Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

msc placeholder: something with passport-grade digital identity, DAO voting, ? #8062

Open
synctext opened this issue Jun 17, 2024 · 13 comments
Assignees

Comments

@synctext
Copy link
Member

synctext commented Jun 17, 2024

Exploring master thesis topic! With Honors bsc, also msc With Honors potential! Only thesis grade needs to be high. Zero courses to be done. 12 months of msc dedicated focus. Honor thesis example. 15 ECTS ahead of schedule, 2 exemptions (ETH-Z exchange). Can you also use Q4 for msc? Friday 27 June defence? Or Monday 30 June 2025. {Friday 29 Aug 2025 might be the lastest defense date (Q5). }

Science by With Honors master student cardinal example: Achieving Sybil-Proofness in Distributed Work Systems
Paid trip to Hawaii conference, Financial Cryptography: Paying the Guard: an Entry-Guard-based Payment System for Tor. Japan

Official embedding at government agency? (AFM,KvK,APG,RvIG,FIN, ???) Focus, bit of hands-on, not just paper stuff, connected to the real world. Has already deep knowledge of digital identity, eIDAS, and ledger stuff around trust. Understands the gap between running code and large-scale usage.

Time-line: due to hard work in bsc phase, 1 quarter ahead of schedule. Start Q1 2024 or any other time desired. Brainstorm of direction:

  1. Digital identity and e-voting. Read the foundations from 1938 on this topic: Voting Rights of Capital Stock and Shareholders. As a first step to the re-birth of online democracy we work towards online voting during stockholder meetings. See APG work in this direction. Furthermore, we have an operational system for democratic control of money. Our DAO system for governance of collective Bitcoin-based capital is dependant on a Sybil-tolerance identity solution for voters.
  1. Digital identity. You just explore that for 2 weeks, do some reading. Note that picking an exact subject is also part of the thesis process. No problem to take 3-6 weeks to explore exact directions in a learn-by-doing approach! So it's coding with a purpose... Like, reading NFC chips of your ID card within Superapp (has {possibly broken now} support for reading Dutch ID cards).

  2. Digital identity for companies. Dutch Chamber of Commerce is active there. Your thesis could be to realise their ID system for legal entities. Please read this thesis from our lab: master thesis - zero trust architecture for legal entities #6786 (comment)
    This is the right time to do prototyping of an EBSI-based solution suitable for a large-scale trail (by others). Only thing we need is identity and signature binding + feature to sign any .PDF file. Nothing more :-)
    Any legal document then becomes irrefutable digitally signed. Accountants then can switch to the digital age, instead of old skool signatures.

  3. The offline digital Euro 😲 4th Juli 2024 graduation. Full thesis: Offline Digital Euro: a Minimum Viable CBDC using Groth-Sahai proofs
    Please browse this work and think if you want to consider doing something similar, with more security and/or privacy. Double spending is very hard plus trusted party complication.
    NOTE: this is the required thesis format: the dense and IEEE 2-column writing style with arXiv upload.

  4. trusted servers are needed for upcoming EU digital identity. These EBSI servers are the root-of-trust.Dive into SIEM tools for security of these servers. Makes sure attacks get detected, no log wipes possible. Then think of ideas to make 1 tool even better, performance analysis, graphs in thesis, and graduate. https://logz.io/blog/open-source-siem-tools/

  5. Distributed Edge-AI. Current student Quinten van Eijs is graduating. AI-based Youtube client alternative: BeyondFederated - truly decentralised learning at the edge #7254

Practical sprint ideas: compile superapp from scratch, with EBSI data vault: #6023 (comment)

