search

PeaceFounder / PeaceFounder.jl

Centralised E2E verifiable evoting via pseudonym braiding and history trees
http://peacefounder.org
Apache License 2.0
17 stars 1 forks source link

Showing Pseudonym Alias on the PeaceFounderClient #20

Closed JanisErdmanis closed 5 months ago

JanisErdmanis commented 8 months ago

After a voter casts their vote, a receipt is shown in which the pseudonym is listed as shown here:

receipt

The pseudonym field in this picture shows truncated sha256. The idea is that if one uses a modular prime group, it will take the entire screen, which is utterly unacceptable from a UI point of view. However, its utility is low and complicates the display of the vote on the bulletin board, as now one needs to show both the accurate pseudonym and a truncated hash of it. Furthermore, why sha256 and not sha1 or another hash function?

A more optimal solution already used extensively within PeaceFounderAdmin is to show a pseudonym alias. Pseuodnym alias is derived from sorting pseudonyms and assigning them an alias equal to its row index. This is highly practical as it enables showing pseudonyms in the following form:

#23.32

where #23 is a braid receipt record on the braidchain and 32 is a row index in the pseudonym output of the braid.

A key challenge arises from the client's inability to compute the alias independently, as it does not maintain a copy of the braidchain ledger. To address this, the server must deliver the alias while ensuring the client cannot be misguided. Additionally, it's crucial to keep the alias hidden from the receipt to prevent tracking. This scenario resembles the implementation of a blind signature scheme, which serves as a method for proving participation without compromising privacy.

To resolve this issue, we need to modify CastReceipt and CastAck types as follows:

struct CastReceipt
    vote::Digest
    timestamp::DateTime
    alias_commitment::Digest # H(vote|alias)
end
struct CastAck
    alias::Int
    receipt::CastReceipt
    ack::InclusionProof
end

The alias is returned unencrypted because encryption offers no utility here. For instance, if an eavesdropper has been monitoring the connection from the start, they would already know the vote and associated pseudonym. The only important part here is to prevent the coercer from looking up the bulletin board receipts and being unable to check if the voter has already revoted, maintaining receipt freeness.

JanisErdmanis commented 5 months ago
Screenshot 2024-04-19 at 22 06 16

As the picture shows, pseudonym aliases have been implemented. Storing of pseudonym aliases within the record also made the PeaceFounderAdmin code simpler, as well as auditing of eligibility. That is because there is no longer a need to construct a set, and membership can be verified by checking elements at a given index within the pseudonym vector.