[EM] A secure distributed election scheme based on Bitcoin's Proof-of-Work protocol

Kristofer Munsterhjelm km_elmet at lavabit.com
Sat Jun 18 07:50:38 PDT 2011


Jameson Quinn wrote:
> Bitcoin is a scam, but not for these cryptographic reasons. There are 
> plenty of people "mining" the proof-of-work chain for "new bitcoin", and 
> developing improved algorithms to do so. And even if there weren't, 
> anybody who suddenly developed a longer "all your bitcoin belong to us" 
> chain would get either nothing (as people simply rewrote a special case 
> in their software to reject the new chain) or nothing (as people 
> abandoned bitcoin). There's no incentive for what would be an 
> unprecedented effort.
> 
> On the other hand, the first time it loses 40% of its value, it is 
> toast. There's no way the intrinsic value - replaceable "easy(ish) to 
> send digitally" and "I think it's neat" and "it was first" - can rescue 
> it from a death spiral then.
> 
> Anyway, "1 CPU 1 vote" schemes are not actually related to "1 person 1 
> vote" schemes. The former is essentially decentralized, the latter is 
> unavoidably centralized in some way.

Perhaps 1 person 1 vote schemes could be decentralized - after a fashion 
- by redundancy. Say that you have 20 different vote collectors. A voter 
registers with 10 random of them, and then there's a 5-of-20 (margin for 
error) secret sharing scheme that ensures that no single collector can 
read the ballot.

Each vote collector would need a way to verify that you're a single 
person (not one person claiming to be many or vice versa). However, the 
collector could do so in an independent way. One might rely on a state 
claim, one might want to see you in person, and so on.

Also, the ballot pieces would have to be gathered somewhere and decoded 
when the actual counting is to be done, but that problem seems very hard 
to get around no matter the scheme. Voting is an aggregation task, and 
so the input data has to be aggregated somewhere.

(It might be possible, through crypto magic, to calculate the winners of 
a system like Plurality "behind the veil", where one only decrypts 
afterwards. I don't know enough about it, but I doubt that complex 
Condorcet schemes would be amenable to that sort of "mutually 
distrusting computation". Perhaps calculation of the matrix would. 
Again, I don't know enough crypto to say.)




More information about the Election-Methods mailing list