Nostr

If I understand it properly, the mint signs an encrypted message, and the signature survives decryption, sorta like if an envelop had carbon copy paper inside, a signature on the outside survives the destruction of the envelope (that is, decryption).

So, the ballot tokens are minted, encrypted with the voter's key, sent to the voter, decrypted and selected by the voter, and broadcasted to the verifiers. The selected tokens are verified with the booth's public key and are not traceable to the voter.

To make it more secure, a voter would send a separate verifiable message authorizing having voted, which is weighed against the total count to keep the booth itself from just broadcasting fraudulent extra votes.

I think I need to draw a diagram.

PS: This could be multi-layered, too, like onion routing. A Teller service could request tokens minted on behalf of a third party from the main mint and store them securely until they need to be issued. The teller makes a withdrawal send to the third party asynchronously.

Reply to this note

Please Login to reply.

Discussion

arkinox 1y ago

nostr:npub12rv5lskctqxxs2c8rf2zlzc7xx3qpvzs3w4etgemauy9thegr43sf485vg we need an expert here lol

James A Lewis 1y ago

Sweet! I'm actually pretty excited about this idea.

The other mechanism I thought of to make sure poll booths stay honest is to have a higher authority issue ballot tokens and the booths act as tellers, maybe with redundancy, and the teller just collates and stores the tokens encrypted with the voters' pubkeys.