@synctext synctext changed the title msc placeholder: something with passport-grade digital identity? msc placeholder: something with passport-grade digital identity, DAO voting, ? Jun 17, 2024
@synctext
Copy link
Member Author

synctext commented Jun 18, 2024

Architecting leaderless organisations

This thesis aims to invent a new method for large-scale human organisation, specifically leaderless socio-economic organisations with evolutionary capability. We will use the experimental economists methodology to explore the future of how our global economy may be organised, who will own it, and if taxes will be paid. Starting point is the automated online concept known as Decentralized Autonomous Organizations (DAO). We define a DAO as a leaderless organisation for organising any socio-economic activity. This emerging field holds the potential to provide the organisation principle for our upcoming AI-robot economy. We aim to explore primitive self-governance of DAOs, evolutionary principles, and economic activity under direct democratic control. This aims requires advancing the state-of-the-art in digital identity, programmable money, and Decentralised Autonomous Organisations (DAO). DAO science is still an emerging immature field with several open problems such as trusted infrastructure nodes, the founders with most decision making power, and rich-get-richer dynamics in general. The scientific problems to solve are inequality, democratic deficiency, design for evolution, and complex self-organisation. Prior technologies such such as smart contracts provide code execution at high cost without reliance on clouds or trusted third parties. However, a large "reality gap" remains with prior proposed architectures and realities of cybersecurity, complex self-organising systems, and self-evolving systems.
The state-of-the-art within digital identity is insufficient to support online voting at scale. This thesis builds upon prior work from Delft University, such as the root-of-trust for the upcoming passport-grade digital identity called EBSI/EDIC under eIDAS 2.0 legislation. Furthermore, we re-use the learnings from our programmable digital Euro trail with live connectivity to the IBAN banking system. Finally, the operational fully decentralised artist investment and music distribution platform will be re-used to minimize engineering effort of business logic. Central research questions are:

  1. devise a digital identity architecture to enable DAO voting
  2. devise voting principles for DAO governance and democratic control of programmable money
  3. devise a security architecture for upgrades and self-evolution of a DAO

Literature

@synctext
Copy link
Member Author

synctext commented Jul 2, 2024

ToDo: find honor level master thesis topic (2sep 2024 - Aug 2025)
Honor track potential (some course grades still pending)
Thesis draft working title: "Realisation of online democracy: DAO e-voting using zero-knowledge constructs"

Requirement: planetary-scale voting system (few billion users, avoid Sybils, no single eligible voters database)
Theory + systems building balance: real voting, real Bitcoin, real EBSI wallet, real Bitcoin hardware procurement.

@synctext
Copy link
Member Author

synctext commented Sep 2, 2024

ToDo: make a list of 3 With Honors msc projects. Could spend 3 months on this if Q4 is also available. 80% of bsc thesis project where based upon Machine learning{AI}. Has ML fatigue 🙅

First sprint, for next meeting: find & read related work about on-device biometrics and revocable. Why? It is both privacy-respecting and strong security.

update:

@Eragoneq
Copy link

Eragoneq commented Oct 1, 2024

Reviewed papers:

Insight Into Voting in DAOs: Conceptual Analysis and a Proposal for Evaluation Framework

  • General proposed framework for evaluation
    • SEED for Security, Efficiency, Effectiveness, Decentralization
  • Since the consequences of security issues are serious, security should be the primary consideration when designing a DAO voting mechanism. A secure voting mechanism is the basis of the stability in DAOs.
    • Good fundamentals for the cyber-sec based thesis
  • Provides and evaluates some existing voting systems

E-Voting With Blockchain: An E-Voting Protocol with Decentralisation and Voter Privacy

  • General one of the first established blockchain based e-voting system
  • Uses a Central Authority, thus it's not exactly applicable for DAO
  • Promotes permissioned blockchain use
  • Might be more applicable to general democratic elections

DAO Decentralization: Voting-Bloc Entropy, Bribery, and Dark DAOs

  • Introduced metric for decentralization
    • Could be connected more formally with the SEED framework and also uses some greek letters so overall interesting
    • Still theoretical as we cannot express users utility exactly, but could be used to analyze the security more in-depth
  • Provides more examples of security issues related to decentralization
  • Nice cited blog post: https://hackingdistributed.com/2018/07/02/on-chain-vote-buying/

From Technology to Society: An Overview of Blockchain-Based DAO

  • How blockchain technology may be used by the society
  • Talks about problems when trying to incorporate DAOs
    • Consider irl usecases for the voting technology

