Hello, Habr! My name is Ivan, I am developing the WE.Vote online voting service based on the Waves Enterprise blockchain platform. The very idea of online voting has long been implemented by different companies, but in any cases of "increased responsibility" they still resort to good old paper. Let's see how e-voting can compete with it under the most stringent conditions.
The idea of online voting is not new. Services are emerging, but traditional face-to-face voting on paper ballots is still the most common way to make important collective decisions. For example, in national elections with millions of ballots, thousands of polling stations, observers and volunteers. Or at meetings of shareholders of a large company, where even at the stage of notification of an upcoming meeting, you need to send out a wagon of registered letters and make sure that they have been received. Or at general meetings of house owners, where you have to catch the moment when each of the tenants is not at work, not on vacation or in the country, in order to go around all the apartments with a questionnaire. Yes, “paper” is long and expensive. But despite all the disadvantages of paper voting,it continues to be actively used - partly due to the inertia of the regulatory legislation, and, probably, to a greater extent due to the belief in the reliability of traditional, well-established procedures.
. - , . «» — , , , -. « », .
- — , -. ? , . , . , , — .
« », « » - . ? . ? , ( ). , , .. : , - . , , .
? , « » - ? , «» «». — «» , ? «» , , ?
, , «»? , ? .
, , — / , , , . - :
: .
, . , , // .
. — — , , (, ) , .
, , , « ». , , «» . - , , — , . .
, , , ( ).
. , , , , ... — - .
, - . , , . , . , — , . , , , . , — .
. - , . .
: , ( ) . , , .
, . , , , . . , :
;
— (e-mail );
— , , , ;
— .
: (), : , . , , , . , , , , .
. , . .
, . , . ... e-mail. . , , . , , , — .
. , — . , , , . , , .
, , , , , ( -). , ( ), ( ).
«». «» , , , . , . -, «». , -. , , — : , , , .
, , :
immutable- , .
, — -«», .
. , -, .
, , - . , , ! , . , , . ( 99.9% ).
, , , , . , , , . , «» . , . - ?
, , ? . ( , ) , « »? ? . , - ?
— . , , , . , . - «», . N , , K , K < N.
, . . -, . -, . , . . ... , — . , — , , .
, — — , , . « IP» . , . , , . // , , 5 . . 500 , , .
?
. , , , , . , . , - . K N, .
(MainPubliKey) DKG (distributed key generation) Torben Pryds Pedersen «A threshold cryptosystem without a trusted party», ( ( ) GF(p)). : ( ) .
DKG sep256k1 (Bitcoin, Ethereum) SHA-256. , , Ed25519 -26 , . 256- , 512-.
DKG , . «» , -. — . 1 1 , , / (. ), .
, .
DKG Pedersen 91
:
E (Base) q.
(BaseCommit) , x BaseCommit = x * Base .
(k, n), n — (DecryptService), , k — , . k <= (n+1)/2, k - 1 — , (MainPubliKey).
0. DecryptService
n DecryptService 1 n. , DecryptService , K N.
1.
n DecryptService (Pub_n) (priv_n) : j- : priv_j, Pub_j, Pub_j = priv_j * Base ( Base — ). Pedersen commitment :
, r_j.
, _j = r * BaseCommit + Pub_j.
_j .
n DecryptService _j, DecryptService r_j. DecryptService — Pub_j = _j - r * BaseCommit — Pub (MainPublicKey) Pub_j.
, . ...
2.
j- DecryptService :
k - 1: f_j(x) = f_j_0 + f_j_1*x + ... + f_j_k-1* x^(k-1), f_j0 = priv_j, — GF(q), q — .
i- n : f_j(i) = f_j_0 + f_j_1*i + ... + f_j_k-1 * i^(k-1). f_j(i) (shadow).
f_j(i) Pub_i . , f_j(i) priv_i, .. DecryptService i.
3.
, DecryptService DKG, , . DecryptService , Base: j- : fj,0 * Base, fj,1 * Base, ... , fj,k-1 * Base, fj,k-1 — k - 1.
i- DecryptService f_j(i) ( j 1 n, i), n - 1 DKG. i- DecryptService j:
f_j(i) * Base
: fj,0 * Base, fj.1 * Base, ... , fj,k-1 * Base
i: fj,0 * Base, i * ( fj,1 * Base), ... , i^(k-1) * ( fj,k-1 * Base)
.
f_j(i) * Base ( j i, ), . j: f_j(i), — 0.
, s_i f_j(i) j , .
k , s_i * Lagrange(k, i), Lagrange(k, i) — , (k) i, , Pub (MainPublicKey), — priv_i.
3, (MainPublicKey), , . .
«» . , , «» K , . : . ? , .
4.
, M (MainPublicKey):
r R = r * Base.
= M + r * MainPublicKey.
— (R, C) — .
priv : priv * R.
M: M = - priv * R.
, (R, C) priv * R.
(, (k, n) = (3,6)), s_i * R, , . « ». 3 6 s_i * R , priv * R. , .
, , . , DecryptService « », , . DecryptService , , , .
: (), (DKG), , . , , .
, . , , .
. . , , , .
, , — , , — . , , . . . . — .
, , « » . , .
, . . « » — , !
1: ( R1, 1 ) =( r1 * Base, M1 + r1 * MainPublicKey )
2: ( R2, 2 ) =( r2 * Base, M2 + r2 * MainPublicKey )
: ( R1 + R2, C1 + C2 ) = ( ( r1+r2 ) * Base, M1 + M2 + ( r1 + r2 ) * MainPublicKey )
, ( MainPublicKey = priv * Base):
( M1 + M2 ) = ( C1 + C2 ) – priv * ( R1 + R2 ) = M1 + M2 + ( r1 + r2 ) * MainPublicKey – priv * ( r1 + r2 ) * Base = M1 + M2
- «», - — «».
, , , . , , «». «» .
, , , , — . , . , , , , . . , , .
(ZKP — Zero Knowledge Proofs)
. . « » , , "1" «100500». «–100500» , . , « ».
, - – . - , (, ) .
ZKP ( ) — « -» «»:
«A» , , «B», . «» «», :
«» «» . «» , «».
«» «» - , , .
«» , «».
, «» , , , , 50/50. , «» , «» , «» . «» , , (, «» ), (, «» ) .
ZKP
, , NIZK, , — «0» «1» — , . , «1». , «1» .
( ) ZKP . , , , , . «1» ZKP . , N, . ZKP [0, 1, 2, 3]. ZKP [3] — . [1, 2, 3] — 1 3 , .
, « proof» . .
:
(R_1, C_1), Proof_1,
.........................
(R_M, C_M), Proof_M,
Sum_Proof
, ZKP . ( ), , — .
ZKP
, , , , , , . , . , — « ». « » , .
: , , . , .
: , , «» , , «». «ZK- », ZKP Chaum-Pedersen, x A = x * B C = x * D ( A B, C, D — ).
:
;
;
, , .
[ [ 2,5,6 ], [ 3,5,5 ], [ 7,6 ], [ 10,3 ] ].
-
, , , , , . , «» — ; Google Forms :)
— -. , . , , «» . , «», — . «» : , - .
- . « » , , : , — . - DKG, .
?
, -. -, — , DKG. -, - , . «» -. , — .
— , , , . UX — :) — , , , , UX -, , . , , , . , , : « , , , - ?». , , .
, . - , . . , - , ..
— , . , . .