Open yrdeboer opened 5 years ago
stonecoldpat
commented
4 years ago Hi @yrdeboer
All votes sent to the smart contract are encrypted (ElGamal) with a ZKP that the vote is well-formed.
So an observer will just seen encrypted blobs hit the blockchain.
The magic trick in the protocol is that, by aggregating all the encrytped votes, it will cancel out all random factors and leave us with g^votes. We just brute force it from that point.
yrdeboer
commented
4 years ago Hi, thanks for answering, how are you doing? Yes, I think I understand that. You are saying that all votes are encrypted so they cannot be read.
But I also understood that one can do the tally at any point in time. Also after the first vote was cast. So one could look up the historic block in the chain in which that first vote was cast then do the tally. That would reveal the first voter's vote. And then one would look up the second voter's vote and do the tally again. Together with the result of the previous (first) tally, one could figure out this vote as well, etc. etc. ...
stonecoldpat
commented
4 years ago Oh no!
The limitation of the protocol is that, all votes must be cast, before the tally can be computed. So you need all votes and cannot do that trick to deanonymize them.
On Wed, Sep 18, 2019 at 12:54 PM yrdeboer notifications@github.com wrote:
Hi, thanks for answering, how are you doing? Yes, I think I understand that. You are saying that once all votes are encrypted.
But I also understood that one can do the tally at any point in time. Also after the first vote was cast. So one could look up the historic block in the chain in which that first vote was cast then do the tally. That would reveal the first voter's vote. And then one would look up the second voter's vote and do the tally again. Together with the result of the previous (first) tally, one could figure out this vote as well, etc. etc. ...
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/stonecoldpat/anonymousvoting/issues/24?email_source=notifications&email_token=ABRG6ASJQICQZ6B66J4WFKTQKIJG5A5CNFSM4IWF6762YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD67ZUPA#issuecomment-532650556, or mute the thread https://github.com/notifications/unsubscribe-auth/ABRG6AQBZQ7EBALEOTHIQKLQKIJG5ANCNFSM4IWF676Q .
yrdeboer
commented
4 years ago Ah, but wait, you need all votes you say before the tally becomes possible. Is that because the contract will only start the tally once all votes are in or is that because it is cryptographically impossible?
stonecoldpat
commented
4 years ago For this construction, it's the cryptography that requires all the votes. The tradeoff of not having a tallying authority.
On Wed, 2 Oct 2019, 10:04 yrdeboer, notifications@github.com wrote:
Ah, but wait, you need all votes you say before the tally becomes possible. Is that because the contract will only start the tally once all votes are in or is that because it is cryptographically impossible?
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/stonecoldpat/anonymousvoting/issues/24?email_source=notifications&email_token=ABRG6AXFXQVGZHGZA3BHUHTQMRPYHA5CNFSM4IWF6762YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEAECJRQ#issuecomment-537404614, or mute the thread https://github.com/notifications/unsubscribe-auth/ABRG6AVIE55QA43AOTHIGA3QMRPYHANCNFSM4IWF676Q .
yrdeboer
commented
4 years ago That's pretty great actually :+1:
Too bad there is no proof-generator that can run in the browser client-side yet!
stonecoldpat
commented
4 years ago It should all work client side! 😁 You may need to use an older version of geth. 2016ish
On Thu, 3 Oct 2019, 12:40 yrdeboer, notifications@github.com wrote:
That's pretty great actually 👍
Too bad there is no proof-generator that can run in the browser client-side yet!
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/stonecoldpat/anonymousvoting/issues/24?email_source=notifications&email_token=ABRG6AXENOPNIGY42XR54ZLQMXK2PA5CNFSM4IWF6762YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEAH5N3Q#issuecomment-537908974, or mute the thread https://github.com/notifications/unsubscribe-auth/ABRG6AQHGYV3NV4YU3WEUZTQMXK2PANCNFSM4IWF676Q .
Hi,
I'm not a cryptographer so I must be missing something, please go easy on me.
Anyway, if anyone can do the tally as votes are coming in, then it would be trivial to know what everybody voted, right? The tally after the first vote would already trivially expose the vote of the first voter.
So, what am I missing?