[lawn]

There are ways to anonymize transactions. For example Monero's ring signatures and stealth addresses or ZCash's shielded transactions.

Also it's not that the government has their private keys. The government basically sends a token to an address the voter controls. So they cannot steal their votes and they cannot see where their transactions went.

So this is solvable.

[mckmk]

> So this is solvable.

I'm not so confident. The Monero output from those transactions is actually only knowable to the intended recipient so I don't really know how this would work best. Would there be a pre-determined address that we're all sending our vote transactions to? Would that key be public so it could be audited by everyone? It seems like in this scenario systematic abuse by the government would be trivial. Just grant a few % extra tokens to address you control and sign the transactions to vote your way and the'd be no auditability, no knowing which votes came from where. In many elections the polling is good enough and the margin narrow enough that it would be extremely easy to do and not look suspicious.

[lawn]

For example we could have a single address and you vote by tagging your transaction in some way or several addresses which each correspond to one answer. These should all be public.

The initial seeding should also be public so the total amount of votes could be audited as well. It's possible to set it up so you can't ever create any new votes after the initial seed (this is possible in all current token schemes for example).

> Just grant a few % extra tokens to address you control and sign the transactions to vote your way and the'd be no auditability, no knowing which votes came from where. In many elections the polling is good enough and the margin narrow enough that it would be extremely easy to do and not look suspicious.

This is a big problem with paper voting actually. At least with the blockchain based voting you cannot create extra votes out of thin air.

With paper voting you might be able to say "the faulty votes came from this district". You could accomplish the same by setting up separate blockchain votes for each district and then just adding them together to form the final vote to get the same property.

[mckmk]

>The initial seeding should also be public so the total amount of votes could be audited as well. It's possible to set it up so you can't ever create any new votes after the initial seed (this is possible in all current token schemes for example). I don't think this addresses the problem. In the US voter turn out is often 30-40% of registered voters. Total vote count would certianly not be a useful metric there.

I hate to be too pedantic about this but that's sort of the point. It doesn't sound like you're describing a blockchain anymore or at least getting any of the purported benefits of a blockchain. You have a central authority now setting up numerous separate instances, controling who gets the voting tokens, able to revoke and re-grant tokens at will, and in charge of setting and publishing the destination. The whole advantage of the blockchain is that there isn't a trusted 3rd party.

If you're already trusting the government you can do cryptographic hashing, a publicly readable database and build in a ton more transparency.

[lawn]

> In the US voter turn out is often 30-40% of registered voters. Total vote count would certianly not be a useful metric there.

We seed it with the # of registered voters. Sure they could try to withhold some % of votes and vote themselves but hopefully that should be noticed.

> It doesn't sound like you're describing a blockchain anymore or at least getting any of the purported benefits of a blockchain.

The blockchain here makes sure the votes are delivered and counted correctly, without permission or trust.

Yes we need to trust the government to set it all up but after that they can't interfere.

> able to revoke and re-grant tokens at will,

This is false. Only the voter can do this.

[mckmk]

>Sure they could try to withhold some % of votes and vote themselves but hopefully that should be noticed.

I think with ring signatures obfuscating everything it might be tough or even impossible to detect.

I would certainly enjoy reading a research paper on the viability though!

>> able to revoke and re-grant tokens at will >This is false. Only the voter can do this.

Then I think I don't understand the system you're proposing. How does the user get back their ability to vote if they lose their private key in this scenario?