[h4l0]

Blockchain for voting sounds like a terrible invitation to a terrible party. Voting is already a delicate subject which is really hard to secure on information systems. Researchers have spent decades to figure out a perfect solution but came short.

Blockchain has already surpassed its boundaries for multiple reasons. However, voting should be beyond that line. There are many questions that need to be answered before even thinking about using blockchain for voting.

- How will identification work?

- What is the proof-of-work scheme?

- How can you be sure that every vote ends up in the ledger? Transactions usually get lost and sometimes takes few tries to reach to miner.

- Most important property is that not a single vote should be traced back to its caster. Blockchain is all public, how are you going to anonymize everything? IP addresses of transaction owners are already open.

Edit: Formatting.

[RL_Quine]

> How will identification work?

That's the whole problem, and always unsolved (because it's hard). You need to be able to ensure that votes are made by real people, that votes aren't duplicated, and that votes are included in a count. Some of this is easy, some of this is near impossible. None of this is solved by a blockchain, which is at its core simply a remarkably inefficient, if decentralized, timestamping system. When a "blockchain" is presented as a solution, ask why the trustworthiness of timestamping was holding back a particular technology before now.

[babyloneleven]

Also, if you rely on a third party to do identification for you, you simply don't need a blockchain.

Blockchain is heavily constrained by the vital requirement of not trusting any third party whatsoever. If you relax this, you can build much simpler systems that are equally secure regarding non-repudiation and other properties but doesn't need proof of work.

[toomuchtodo]

Blockchain has one genuine purpose: value transactions where you can't rely on societal legal framework, nor do counterparties trust each other. "Silk Road".

[orblivion]

ZCash (from what I can understand of it) seems like it could be the basis to use. Suppose everyone sets up a wallet and they get paid one ZVoteCoin at voter registration. Then they go home and do a shielded transaction (you didn't even mention anonymity) to their favored candidate. Their wallet should tell them that the transaction went through.

[RL_Quine]

Your solution doesn't provide a solution to the core problem.

How do you identify that voters have a vote, and people that shouldn't have a vote didn't vote.

[orblivion]

> How do you identify that voters have a vote

The voters can see that their own transaction went through. Administrators (and everyone else) can count total votes cast at the end of the elections by the balances of the candidates' wallets. That's at least as good as paper ballots in this specific respect.

> and people that shouldn't have a vote didn't vote.

The voter's wallet can be tied to the voter's registration. Again, at least as good as what we have now, in this specific respect.

I think I've just made a more elaborated restatement of what I already said. Could you identify a specific hole in my system? You could point to voting software _in general_ being a bad idea, and that's fair enough. But it doesn't sound like that's what you were saying.

[acdha]

> The voters can see that their own transaction went through.

How do you prevent vote selling and coercion?

[dumbmatter]

At least it'd be no worse than we have now with voting my mail.

[misterdoubt]

Concerns about vote selling and coercion are already gone. It's practically impossible to actually prevent people from filming their votes as they are cast, and livestreaming my vote to you is just as good as having you sit in my doorway for it.

[orblivion]

Yeah I can't solve that part :-P Is this what people mean by "the identification problem"? I must have misunderstood.

[hanniabu]

I don't believe they'll be able to prove they voted for a candidate without giving away their keys.

[lallysingh]

Use the registration system we have now, where you give each voter a token (literally, even if you want - a qr code on a paper card) to vote?

I don't know why arguing that blockchain doesn't magically solve all your problems means that it can't be used to solve any of them.

[Donzo]

We can even still have voting at registered polling places with judges.

But, instead of throwing our votes into a magic black box, how about we put them on a blockchain and receive a way to audit our own votes?

[vngzs]

This appears reasonable. Votes are anonymous. Every person gets one vote. The software basically always works.

I would scrap the whole "mobile ID" thing, however. You should fill out a voter registration card to get a unique private key that is imported into your wallet.

[avmich]

I'm afraid there are too many ways this may not work, but I'd be more interested in figuring if there are other similarly fundamental problems to online voting.

[RL_Quine]

https://www.usenix.org/legacy/events/sec08/tech/full_papers/...

https://en.wikipedia.org/wiki/Helios_Voting

You might want to look at some of the issues solved by Helios. Its showing its age at this point but the fundamental design goals are the same as if it were designed today.

