: