search

vocdoni / interoperability

Private repository to manage the interoperability between protocol, API, SDK, UIs and documentation
1 stars 0 forks source link

New metadata for voting process: "publish results" #145

Open jpaulet opened 4 months ago

jpaulet commented 4 months ago

As organizer, I want to control when the results are published, in order to have time to review it, validate them and/or announce them.

Task: Add a new metadata field in all voting process, that will control if the results are published after the end of the process.

By default this option would be true (as now) and the results will be published as currently, but if in the creation process is set to false, the results will be only available by admins.

Then, they will have to manually publish/open the results to everyone, by clicking a new button "Publish Results for Everyone" that will change this parameter from false to true (by modifying the metadata from false to true).

p4u commented 2 weeks ago

Umm but this enforcement cannot work at blockchain level. Then the results will still be available on explorer or via API.

The right way to achieve this feature is to let the organizer publish an extra encryption key for the votes. So the results won't be computed until the organizer decides to do it (could also be never). In addition, as the only missing encryption key will be the one provided by the organizer, it can compute the results (by providing the key to the API server).

However, this requires:

  1. A new field on the NewProcess transaction (encryptionPubKey)
  2. Modify the blockchain to use this new field to add the encryption key on the list of keys
  3. Modify the results API endpoint to accept a encryptionPrivKey and compute the results on the "fly"
  4. A new transaction to let the organization publish the encryptionPrivKey on the blockchain
  5. UI: allow the organization to check the option "add custom encryption key for delayed results" which creates a new deterministic key (based on the organization wallet privKey) such as hash(signature("this is a key"))
  6. UI: allow the organization to publish the key and make it available to anyone
p4u commented 2 weeks ago

Then, they will have to manually publish/open the results to everyone, by clicking a new button "Publish Results for Everyone" that will change this parameter from false to true (by modifying the metadata from false to true).

Another issue is that the metadata of an election cannot be changed.

p4u commented 2 weeks ago

I would suggest implementing as first step the following:

  1. When creating an election, if encrypted, let the user choose if using its organization key or use the ones provided by the blockchain keykeepers. This key is automatically derivated from the wallet (so it will requiere an extra signature)
  2. A new field on the NewProcess transaction (organizaationEncryptionPubKey)
  3. If the field is set and mode.encrypted=true, keykeepers won't create an encryption key, so the votes will be encrypted ONLY with the organization key. This should be transparent for the voting clients (since they get the encryption Keys dynamically from the blockchain)
  4. Create a new transaction RevealProcessEncryptionKeyTx that can be only executed by the owner of the organization. This transaction can only be executed if the destination process status is ENDED.
  5. The process reaches the ENDED status, but until this transaction is not mined, it won't go to RESULTS
  6. Extend the API endpoint GET /elections/:electionID/scrutiny?key=hexString so the privKey is attached and the backend can compute the results to show ONLY to the organization owner
p4u commented 2 weeks ago

A future next step to this is to integrate drand https://drand.love/developer/clients/#go

Then we can finally remove keykeepers from the system.