Blind signature for proving participation

[JanisErdmanis]

Blind signature for proving participation

Some communities may wish to nudge their members to vote, providing benefits for those who have already cast a vote or punishing those who ignore democratic decision-making. In ordinary e-voting systems, that can be easily achieved through a voter's registry. However, this is not possible for PeaceFounder because voters are completely anonymous when they cast a vote.

One way to address this issue is with a blind signature scheme. The voter takes his identity pseudonym, blinds it with a random factor and includes that in the vote when it is sent to the ballot box. The collector checks that the vote is valid and, if so, signs the blinded group element at the time when the vote is recorded in the ledger. The previous blind signature is used if the voter has already cast a ballot.

The voter then receives an acknowledgement that the vote is permanently recorded in the chain together with the blind signature and timestamp. The voter unblinds the blind signature with its blinding factor and obtains a signature on his identity pseudonym as proof of participation. That can then be safely shown publicly for anyone who wants to see that the person has voted without being linked to the casted vote.

The assumptions for this scheme to work are:

• The voter's device is free of malware and does not attempt to sabotage the process
• The collector does not issue more blind signatures as necessary

It's hard to imagine what could be the end goal for malware to sabotage the process. For certain, it would make voters immediately aware of an issue of voting, which would raise suspicion for security being compromised of the device and consequently would give a stimulus to be addressed.

The second assumption would be easily found out. Furthermore, as a signature is issued on the identity pseudonym, there are no ways for the adversary to get a practical advantage as one is sufficient. Thus this scheme should be fairly secure for proving participation.

Requirements

Let's list a few properties which are essential when selecting a blind signature to use:

• The blind signature can be publically verified to be valid.
• Blinded messages can't be linked to unblinded ones, even with the knowledge of the signer's secret key.
• A malformed signature which could enable it to be linked to unblinded one could not be made undetected.

It seems that the first property is not satisfied by RSA blind signatures; nevertheless, it perhaps could be addressed using zero-knowledge proof. The second property is critical to satisfy as it can spoil all anonymity gained through braiding.

Implementation

The work has already started as inclusion for timestamp added the possibility to record votes together with other fields. The changed types of supporting the scheme could look as follows:

struct Vote
    proposal::Digest
    seed::Digest
    selection::Selection
    seq::Int
    approval::Union{Seal, Nothing} 
    blinded_commitment		
end

A blinded commitment is constructed from the voter's identity pseudonym with a hash-like function.

struct CastRecord
    vote::Vote
    timestamp::DateTime
    blind_signature
end

Note that to ensure fairness in property and prevent also disclosing information for revoting, the signature is not published as a receipt, but it is rather a hash calculated as H(vote|blind_signature).

struct CastReceipt
    vote::Digest
    timestamp::DateTime
    blind_signature::Digest # H(vote|blind_signature)
end

When the vote is cast, the blind signature is returned with the CastAck message:

struct CastAck
    blind_signature
    receipt::CastReceipt
    ack::InclusionProof
end

Alternatives

• Perhaps, something could be done with accumulators.
• Reversing through braiders