Skip to content

Anonymity

Jump to bottom Edit New page
Jasper den Ouden edited this page Jan 20, 2015 · 10 revisions

We probably want privacy about what people vote for, for the same reason as elections require this. It makes it much harder to make votes obtainable by social pressure, threats or bribes. Additionally, we prefer there not be a cryptographic way to trade the vote-time.

Levels of anonymity

In bitcoin, the accounts dont have names on them, but transactions between accounts are entirely visible. So if you by bitcoins via your bank, and the bank can figure out what bitcoin address the bitcoins were sent to, they know you own those bitcoins. There are things like mixing services that try hide which coins go where.

Coins like Zerocoin, cryptonote use zero knowledge proofs to send coins from address to address without people being able to figure out where the coin is from. Sending votes is like sending coins, except they are not coins, the votes just add up to a topic and stay there. So we know this is possible.

Kinds of anonymity in Bitvote

  1. Privacy of votes; the inability of external viewers to determine what a Bitvote account voted for.
  2. Non-logical-connectability-of-votes; inability to logically connect that if-you-vote-for-this-you-get-money. (1) might not entirely cover it. Or, inability prove you voted some way, even if you wanted too.
  3. Anonymity of accounts, whether your person can be tied to a particular Bitvote account. I think it is unlikely we will have this, given that OnePerID is already hard enough.
  4. Privacy of links between accounts. Links between accounts might be used for OnePerID. Really, a lot of the 'value' for 'big data', that we might not want to give out for free, is here.

'Low tech' cryptography made out of well-known cryptographic functions are preferable, although technical aspects also matter.

Anonymity vs interpretability of votes

You might want to interpret the votes, i.e. did many people vote or did a few vote a lot of vote-time? Likely, more importantly, is to figure out from what regions the votes are coming.

But getting at this information may hurt anonymity.

Vote-mixing: a low tech approach

One low-tech approach is just putting in votes, and then redistributing to a list of intermediate accounts. It is then not known who controls the different accounts, list creators know something, depending on how the list is created. Perhaps there is even a way to obviate knowledge completely.(no way to disallow trading afaik) However, it seems like in this approach, votes are sellable.

Other

"Secret Sharing DAOs: The Other Crypto 2.0" by Vitalik

Add a custom footer

Home

How you can help

Main Code Plan

Stages

Third Party Ideas

Users

Clone this wiki locally