Written by Edward Jackson, Founder at AlliedBlock.com
In a recent article ‘Going from Bad to Worse: From Internet Voting to Blockchain Voting’, MIT researchers argue that Blockchain technology does not serve to alleviate the problems that plague internet voting systems. The article states that the superior method remains old school in-person paper ballots. The core argument is that the benefits that come with internet voting like broader reach and ease of ballot casting are outweighed by the inherent security risks that come along with going digital.
Internet voting inherently introduces new election exploitations that are just not present in paper ballot systems. Unfortunately, these exploitations can become scalable and undetectable. Scalable meaning the attacks have the potential to cost less than the defense making it economically viable for adversaries to attack high stakes elections, and undetectable meaning that operations are now shrouded by the internal workings of machines making it more complex and difficult to truly audit. For example, there are device exploitations in hardware and software that could be used that would be incredibly difficult to find even at the forensic level. Internet voting in general will open the door to these vulnerabilities while simultaneously being a massive target for some of the most sophisticated adversaries—think nation state intelligence agencies.
The idea the article pushes is that with these inherent vulnerabilities in internet voting the introduction of a blockchain will not serve to solve all of the issues. In other words, the article is stating that with the addition of blockchain to a voting system there will still be attack vectors that are scalable and undetectable. But, the real question to explore is does the technology give us a step in the right direction. Very rarely is blockchain the only technology used in a system. Blockchains are used as pieces in larger puzzles that serve to help grant certain specific functionalities (immutability, data manipulation security etc).
Lets look at the article’s example blockchain system and breakdown the challenges. The articles system is a simple blockchain ballot box. Here’s the description: “The voting authority, which maintains a voter registry, has each registered user create a public/private key pair, and each user sends their public key to the registry. Then, the voter registry spends one coin to each public key. To vote, each user spends their coin to the candidate of their choice. After a period, everyone can look at the blockchain, total up each candidate’s coins, and select the one with the most coins as the winner.”
Looking at this system, the article outlines 6 key flaws:
First, the public registry of voters along with public key association does not allow for anonymous voting. There is no ‘secret ballot’ which is a necessary feature for secure elections. Without secrecy, you run the risk of voter intimidation, coercion, and vote selling.
Second, the system requires an election time period; there needs to be an end date. With this end date known, adversaries could utilize attacks on network service to prevent votes from occurring before the cut off time.
Third, if the blockchain is small enough, an adversary could undermine the chain itself by harnessing a majority of chain validators allowing them to change the vote count as they see fit.
Fourth, voters could lose their private key or worse have it compromised preventing their real vote from being cast.
Fifth, the blockchain system itself depends on outside software and hardware that still remains vulnerable to device exploitations. For example, if voters cast their ballots on cell phones, the hardware manufactures of the phones themselves as well as the cell phone OS developer(s) would need to be trusted to produce product without built-in exploits.
Sixth, blockchains are complicated pieces of technology and notoriously difficult to amend when defects are found.
When we look item by item in the list of flaws, it is clear that some of these issues can and have been solved already in the blockchain space. Others, however, do still stand directly in the way of a fully secure internet voting system. The first issue around possessing a ‘secret ballot’ is one that has potential solutions in anonymous transaction technology. Chains like ZCash use zero knowledge proofs to prove transactions are legitimate while maintaining the privacy of the parties transacting. With zero knowledge proofs, votes could be cast anonymously but in a way that is auditable and verifiable. The third issue around chain capture has potential solutions in concepts like Komodo which utilizes widely distributed permissionless chains as a security layer for smaller independent chains. Komodo specifically uses Bitcoin as its security layer. With this concept in place, it becomes highly unlikely that this vulnerability could be exploited. If we look at the fundamental problem of scalable attacks on internet voting systems, this type of implementation could help to break the ability for attack scalability and make it economically unfeasible for attackers to mount large scale attacks on the voting system. The amount of money required to subvert Bitcoin’s proof of work consensus and harness a majority of the chain would be an economic black hole for even the most sophisticated nation state attacker. The fourth problem around lost private keys has potential solutions in education and just good practice in terms of when the private key is shared with the voter.
The second, fifth, and sixth issues raised by the article staunchly remain challenges. The idea of adversaries attacking networks to prevent votes can’t be solved by blockchain technology. Outside hardware and software will need to be used in the blockchain system and blockchain technology will not help or prevent exploits in those arenas. And, a blockchain system that utilizes zero knowledge proofs and an underlying security chain would amount to a very innovative and complex system that would not be battle tested at the outset. These do certainly remain issues in front of the development of a truly secure internet voting system. With that being said, there are elements in blockchain technology that can help with forward steps particularly in making it harder for adversaries to mount scalable attacks on vote data and directly impacting the economic viability of such attacks. Blockchains are typically layers in a system to help solve large difficult problems. It has the potential to do that here. But, there are certainly still steps that need to be taken before we can completely move away from paper ballots.
AlliedBlock is a global blockchain research and development firm that is focused on delivering tailored blockchain development solutions. Contact us to learn more about how we can help you tailor a blockchain solution for your business (www.alliedblock.com).
Going from Bad to Worse: From Internet Voting to Blockchain Voting, https://people.csail.mit.edu/rivest/pubs/PSNR20.pdf