So I create a thousand bitcoin addresses and vote a thousand times?
Yeah, it needs to be one coin one vote. Kind of like proof of stake.
Yes, as long as each of those addresses paid the full membership fee to a fixed public address you will be able to vote 1000 times. Note that the annual membership fee might be substantial. I thought I somewhat explained it in the OP (paragraph 4) but maybe it needs more clarification.
This fixed public address called budget or domain address might need to be a part of the vote structure thus making it a quadruple of the form {Domain address, Member address, Topic Hash, Vote message}.
Topic hashes would then be grouped around domain addresses and would not intersect globally.
This will allow the voting P2P network to span across multiple domains/organizations/societies.
I originally thought that domain addresses and their respective networks would be isolated and thus domain address would be hard-coded in the system or pre-configured in the settings somewhere.
Each voting node would be able to verify using blockchain that votes are coming from the addresses which paid the full membership fee to the domain address before registering the vote in the local database.
Obviously a few other conditions need to be met to deem the vote as valid:
- signature on the vote message must be valid (checked against member address)
- vote message must be one of the allowed answers (stored in the database) for a given topic hash
- conflicting duplicates for a pair of {member address, topic hash} are removed, pair banned with proof
- exact duplicates are ignored (not repeatedly registered in the database, not propagated to other peers)
- topic hash must be in the list of active topics for a given domain address
- topic hash is the hash of {domain address + topic's question + topic's answers list} stored in the database
This approach still allows big money to buy the voting outcome the same way it allows big money to perform a 51% attack on the underlying monetary system but it will at least make it obvious that the number of valid votes is greater than the estimation of the actual members in the group, not that it helps much.
How to handle this situation is still an open question.
One of the possible solutions is to make topic questions secret thus not allowing "outsiders" to vote in a meaningful way even if they paid for it. Topic answers still need to be in the system as it is part of the vote verification mechanism.
EDIT:
Small correction: It should be possible to feed the topic's question and the list of topic's answers into the unchanged system as the hashes of the actual question and the actual answers thus allowing full validation of the votes and the topic hash itself (topic hash would then be a hash of hashes) while keeping the whole content of the topic secret. Vote messages coming from the members would then be hashes of the actual answers.
Those members who paid the voting fee but don't know the question/answers would still be allowed to vote, but would have no clue of what they are voting for.
Maybe some other things need to be made secret or the system needs to be compartmentalized in some way. But the basis of the concept remains the same - only those who paid are allowed to vote and it is provable via blockchain. Current design fully satisfies this criteria.
Also it should be possible to keep the initial assessment and eventual approval of topics for voting within the voting P2P network itself thus reducing the risk of certain topics being suppressed on the external (centralized?) system where they are discussed (if that external system is needed at all)
And thanks for keeping this topic alive, guys!
EDIT2:
There are at least 2 possible solutions for 1000-votes-per-person problem that I can think of apart from the fact that he/she would need to pay for all of them.
One would be to add another field into the vote structure making it a quintuple of the form:
{Domain address, Member address, Topic hash, Vote message, Nonce}
while adding another rule into the vote verification mechanism (as described above):
- hash of the whole vote quintuple is less that the current vote difficulty (derived from monetary difficulty)
Thus adding the requirement for members to be at least small miners. The time required to find the nonce for a single vote should be one third or one half of the voting window allowing for variance maybe less assuming there are several topics to be voted on within given window.
Another solution for small group to avoid external influence on their voting process is to create their domain address in secret and allow very short window of time for members to pay their membership fee after which any addresses paid to that domain address would be discarded and not allowed to vote.
These rules along with how much fees and how frequently they need to be paid (yearly, monthly, etc) must become the "domain policy" which should be stored in the voting distributed database for votes verification and protected with signatures from the domain address private key(s) (multiple keys if domain address is multisig). Domain policy needs to keep version number to allow amendments and the way to recognize which policy is the latest one. The amended policy would then be broadcast to the network the same way as votes are broadcast preferably not within any voting window for that domain.