[lojack]

> - How will identification work?

In my mind this is the hardest problem to solve.

> - What is the proof-of-work scheme?

It doesn't necessarily need to be proof-of-work and I'd think it makes sense to piggyback off a different trusted network of some kind.

> - How can you be sure that every vote ends up in the ledger? Transactions usually get lost and sometimes takes few tries to reach to miner.

Do transactions actually get lost all that often? In my experience, transactions propagate the network pretty reliably and quickly. You can then look at the number of confirmed blocks to reliably check if its in the ledger.

> - Most important property is that not a single vote should be traced back to its caster. Blockchain is all public, how are you going to anonymize everything? IP addresses of transaction owners are already open.

IP addresses aren't stored, and the actual transaction could be layered on something like Tor to prevent tracing. You could also have physical voting centers. The important thing is that individual voters can verify their own vote.

One big concern I'd have that you didn't really touch on is around management of keys. In addition to identity verification, how do you handle theft of keys? If a key is stolen, how do you handle disputes to whats in the ledger? I would trust tech savvy people to keep their keys safe, but what about people who don't understand technology?

[lawn]

> how do you handle theft of keys?

I don't have a good solution for this one, but maybe it's not as big of a problem as it appears at first glance.

If we assume that a key can be made invalid, in a public way so we all know which keys are marked as invalid (= stolen), then each voter can know if their vote is correctly handled or not. If it's not they can have a chance to dispute or change their vote, possibly going through some extra identification procedure.

With this scheme disputes gets handled by invalidating previous votes, but in a transparent manner to both. Yes this relies on individual voters to keep the system honest, so their votes aren't used improperly, but isn't this an improvement over the system today? Isn't it a more democratic trust based process rather than having to trust election workers not to cheat?

[qrbLPHiKpiux]

> Blockchain for voting sounds like a terrible invitation to a terrible party.

I'm expecting a ton of down-votes into oblivion for the following...

Because you can "chip it" doesn't mean you should.

And, just because you can apply technology to something, also doesn't mean you should.

Time and time again we are shown how vulnerable computers and digital data are.

Voting should be done on paper in local areas overseen by people from each party. They all watch the ballot box. They all see who comes in. Together, they count the votes in front of everyone else and tally them on a piece of paper. Then, they call to their higher-ups these numbers, and so on and so forth.

This is the safest way for anyone to vote.

[chillacy]

Electronic voting would be extremely convenient, and could do wonders for voter participation rates. I trust my entire net worth to computer systems, why can computers sum up bank statements but not votes?

[the_snooze]

Financial transactions are frequent, reversible, insured, and don't require parties to be anonymous.

Elections are one-off events where after-the-fact mitigations reduce its validity. Plus, elections require strong privacy (i.e., voters shouldn't be able to reliably show how they voted).

Elections have far tougher constraints than finance.

[lawn]

I'm not convinced voting on a blockchain is a good idea, but here are some thoughts:

> Researchers have spent decades to figure out a perfect solution but came short.

That doesn't mean improvements can't be made. Researchers have spent decades to figure out peer-to-peer money as well, before Bitcoin was invented. But there are many other examples.

> How will identification work?

Presumably in a similar way voting already works. Tokens are given out after IDs have been checked.

> What is the proof-of-work scheme?

You can easily piggy-back on any existing cryptocurrency if you want.

> How can you be sure that every vote ends up in the ledger? Transactions usually get lost and sometimes takes few tries to reach to miner.

You can easily verify that your vote ended up in the ledger. You can verify in seconds that a transaction has propagated in the network as well. Transactions very seldom get lost, unless you're specifically thinking of Bitcoin which suffer from transaction backlogs from time to time.

> Most important property is that not a single vote should be traced back to its caster.

This is the hard technical problem. There are anonymous cryptocurrencies like Monero or ZCash (although there shielded transactions are opt-in) which obscures where transactions come from. Therefore it should be possible to create a system where a single vote cannot be traced back to its caster while you can still count the total number of votes and that a vote is only cast once (this is exactly the properties Monero and ZCash have).