Blockchain for Electronic Voting System—Review and Open Research Challenges

  • Definitions of problems that need to be tackled by the voting systems
    • Detailed descriptions and a lot of properties
  • As mentioned in future work, due to public nature of blockchain we cannot fulfill full privacy and secrecy, thus cannot be used in real elections
    • Finding a scheme that allows to mix the votes anonymously would be required

A Liquid Democracy Enabled Blockchain-Based Electronic Voting System

  • An example of an implementation of the blockchain electronic vote system
  • Uses a permission Hyperledger Blockchain and centralized authorities
  • Very basic, but provides a more engineering approach

ElectionBlock: An Electronic Voting System using Blockchain and Fingerprint Authentication

  • Another case study which implements an electronic vote system
  • Also uses a newly-created permissioned blockchain for the election
  • Provides a more detailed process for benchmarking and analysis of the prototype

Internet voting in Estonia 2005–2019: Evidence from eleven elections

  • Analysis of the i-voting system implemented in Estonia
  • Provides an in-depth look into the effects of electronic voting in the political aspect
    • Seems that since the implementation the trust stays within the same range, thus people don't get more comfortable with the system after longer time
    • The trust problem is being leveraged by the certain parties to dispute the election outcome
    • Legal framework is as important as technical one
  • "Creating protocols that would provide better evidence for the i-voter while not enabling vote selling is currently an active area of research."
  • i-voting is more convenient and more popular, but the trust and election turnout does not change

E-Voting Meets Blockchain: A Survey

  • Literature review of the existing systems that have been proposed and implemented by governments and private sector companies
    • Provides a lot of technological ideas and references to existing solutions

Privacy-Preserving E-Voting System Supporting Score Voting Using Blockchain

  • A system using ZKP to create private elections
  • Has a good performance results
  • Seems like a good idea to implement and create a similar system, as it also has a nice strong theoretical fundamentals

General thoughts:

  • Votes have to be bound certain entity, different systems might use 1 token 1 vote, 1 person 1 vote etc. Depends on the requirements. Might be interesting to look into merit/expertise based voting, assign subject to the proposals and allow some votes to have higher weight. Connected with some identity framework and extendable properties
  • Analyzing classical voting theory might be a good next step as well, finding a way to bridge the DAOs with the centralized elections and voting would be a great achievement. It would also be an important element in actually defining the "democracy" part of it, since there might be a reasoning in literature that explains some slight paradigm shifts or changes to the standard democratic process
  • Often a problem with electronic systems and votes is with a trust. Even when we design a system that secures privacy of users and handles data in a proper way, the users might still not trust it due to lack of transparency. With real life ballots we can see that they are not marked and as such our vote cannot be distinguished, which is a lot harder to prove with electronic system. Analyzing the existing real life systems and the way the trust is distributed there might be interesting to note down.

For cum-laude potential:

  • Combining ZKP and generally more advanced cryptography with a design of a distributed system to allow for easy and convenient working
  • Add a strong base that takes privacy and security first in the system, while still maintaining high efficiency
  • Use tables and evaluation frameworks, graphs for the design structure and equations for the cryptography
  • Allow for intercompatibility with EBSI/EIDAS framework
  • Have a layer of strong identity to avoid sybils, and still maintain privacy and anonymity

EBSI Node map

@synctext
Copy link
Member Author

synctext commented Oct 2, 2024

Thesis ToDo: advise to keep it in the stockholder realm, leave out emotional parliamentary elections. Use selfies as foundation to identify Sybils. Primitive is you take a selfie, has not trust yet, stockholder verify each other, incentive to fight fraud together, strengthened by each physical meeting with another stockholder, build web-of-trust with verifiers, all stockholders need to verify all identities for 100% trust and 100% Sybil proof. For each verification level you can provide a theorical proof of Sybil protection. Since 1983 we know that reaching consensus with n nodes when taking byzantine failures into account takes a certain amount of messages and rounds. Node validation can be translated into a graph problem if we loosing our assumptions. The identities we validated are non-Sybil plus the identities they validated (one-hop trust, k-hop trust).

