Fully anonymous, unless you disclose your private key. It is called “private” for a reason.
Except you could accomplish all of what you just described with… a website. And you could make the entire log “tamper-proof” by just… having people watch the website.
What’s more, you get rid of a lot of tricky web-of-trust issues by keeping a centralized authority rather than distributing on a chain. Let’s say you get mugged on the way home from collecting your keypair and the mugger gets your keys. On a blockchain solution, you’re permanently screwed, there’s no way of revoking that key because that would be “tampering” with the chain. The mugger can then vote using your vote with impunity until the end of time. With a centralized version, the voting authority can unilaterally revoke the key and include police reports or other supporting evidence to explain why they’re disenfranchising that particular keypair. It’s up to the citizenry to then decide whether that move was legitimate and to cause a scandal if it’s not.
Voting intrinsically depends on central authorities to perform a number of key functions anyway. If you’re relying on them anyway, you don’t really have distributed trust and so a blockchain is not an appropriate solution.
How many characters in this key?
No, you take both home. You encrypt your vote with your private key, and save it together with your public key.
Yes, it does.
You can, but you can also show off someone else’s vote by using the public key that you have and know. Public keys are - you know - public.
Oh, no need to exaggerate. If you use a key approximately 256 bits in length (like bitcoin does), you can encode it as a couple of dozen random alphanumeric characters, or, better yet, a few random dictionary words.
So, how soon before an election would these keys be given out, will the pick-up areas be distributed more fairly than voting precincts have been, and will the process have to be repeated every time there is an election(unlike the current situation where your registration can be good for years in a lot of places? If people have to go through this whole process every time they vote, then the Republicans(who thrive more the fewer the total number of voters show up) should love it.
This would put a stop to all the “Get Out The Vote” programs where people go out and help those who are housebound or have trouble getting around register to vote, won’t it?
Doesn’t have to be extravagantly strong. Whatever it takes at current level of technology for the particular algorithm so that for one vote’s keypair it would take a few years to brute-force break it.
Well… your $5 billion system is anonymous, until somebody decides to beat you with a $9 monkeywrench to make you give up your key. Unless you burn your key immediately, in which case, what’s the use?
Our existing system has true symmetrical anonymity, which means you can’t be coerced into revealing your vote. Your scheme gives that up. How do you justify giving up that secrecy?
And the actual answer to my question would be…?
If you burn it immediately, you can still prove it to your own satisfaction that your vote is recorded correctly. You just cannot prove it to someone else’s satisfaction. So - prove it to yourself, then burn it.
Except in mail-in vote schemes. Like Oregon’s. Or absentee ballots.
4 years to break an RSA-768 key. (Note, that record was in 2009, might not be good enough anymore). That means your key is 232 decimal digits long. Not sure if this matters, given a physical token.
I don’t do that. Most people don’t. You’re not answering why we should give up the secrecy that we do have.
Most people don’t sell their votes. But if they want to, they can do it today, with mail-in ballots. And if they don’t want to, the secrecy is assured with what I am suggesting, by losing the private key.
Note that this is to break one vote. Also note that this only matters for the voting period itself. After it, the keys are stored under the blockchain encryption mechanism, which is (for a long chain) much harder to break in order to change the votes. You basically have to re-create all the blocks, which is computationally way more difficult than breaking one vote.
Are you voting (using your secret key) at home?
If so, since I am wiretapping the Internet I can (with some nonzero probability) tell what vote you cast, without cracking anything.
If not, why bother with the scheme at all?
When the goon with the rubber hose is trying to beat my key out of me, will he believe me when I say “I burned it at the polls?” I don’t think so. The only solution to this problem is not to issue receipts at all.
Absentee ballots aren’t relevant here. It’s true that someone could illegally keep a registry of names and ballots, but that’s a price people pay for the privilege of voting in absentia. I, on the other hand, do not vote in absentia and I have no interest in compromising my privacy in that way.
Maybe society as a whole might feel differently. I suppose Oregon decided that was OK. I’m not convinced of the value. If we’re solving abuses in the electoral system, I would rather address the thousands of people who are kicked off voter rolls with no due diligence for bullshit reasons. That’s a problem that needs solving.
Not really. During the voting season, there will probably be thousands of transactions per settlement period, which means that (unless you crack the TLS protocol used for secure web communication) you could maybe narrow it down to one out of a few thousand. Have fun with that.
Yeah, that’s not actually true, you’re conflating 2 different concepts there. Anyway, the key management is a sideshow as I keep saying. A 2048 bit key would fit on an EMV chip, and those are effectively unbreakable. Real question is whether any of this is a good idea w/r/t secrecy, privacy, and public confidence in the system.