[SkyMarshal]

>Researchers have spent decades to figure out a perfect solution but came short.

The problem is not with knowing how make a secure voting system. We already know how to do that and it's been in production in various states and counties for decades. I was lucky enough to grow up in one. It's not difficult.

The problem is that election administrators in many places aren't tech savvy enough to know the difference between a Diebold machine with no paper trail and weird hooks (like the ability to invert the results), and actually secure, reliable, easy-to-use systems.

Those folks are susceptible to skilled salesmen from big companies peddling insecure voting systems. As are politicians who have a say in which election machines are purchased, and who are looking for kickbacks, donations and revolving door jobs. That's the problem that needs solving.

DARPA and Galois are working on a standard that I hope the Federal Govt will eventually require for all Federal elections. Create the best possible, open, verifiable voting machine standard, allow any company to implement the standard, and then teach election administrators how to verify the implementation correctly adheres to the standard regardless who the manufacture was.

[not_a_cop75]

Perhaps I'm wrong, but it sounds like your main argument is that current blockchain does presently do these things with the goal of voting in mind, not that it can't do these things.

One benefit of blockchain is allowing extreme accountability, which seems to be a greater and greater requirement of democracy with large populations.

[lalaland1125]

You get less accountability with a blockchain (or any digital voting) system as those systems are much harder to audit and have many more flaws than paper voting.

[HNisCurated]

Citation needed. A public blockchain is a mere write only database that everyone can see.

Every transaction is available to 7 billion people.

Vs paper voting which is only as legitimate as every voting station.

[r3bl]

> A public blockchain is a mere write only database

Precisely. It does nothing to address who can write to it. Ideally, it should be people who are eligible to vote (citizens of the country that are over 18 years old). That's a difficult problem to solve even with paper ballots (especially in a country that doesn't have national IDs), and pretty much impossible to solve with any sort of a digital solution.

> ...that everyone can see.

...or nobody can, as you'd see by reading the article that was submitted.

> Every transaction is available to 7 billion people.

7 billion people can see how to vote as well. You're not asking 7 billion people to vote, but a small subset of 7 billion people.

[sam1r]

A public blockchain is a mere write only database that everyone can see.

^ Love how simply put this is

[not_a_cop75]

Do you have a citation for this statement of fact? Proper research?

[lalaland1125]

I'm not exactly sure what type of evidence you are looking for with respect to the assertion that auditing a paper ballot system is easier than auditing a electronic voting system. Auditing a paper ballot system is trivial: any person who can see and can count can do it. On the other hand, if you are relying on a software system you need to audit the hardware, the software, etc, etc which requires a lot of skill and is tricky.

[not_a_cop75]

Paper ballots can be dumped in the trash. What's your mitigation for that?

[pjc50]

Citation in the actual article:

"But how secure and accurate was the 2018 vote? It’s impossible to tell because the state and the company aren’t sharing the basic information experts say is necessary to properly evaluate whether the blockchain voting pilot was actually a resounding success"

[not_a_cop75]

Not impossible to tell. If you do a 100% poll of a given county and ask for statistics afterwards, you have an impromptu security analysis.

How would you conduct a similar audit of how secure a paper ballot is for any given system? If all you do is an audit of a single vote, then you're no different.

Until paper ballots can no longer be dumped in the trash, paper auditing is hard at best.

[Spooky23]

Blockchain doesn’t have to be all public and doesn’t require proof of work. You can have closed system blockchain schemes.

[RL_Quine]

So a system with trusted parties? Sounds like a database, so we can ignore the blockchain bit entirely.

[Spooky23]

I think the use case that blockchain potentially provides is an electronic version of a paper ledger.

With a database, you require a persistent connection to the database to have integrity. With a blockchain solution, you can build meshes of local connectivity that sync up.

I'm not a specialist in the area, and I don't think that blockchain is an end-all, be-all. But it does potentially add value.

[RL_Quine]

> With a database, you require a persistent connection to the database to have integrity. With a blockchain solution, you can build meshes of local connectivity that sync up.

Nothing about what you described requires a block chain, dump the database to raw SQL and GPG sign it, distribute on your website. It's not like the information ever changes once the vote is done.

Nobody suggesting this as a solution is an expert either.

