Closed JanisErdmanis closed 5 months ago
As the picture shows, pseudonym aliases have been implemented. Storing of pseudonym aliases within the record also made the PeaceFounderAdmin
code simpler, as well as auditing of eligibility. That is because there is no longer a need to construct a set, and membership can be verified by checking elements at a given index within the pseudonym vector.
After a voter casts their vote, a receipt is shown in which the pseudonym is listed as shown here:
The pseudonym field in this picture shows truncated
sha256
. The idea is that if one uses a modular prime group, it will take the entire screen, which is utterly unacceptable from a UI point of view. However, its utility is low and complicates the display of the vote on the bulletin board, as now one needs to show both the accurate pseudonym and a truncated hash of it. Furthermore, whysha256
and notsha1
or another hash function?A more optimal solution already used extensively within PeaceFounderAdmin is to show a pseudonym alias. Pseuodnym alias is derived from sorting pseudonyms and assigning them an alias equal to its row index. This is highly practical as it enables showing pseudonyms in the following form:
where
#23
is a braid receipt record on the braidchain and32
is a row index in the pseudonym output of the braid.A key challenge arises from the client's inability to compute the alias independently, as it does not maintain a copy of the braidchain ledger. To address this, the server must deliver the alias while ensuring the client cannot be misguided. Additionally, it's crucial to keep the alias hidden from the receipt to prevent tracking. This scenario resembles the implementation of a blind signature scheme, which serves as a method for proving participation without compromising privacy.
To resolve this issue, we need to modify
CastReceipt
andCastAck
types as follows:The alias is returned unencrypted because encryption offers no utility here. For instance, if an eavesdropper has been monitoring the connection from the start, they would already know the vote and associated pseudonym. The only important part here is to prevent the coercer from looking up the bulletin board receipts and being unable to check if the voter has already revoted, maintaining receipt freeness.