Deliverable: problem description (for cyber security thesis green light)

@Eragoneq
Copy link

Hmm

  • Iris detection seems unreliable with smartphone camera
    • Might still be better than some other biometrics
  • Spoofing is still a huge problem, a photo could be used to impersonate someone
  • Trusted hardware is required, and reliable check of the iris being actually "live"

WorldCoin

Why is it bad?

  • Trust is always an issue, how to verify any side-effects and tampering in real life?
    • How do traditional systems solve it, when it comes to government ID?

Main drawbacks:

  • It creates a unique way to generate a key, but not to handle it. Users can later transfer the "real" personhood to another entity, thus act upon them
  • Question of trust is based on the centrally created hardware to perform the scanning, the general design is open sourced, but there is no easy verification
  • Proof of Personhood is not that useful on it's own, all the related credentials make it relevant in use
  • How to address direct issues with the iris?

link

EU

  • EIDAS is still an interesting angle
    • Use NFC layer from the new IDs
    • Get all the data and create an entry in wallet app
    • PL ID also has photo in NFC chip, thus I can be used with face recognition for local storage
    • No easy/open-source access to the NFC chip data
    • Create hash for both and verify that face from ID and taken now match
      • Seems almost the same as the usual software KYC solutions
      • For now only the higher layer of private wallet differs
    • EUDI Wallet framework

Grand Idea

  • Multidimensional trust framework
  • We cannot easily decide what trust/identity provider would we choose
  • Each one has advantages and disadvanteges
  • We can piggyback on top of all the ideas and create a single framework to allow for use of any
    • Gov ID / EUDI
    • Worldcoin
    • Real-life meetings
    • Biometric framework (?)
    • Reputation system
  • Each of the providers would have certain properties, that could be voted on and updated based on the real capabilities
  • Similar to cipher suite in TLS, we could choose Identity provider suite
    • Different identities would allow be given different levels of integrity etc.
    • Direct inclusion of ZKP would allow users to directly control, which data would be provided to the asking entities
      • A framework of questions that the sites could ask based on permission levels
      • eg. Do you have gov ID? What is the UID of your gov ID? Are you older than 18? Do you have ? (Verifiable Credential)
      • Exact list of questions should be restricted, but extendable with some credentials
  • A verification within the actual wallet could see whether the same ID has been used in multiple wallets
    • A system to disallow creating multiple wallets with the same kind of identity
    • This could in turn counter the issue of sybils in different systems
    • The problem becomes how can we verify the existance of the same ID in different wallets?
    • Synchronize/share the contents and check for their integrity without actually compormising on the privacy
  • That would allow for easy integration of existing standards, while creating a new one that combines the ideas of the different ones
  • Structure of the protocol/framework could be DAO/community based, which would allow for introduction of new providers based on the popular vote
  • If integrated with some crypto network it could be made into a bounty system, where implementation of the given feature would have its bounty and then after the implementation the developer would receive the payout

@synctext
Copy link
Member Author

synctext commented Oct 23, 2024

still struggling to see a simple With Honors idea

  • meta wallet is complex
  • Sybil is complex
  • DAO is probably best ZKP context

Brainstorm:

@Eragoneq
Copy link

Eragoneq commented Nov 5, 2024

Voting in DAOs

Sybils

  • Verify users identity via EUDI wallet

EUDI Wallet

  • Use preexisiting issuers for the identity providers
  • (?) Create own issuer with specific properties to hold within the wallet
    • Student card for usage in a university scale DAO

Anonymity and Privacy, Confidentiality

  • Have options for different levels of anonymity in the system
    • Allow for named voting (Only for selected people)
    • Completely anonymous voting
  • Allow for users to change their vote (?)
    • Help with issue of selling votes

Integrity

  • Option to verify that the vote has been counted
    • No way to directly see what was the final vote on the given "ballot" (again avoid selling)
  • Include multi-party computation to ensure that the vote is properly counted and cannot be changed by a malicious server
  • Ensure some way to verify the integrity of the counting server
    • In a DAO context it would usually be done on the blockchain to check that

Availability

  • Ensure that system contains redundancy
  • No single point of failiure

Blockchain

  • Use of Permissioned Blockchain (?)
    • Not a real DAO
  • Gotta define the exact use case for this DAO/system
    • Most likely something EU related, due to the use of EUDI
    • Might be EU scale project, or smaller example one within EU country (university scale DAO)
      • Doing multiple countries would be a more aligned example with the EUDI usecase

Works

Unpacking DAOs
Challenges of voting

Big Idea Again

Privacy-Preserving E-Voting Through EUDI Wallet: A Zero-Knowledge Framework for Verifiable Democratic Participation

Main assumptions

  • Only specific people/organizations can start the voting process
    • Infrastructure may be controlled by the single entity
    • Cryptographic design must follow client side encryption
      • Ensures that even with controlled infra, no information is leaked
      • We cannot leak any identifiers, vote cannot be singled out when it has been mixed in
  • We might used hybrid blockchain approach
    • Use only immutable and verifiable properties of blockchain
    • Traditional redundant centralized approach might help with scalability and security against DDOS attacks
  • Similar architecture type to Estonia, but actually include the modern ideas of blockchain

Testing the EUDI app

@synctext
Copy link
Member Author

synctext commented Nov 5, 2024

@Eragoneq
Copy link

Eragoneq commented Nov 20, 2024

  • My analysis of the EUDI code concludes that it is high quality, if you follow the instructions it just works easily
    • It could be well used for actual real project and a professional Master Thesis
    • Uses modern tools by default (Docker, Swagger, OpenID, JWTs, other Web Standards)
    • Mobile native by default (both apps and code with support for Android and iOS)
    • For Android it mainly uses directly code Kotlin
    • Devs are responsive to issues on Github
  • Got the EUDI Verifier working locally
  • Run the PID Issuer, but cannot fully test it because of self-signed certificates
  • Started with the Thesis template and began filling in basic data and some related work papers

TODO:

  • Modify the EUDI app to allow another cert issuers
  • Use specific certificate/create local certificate authority
  • Possibly integrate functionality into superapp

Idea for Thesis Design:

  • Assume single PID server that issue valid Identities
  • All holders of valid identity are eligible for voting
  • Using zero-knowledge proofs etc. for privacy
  • Users gossip their votes in a network with privacy
    • ZKP used to hide the actual values and not allow any leaks
  • Possibly use the verifiability and immutability of the blockchain

Regulatory options for integrating zero-knowledge proofs into the European Digital Identity Wallet

@synctext
Copy link
Member Author

synctext commented Nov 20, 2024

Solid progress!! Next step is then identifying the state-of-the-art in ZKP, vote counting, and system architecture. Upcoming sprint: What are the design choices, the design space and possible architectures? Lots of stuff exists, how practical is it? Theory part of thesis: table with designs, scalability analysis, experiment with best algorithm, combine 2, or even enhance state-of-the-art. Key to scalability analysis is: size of certificates, size of proof, resulting network message exchange, and computational efficiency. With Honors Thesis outcome: stronger baseline for democracy 🫢

Taxonomy in a single glance. Systematic overview of past years of innovation. Key milestones identified. Scientific grounding, 1 or more scientific article per entry/line/milestone. Table with overview and literature, see brilliant With Honours example: image

@Eragoneq
Copy link

Eragoneq commented Dec 8, 2024

Refs

Design and Implementation of Verifiable Blockchain-Based e-voting System open-source link
A State of the Art Survey and Research Directions on Blockchain Based Electronic Voting System
Analysis of Blockchain Solutions for E-Voting: A Systematic Literature Review
Election Verifiability with ProVerif

Trends in blockchain-based electronic voting systems - No research with real world experimentation (maybe focus on that as well)
d-BAME: Distributed Blockchain-Based Anonymous Mobile Electronic Voting - Nice info about Universal Verifiability Versus Coercion Resistance

PeerVote: A Decentralized Voting Mechanism for P2P Collaboration Systems

Theses

Provotum: A Blockchain-based and End-to-end Verifiable Remote Electronic Voting System open-source link

  • Only for yes/no elections
  • No resubmitting, no coercion resistance

Mixnets in a Distributed Ledger Remote Electronic Voting System

  • Master's Thesis extension to the Provotum suggested in [4]
  • Provides very good fundamentals for this research

Design and Implementation of Systems Interfaces for a Mixnet-based Voting System
Security Analysis and Improvements of a Blockchain-based Remote Electronic Voting System

ProvotuMN: Decentralized, Mix-Net-based, and Receipt-free Voting System open-source link

  • MixNets

Technical Specification of Swiss e-Voting v4.2 (2024)

Coercion-Resistance and End-to-End Verifiability in the Estonian and Swiss CHVote 2.0 eVoting Systems

  • Analysis of Estonia and Switzerland systems

Design Challanges

  • Secure Digital Identity Management - solved by using EUDI
  • Anonymous Vote-Casting - needs strong crypto, ZKP
  • Individualized Ballot Processes - resistance to phishing and vote-selling
  • Ballot Casting Verifiability by the Voter - use of blockchain, pseudonymization
  • Scalability, DDOS protection - cannot use too heavy processes
  • Voter Trust - simplicity and availability of tools to verify

Problems in current solutions

  • Low throughput due to blockchains permissionless PoW - Use public permissioned blockchain (?)
  • Identity Management is always an issue, gotta focus more on safely integrating the EUDI

Ideas

  • Use FIDO in conjuction with EUDI to achieve phishing resistant MFA
    • Others suggested SMS, but it should not be considered safe
    • Requries voters to own a FIDO key
  • Allow fake votes to enable coertion resistance
    • Create option to cast a fake vote, that would be indistinguishable from the verifier perspective
    • Only voter and system would be able to see it
    • Voters could revote
    • System wouldn't count fake vote

Code

What is needed next?

  • Specific system requirements
    • Stakeholders
    • What properties are required?
    • Scalability
    • Trust assumptions

@synctext
Copy link
Member Author

synctext commented Dec 9, 2024

As systems people, please try to look at real examples. Avoid fantasy digital designs, try 1979 real voting:

  • Voting Systems In Agricultural Cooperatives - 1979
  • The one member-one vote rule in cooperatives - 2000
  • Voting in Firms: The Role of Agenda Control, Size and Voter Homogeneity
  • Real-world requirements:
    • Agenda control issue is essential. Rate control is required, avoid 'cycling' with numerous slightly different vote proposals
    • Decentralise election authority towards collective citizens
    • Register for citizens whom qualify to vote
  • Real-world implementation
    • Real DAO, real voting
    • Creator of the DAO is the root-of-trust (simplified for real system realisation)
    • DAO creator maintains membership of DAO
      • approve or reject new members
      • central point of vote register
      • re-use EUID PID issuer
    • Creator==first-citizen. known issue to decentralise later 🤔
      • all DAO infrastructure is decentralised on phones (IPv8)
      • governance uses democratic decision making, voting authority is decentralised
      • However: still central root-of-trust for DAO membership
  • Known ToDo items
    • Using zero-knowledge voting proofs etc. for privacy
    • Users gossip their votes in a network with privacy
    • ZKP used to hide the actual values and not allow any leaks
    • Modify the EUDI app to allow another cert issuers
    • Possibly integrate functionality into superapp
    • Assume single PID server smartphone that issue valid Identities (remove DNS, HTTPS)
    • Possibly use the verifiability and immutability of the blockchain TrustChain in superapp
    • Bitcoin integration. Collective control of unlimited money. (vote on spending proposal)
  • Where is the science? ⚠️ ⚠️ ⚠️

Sprint goal after X-Mas: working .APK 🚧 📱

update EU blockchain vote TREVO is deployed and evaluated in real use cases of a Greek municipality (Trikala) where direct citizen feedback is needed for addressing issues such as urban planning, wider regional strategies (e.g. energy or digital transition) and e-governance, leaving no one behind, including elderly people and vulnerable groups. The new approach is expected to increase the trustworthiness of e-voting systems in EU and across the globe and even make a step towards initiating the discussion for e-voting in national elections. https://ec.europa.eu/digital-building-blocks/sites/display/EBSISANDCOLLAB/European+Blockchain+Sandbox+announces+the+selected+projects+for+the+second+cohort

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

No branches or pull requests

2 participants