[Spooky23]

That may well be a great way to solve the problem.

I'm not saying that blockchain is the answer, just that blockchain is one potential answer, and may have attributes that makes it subjectively better for this use case.

In my state, counties and some cities administer elections, and may semi-independently make product and process selections. There are definitely blockchain-based solutions intended to allow affiliated, independent entities to productively interact. That capability may be of interest to policy folks.

[icebraining]

Blockchain = PoW/PoS + signed Merkle Trees

Blockchain - PoW/PoW = signed Merkle Trees

A simple example of the latter is a Git repo. You can just require the commits to be signed. Easy to work with, no need for new code.

[MuffinFlavored]

> - How will identification work?

I'm always confused how I can apply for a mortgage / loan (aka a legally binding financial contract) online with just some details like my name + social security number, but this method of identification seems to not be acceptable when discussing voting?

[packet_nerd]

It really should not be acceptable for financial contracts either.

Consumers lost more than 16B to fraud in 2016:

https://www.cnbc.com/2017/02/01/consumers-lost-more-than-16b...

The Equifax breach lost data of 145 million Americans.

https://en.wikipedia.org/wiki/Equifax#May%E2%80%93July_2017_...

Passwords are still the norm for online authentication, despite providing terrible user-hostile security. The US social security number is used both as an identifier, and as a static never-changing password.

[mijamo]

Because people are not okay with their voting history being available to anybody, including the government?

[MuffinFlavored]

Banks know what you spend + where.

Your smartphone knows what photos you send to who.

People put their voting preferences on their lawn + bumper sticker in America. I never knew voting was secretive?

[sarbaz]

What are the problems with researchers' solutions? There are some very good ideas out there.

[malnourish]

I'm not familiar with the problems OP is referring to, but from my reading, most issues, in both security and methodology, have revolved around implementation.

[packet_nerd]

The identification part is the key.

The federal government should issue a nationally recognized identity card to every person which contains a digital certificate around which anyone (especially government services) can build their authentication & authorization systems.

[EGreg]

1. Identification is not needed, only presenting a token, everyone gets exactly one token during the occasional registration. If you lose a token, you can get another one, deactivating the last ones.

2. There should not be any proof of work. Really, PoW is one of the worst things to secure a blockchain. In fact, you don’t need a blockchain. You just need a Merkle Tree. Blockchains are about ordering of transactions - the order here is irrelevant! (see caveat below)

3. How can you be sure every vote is counted in ANY system? As long as you can communicate your vote to a network, the gossip protocol takes care of it. Everyone gossips every vote to their neighbors, so just send it to a few nodes. Again - NO BLOCKCHAIN.

4. For each election, you fork a token to use. Then you simply participate in token mixers, like Monero rings. Put all your derived tokens into a hat, then each takes a token and uses it to cast a vote.

You may be wondering, what if someone votes with an “old” token version that hasn’t been mixed. First of all, we can require mixing. And secondly, they cryptographically signed over their token to someone else so when that someone votes with that token, it will override your vote for that token. Since they present your signature in the token history, that you signed it over.

This also allows us to have forms of democracy where you sign over tokens to other people for a timestamp range of, say, the next 1-2 years, to make decisions on your behalf. Better than representative democracy. More like a giant parliamentary system. You may pick a science expert to vote for scientific bills, and a criminal justice reform activist to vote for criminal justice bills.

We can get to near total participation in the democracy this way.

Caveat: although honest validators in each district can construct an eventually consistent Merkle tree by simply finding all validly signed tokens, ordering them lexicographically, and signing them, we DO need a “cutoff” time that they stop accepting offers. This is a Buridan’s ass problem, and it gets even hairier in a Byzantine Generals setting. We need to know that no one submitted a vote after the cutoff time. Thus, we need a two phase commit — each node has to gossip the cutoff time and other nodes have to acknowledge a widely gossipped message or get kicked out of the consensus. There are always edge cases to this — see Ripple’s consensus process for instance — and theoretically in very unlikely cases a “fork” can propagate to the population at large, one person thinking a vote was cast before the cutoff and the other thinking the vote was cast after the cutoff. But unless that handful of votes determines the entire election, that won’t matter. And frankly the same thing can happen even more with current systems.