Yes, a zero knowledge proof of voting can<\/em> be made using a trusted authentication server without requiring client-side cryptography. This relies on the server generating and managing cryptographic commitments and verifying proofs based on pre-defined rules. The user only needs to prove they have the authority to request a vote (via their existing login) and receive the result, not perform complex crypto operations themselves.<\/p>\n This approach shifts the cryptographic burden to the trusted server. Here\u2019s how it breaks down:<\/p>\n Authentication: The user logs in to the trusted authentication server using their normal credentials (username\/password, MFA etc.). This establishes their identity. Here\u2019s a practical guide to implementing this system:<\/p>\n Choose a Cryptographic Library: Select a library that supports Pedersen commitments and range proofs (e.g., libsnark, ZoKrates). Generate a random blinding factor \u2018r\u2019. Vote Request Handling (Server-Side): When a user requests to vote:<\/p>\n Retrieve the commitment \u2018C\u2019 for that user from the database. Zero Knowledge Proof Generation (Server-Side): Use your chosen library to generate a proof demonstrating:<\/p>\n The user knows \u2018r\u2019 and \u2018H\u2019. Proof Verification (Server-Side & Public Verifiers): Verify the generated proof using the library\u2019s verification functions. Tallying: The server can tally the votes by summing the \u2018H\u2019 values of all valid proofs. Because only the commitments are stored, individual vote privacy is maintained.<\/p>\n The server never knows which user cast which vote. Trusted Server: The security of this system relies entirely on the trustworthiness of the authentication server. It must be protected against compromise. The post Zero Knowledge Voting with Trusted Server<\/a> appeared first on Blog | G5 Cyber Security<\/a>.<\/p>","protected":false},"excerpt":{"rendered":" TL;DR Yes, a zero knowledge proof of voting can be made using a trusted authentication server without requiring client-side cryptography. This relies on the server generating and managing cryptographic commitments and verifying proofs based on pre-defined rules. The user only needs to prove they have the authority to request a vote (via their existing login) […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-6407","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/6407"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6407"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/6407\/revisions"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6407"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6407"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6407"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}How it Works<\/h2>\n
\nCommitment Generation: Upon successful login, the server generates a unique cryptographic commitment for that user\u2019s vote. Think of this as a secret \u2018hash\u2019 representing their potential vote. The server stores this commitment securely, linked to the user\u2019s ID but without knowing the actual vote itself<\/em>.
\nVote Request: The user requests to cast their vote through the system.
\nProof of Authority: The server verifies that the user is authenticated and has a valid commitment associated with their account. This proves they are allowed to vote once<\/em>.
\nZero Knowledge Proof (Server-Side): The server then performs a zero knowledge proof protocol to confirm the vote was cast without revealing the actual vote content. A common method is using Pedersen commitments and range proofs.
\nResult Verification: Other parties can verify that a valid vote has been cast, but they cannot determine who<\/em> voted for what<\/em>.<\/p>\nStep-by-Step Implementation<\/h2>\n
\nCommitment Generation (Server-Side): When a user authenticates:<\/p>\n
\nChoose a public commitment key \u2018G\u2019 and a vote option encoding \u2018H\u2019 (e.g., 0 for Option A, 1 for Option B).
\nCalculate the commitment: C = r * G + H.
\nStore \u2018C\u2019 associated with the user\u2019s ID in your database.<\/p>\n
\nCheck if the commitment has already been used (prevent double voting).<\/p>\n
\n\u2018C = r * G + H\u2019 holds true.
\n\u2018H\u2019 is a valid vote option (e.g., 0 or 1).<\/p>\n
\n\/\/ Example (Conceptual – Library Specific)
\nbool isValidProof = verifyProof(proof, commitment, publicParameters);<\/p>\n
\nPublic verifiers can confirm the total count without knowing individual votes.<\/p>\nImportant Considerations<\/h2>\n
\nRange Proofs: Ensure your range proof implementation correctly restricts vote options to a predefined set (e.g., 0 and 1).
\nDatabase Security: Protect the database storing commitments from unauthorized access or modification.
\nScalability: Generating proofs can be computationally expensive. Consider optimizing your code and using efficient cryptographic libraries for large-scale deployments.<\/p>\n