Skip to content

Instantly share code, notes, and snippets.

@bartvm

bartvm/anonymous_ballet.md

Last active April 1, 2019 21:03
Show Gist options
  • Save bartvm/01ccf61a5fd009bf0dfedd6d6678542a to your computer and use it in GitHub Desktop.
Save bartvm/01ccf61a5fd009bf0dfedd6d6678542a to your computer and use it in GitHub Desktop.
Download ZIP
Anonymous ballot
Raw
anonymous_ballet.md

Anonymous ballot

The goal is to allow a user to anonymously share sensitive information which can be used in a selection process. The user must be able to prove they were admitted without revealing their sensitive information. A two-step ring signature process meets these requirements.

Ring signature

Consider a group of n users where each user i has a public, Pi, and secret (private) key, Si. A ring signature allows a user to sign a message using their private key, s = sign(m, Si, P1, ..., Pn), proving that they are a member of the group without revealing their identity.

Approach

A user i submits their public information (e.g., their name and e-mail address) along with a public key, Pi, while holding their private key, Si, secret.

After all users have registered the set of public keys, P1, ..., Pn, is made public. Each user can now submit their sensitive information, along with a signed message proving that they have registered, si = sign('is_registered', Si, P1, ..., Pn). The signature must not be shared with other users.

After the ballot has been performed, the user can submit their signature si to see whether the corresponding ballot was selected. If they were admitted, the user can claim their ticket by submitting a new public key, P'i, while keeping the new private key, S'i, secret.

After all k tickets have been claimed, the new set of public keys, Pi1, ..., Pik is made public. To receive their ticket, the user must submit their public information (e.g., e-mail address) along with a signed message, s'i = sign('is_admitted', S'i, Pi1, ..., Pik), proving that they were admitted.

Implementation

JavaScript can be used to perform the key generation client-side. The workflow then looks as follows:

  • A user submits their personal information through a form. They are given a password (which encodes Si) that can be written down, printed, or e-mailed to themselves.
  • After the registration period closes, users are invited to submit their sensitive information through a form. They fill in their password but only the derived signature is transmitted, proving that they are registered.
  • Once the results are in, the user fills in their password on a form and the derived signature is used to notify them whether they were admitted or not. If admitted, they will be given a second password (which encodes S'i).
  • At the event, the user can use the second password to prove that they were admitted.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment