[dmix]

The article mentions:

> The clients do not interact with the blockchain directly, so there is no blockchain verification code in the client.

So if all client requests are routed through the same centralized API endpoint before hitting the blockchain, nor validated after the fact, whats the point of the blockchain? Just some public "ledger" of what the server ultimately sends out?

Ideally, at a minimum, you would be given a token for your vote which you can then follow up and see it on the ledger. Even if you don't get to wait for 'confirmation', it's still a public signal that something is not right.

[mspecter]

That's a wonderful question.

The honest answer is that I have no idea. In the version we reverse engineered, there's no proof of inclusion of any of the data in the blockchain in the client, and the receipt system was via a PDF. The vote selections (ballot?) are also never signed by the client.

It's also worth noting that, according to the ToB article, the backend blockchain is a permissioned hyperledger instance, which runs PBFT[1] rather than proof of work. PBFT is controllable with roughly 1/3 of the network, 100% of which has been controlled by the company.

[1]http://pmg.csail.mit.edu/papers/osdi99.pdf

[the_snooze]

Is there any technical/security benefit at all to private blockchains? Or even more generously, lightly-mined public blockchains? It seems that in either of those scenarios, you lose the decentralized validation and consensus brought about by a bunch of people incentivized to compete with one another to burn electricity.

[mspecter]

To push this further, I was working on a research paper with Ron Rivest, Neha Narula (head of MIT's decentralized currency initiative), and Sunoo Park (a wonderful applied cryptographer) on whether blockchains in general could be helpful in casting and tallying.

We're skeptical.

See: http://people.csail.mit.edu/rivest/pubs/PSNR20.pdf

[eyegor]

But if everyone used a public blockchain, with proof of work + user-level signatures for each vote cast, wouldn't it be far more auditable than any current system? Ignoring implementation details, reaching a point where anyone could have a way to audit that their vote was counted (correctly) seems very useful. Using this sort of model, it theoretically wouldn't matter who completes the proof of work as long as the results are audited.

[baobabKoodaa]

You don't need blockchain to enable voters to verify "that their vote has been counted correctly". Several cryptographic voting schemes already provide this feature (for example, Civitas and Floating Receipts).

[nordsieck]

> Is there any technical/security benefit at all to private blockchains?

It really depends on what you want out of your blockchain.

For example, the backend of git is essentially a blockchain. It's extremely useful, even for a solo developer.

[smacktoward]

> whats the point of the blockchain?

My bet would be: marketing. Blockchain is hot, blockchain is sexy -- at least among people who aren't really technically inclined. (The technically inclined passed over the blockchain hype curve several years ago.)

There are tons of blockchain projects out there whose only real use for the blockchain is to be able to slap "now with blockchain!" on the sales materials.

[rsynnott]

> whats the point of the blockchain

Er... the word 'blockchain', obviously. Catnip to a certain type of VC.