I want to create a politically sensitive petition, with guaranteed unique users, from a fixed and known group of people, where non-identifying and aggregated statistics can be tracked, and that as more people sign and participate, the breadth of the characteristics aggregated and publicized can increase. Ultimately showing a dashboard. As well respondents can change their preferences on what they want to reveal about themselves. Any ideas?
If you can get a public key (as in RSA PKE key) associated reliably one-per-person then you can build something like this, and by using digital signatures you can prove any given person made a claim or posted some info.
The normal way is to use email, but you still can’t prove (at least not online) that you don’t have the same person using multiple different emails, unless you already trust that you know their emails. Online identity is sort of an “unsolved problem” in computer science.
I trust and know their emails. They are all academics, with webpages and recognized emails. So it is easy to verify their email - just as publishers will give free text books (or login access to e-text) to professors but not to students by verifying their webpage.
So the non-identifying part is still a challenge, because in order to submit secure info into a system you have to know who that info is from (i.e. specifically some public key).
Can they make an account and verify their identity, through a confirmation email, and get a key?
If you describe in full detail what you’re really trying to accomplish there’s probably a few people, including me, who can offer input, or suggest existing apps and components that can help, but I don’t know how to respond to super abstract questions except with super abstract answers.
I’m organizing a petition for academics, across multiple countries, including despotic countries, to demand their government organize for the release of academic prisoners. The people who sign could lose their job or could be punished in some way from their employer or their government. However, there are those who willing (by necessity for this petition to go viral) to to put their neck out and have their name listed publicly, encouraging others to sign as well (if only privately but with the ability to sign publicly).
I wanted to think through if this could work on IPFS, and be an example of sovereign data. How difficult would this be? How easy would it be to verify?
There could be various bits of information that would be added with each signature:
- Rank / position
- Short statement or 3 word sentiment (for a word cloud).
- Email .edu
In theory, we have the population of academics, positions, and emails. This is all public information, and we collected in a public database of academics - people could add their information here, even if they were not there. Adding information here does not mean that they signed, it only means that they are a public entity with verifiable and unique data points that can be verified. With this database which represents the pool of all possible academics, people who want to sign must be in that pool (that is how I was thinking one would ensure uniqueness of the signature).
Code is open source and verifiable, and thus trusted. I would like the governments, to which this petition is going, to be able to verify and trust that these numbers are accurate. So like voting - one person one vote must be enforced unless it won’t be trusted. The only information available to anyone is what is public, and what they uploaded on themselves, and accessible only with their key. But like some DAO, smart contracts could read the information and updates to the public information could automatically take place.
e.g. allow university or rank, once a certain number of other people with the same identifiers have signed up. (e.g. if the total number is greater than 20, then their university and rank is allowed to be revealed). , or
if the number in a particular university department (e.g. economics) is over 6, then count my presence
All the different permutations are predetermined and available (e.g. they just tick a box, and there is a few recommended or by default).
Those who do sign can remove their signature, or change setting over time as well. my hope is that people will release more information over time.
Researchers can explore blocks, modify their dashboard statistics.
At minimum, the number that is always public is country and number of signatures, but we don’t know university, rank, or department.
That’s an excellent goal for a project, and a working system would also be able to function (at least doing all the math and security) as a secure voting system. The easy part in a system like this is proving who said what. That’s a solved problem. That is, with RSA PKE everyone can digitally sign statements (vote submissions, petition statements, or whatever arbitrary text and data) so that all other persons can verify that the holder of the private key did create said digital signature.
The difficult part arises from how to keep the data secret. If you had a trusted authority who was willing to count votes (i.e. allowed to see all data) then you could make a system like this work, but you’d have the risk that this trusted party (or group of people) could potentially leak this information to the public, or conspire to lie about the results.
So you can boil all the “mathematically unsolved” (afaik) parts of this system down to one simple question:
“Is there a secure algorithm in known computer science that can perform the function of a secret ballot?” I don’t know.
PS: It so happens that I’m the developer/creator of a platform that you could build out the rest of a system like this “on top of” which is this:
Why can’t there be a DAO, or algorithm, that could decrypt just the information that is allowed to be released through the smart contract, tally it up, and publicize it? Why does there need to be a third party other than the code?
DAOs are an interesting thing, and rules can be enforced by computer networks voting and kicking out computers that don’t obey the rules (from the network), as blockchains do, but still even the state of the art systems are still introspectable by humans. Storing the hash codes of the digitally signed inputs to an election (voter data, votes, petitions, etc), and even the computed election results on a blockchain is a good way to persist it, but it doesn’t solve the problem of secrecy. It only makes things ‘tamper proof’.
Voting systems like this are still practical as long as some central authority is responsible for mapping public keys to individuals, and simply keeping that secret. Then how it can work is that each person who voted can go lookup on the public blockchain to verify how their vote was cast (to verify), based on their public key. In this case anyone can check what any public key voted for, but only the central authority would know who the true identity is associated with each public key.
Perhaps there is some way to automate this central authority into a single computer which is managed by humans, but for which no human is ever allowed to “get internal access into” by being under continual surveillance and air-gapped (no internet).
But at risk of sidetracking the discussion: My personal suggestion for how mankind should vote (in actual governmental elections) is to use physics. No computers! What I call “Mass Voting” (mass meaning “weight”). Something like based on people putting a penny into a bucket at a polling place and then publicly weighing buckets at the end of the night. That weighing totally eliminates the counting problem. Impossible to cheat. Anything using computers will be able to be cheated for the foreseeable future and are able to be cheated by the people controlling the software. Right now the election software companies don’t even share the source code!!! It’s unacceptable and foolish for the country to accept that, but most people are too technically illiterate to know how foolish it is, and the people manipulating the vote counting have the political power to shut down any discussions of changing it.
What about permissioned ledgers, and an apolitical third party oracle. Then there is privacy as well as a third party. For a petition, the easier the better, so that the technology doesn’t get in the way of trust.