Good morning Jose,

By my understanding, the sender needs to reveal some secrets to the receiver, 
and the receiver will then know if it received 0 or 1 coin from that sender.  
(At least from my understanding of MimbleWimble; it might not be the case for 
CT, but MW is an extension of CT so...)

If voters send vote-coins directly to The Party, then The Party knows the votes 
of particular voters, and may then dispatch subcontractors to dispatch those 
voters.  It may be possible to have aggregators/mixers, but then you would have 
to trust the aggregators/mixers operate correctly and send to the correct 
destination party, and that the mixers are not recording voters.

Maybe in combination with something like CoinSwap or CoinJoin protocol would 
work to obscure the source of coins: a voter would have to swap several times 
with many, many other voters to ensure increased anonymity set (and then maybe 
some voters may report their transactions to The Party).

In any case sending directly from the tx of the Voting Authority to another tx 
to your selected The Party would let The Party members who secretly control the 
Voting Authority records to figure out, which voters got which txouts of the 
Voting Authority (presumably the Voting Authority has strict public records of 
which txout went to which voter, in order to prevent the Voting Authority 
secretly giving multiple vote-coins to a single One Man, All Votes).


​Sent with ProtonMail Secure Email.​

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐

On March 11, 2018 8:44 PM, JOSE FEMENIAS CAÑUELO via bitcoin-dev 
<> wrote:

> If I understand Bulletproof Confidential Transactions properly, their main 
> virtue is being able to hide not the senders/receivers of a coin but the 
> amount transferred.
> That sounds to me like a perfect use case for an election.
> For instance, in my country, every citizen is issued a National ID Card with 
> a digital certificate.
> So, a naive implementation could simply be that the Voting Authority, sends a 
> coin (1 coin = 1 vote) to each citizen above 18. This would be an open 
> transaction, so it is easily auditable.
> Later on, each voter sends her coin to her preferred party, as part of a 
> Bulletproof CT, along with 0 coins to other parties to disguise her vote.
> In the end, each party will accrue as may votes as coins received.
> Is there any gotcha I’m missing here? Are there any missing features required 
> in Bulletproof to support this use case?
> bitcoin-dev mailing list

bitcoin-dev mailing list

Reply via email to