Securing the Vote

[EGreg]

You have a dapp and it casts a vote on the blockchain as we described. But here, we don’t need to create new Elections etc. We can already make one election using etherscan without the dapp.

Deploy the dapp on two different websites with different domains. Each site has a private key and its EOA ethereum address been added with addPortal(address) to the election in the smart contract.

The main security feature is to force users to scan a QR code from a phone to verify and endorse the vote made on a computer. Here is the flow:

1. User visits the dapp on website A which lets them select the election and presents the choices in the election: A or B or C. Multiple choice. After a vote, values would be 0, 1, 0 if you chose B, for instance.

2. To submit the vote, user must authenticate on website A with website B running inside MetaMask, Intercoin or other wallet, with website B’s dapp scanning QR code presented on website A, and then providing the ethereum address of user, using web3.

3. Then website A on desktop generates a transaction signed by its private key, including address of user and their choices, and send it to website B, without needing more user interaction. Website A on desktop and website B on phone (inside wallet app) would show the same vote and choice to the user as on Website A. User will be asked by both websites to compare that results are same before posting.

4. At this point, the user would be asked to approve the transaction by their own wallet software running on the phone. Thus the payload would have been signed by private keys of sites A and B, to the blockchain, as well as transaction signed by authenticator wallet.

5. Smart contract MUST verify the payload was properly signed by private keys of both websites A and B and that both A and B (their EOA) were added as portals to the election.

This system relies on the user using the Intercoin wallet app as a sort of authenticator to sign transactions via scanning a QR code (which contains a payload, itself already signed by a Portal) and providing the user address to the portal website, using Web3.