1. 9

  2. 25

    I like the idea, but this

    Be verifiable - you should be able to see your own vote.

    is an anti-goal. Voting systems are set up to prevent you from seeing how you voted.

    This may seem backwards at first, but consider this: under a system where you can see your own vote, you can voluntarily offer up proof of your vote to 3rd parties. While this isn’t an issue for those of us with good work/family/friends, it is a huge problem for people in abusive relationships, or children (who can vote, but are still living with their parents). Suddenly it becomes possible (even if made illegal!) for a spouse to demand to see their partners voting record; or for a parent to force their child to reveal how he/she voted.

    And then there’s obviously the issue of “buying votes.” Right now, if you said to me “I’ll pay you $20 to vote for candidate X” I could say “yeah sure” and then vote for whoever I want. This would not be the case under a verifiable system, where you could say “prove that you voted for candidate X for your $20”. Obviously this would be highly illegal, and I’d argue that it wouldn’t happen very often, but it is an issue that doesn’t happen under the current system.

    Anyway, I love the idea of crypo voting, but being verifiable is very bad. It brings our voting system from one where votes are anonymous, to one where others can verify how you voted if they drug you and beat you with a $5 wrench [https://xkcd.com/538/].

    1. [Comment removed by author]

      1. 1

        Doesn’t this create the same issues outlined above, just with a ‘voted/not-voted’ situation?

        1. 1

          Yes, but vote-buying “the fact that you voted” is not a thing. Hell there’s nothing stopping you from turning in an empty ballot if somebody pays you to show up and vote “something”. Now is an abusive spouse going to beat their husband for not voting at all? I doubt it. coercion just-to-vote is not as damaging as coercion to vote a certain way.

      2. 1

        So I 100% see the point you are making here, but I see this more as not fixing an already existing problem rather than creating a new one, ultimately coming from the fact that we have mail in ballots in all but 7 states.

        For example, say I want to make a quick $20 bucks from the election. I apply for a mail in ballot, fill it out, and then sends it to the mayor’s re-election campaign office. This office checks that my ballot is filled out how I said it would be, and then sends it along to the voting officials, and pays me $20. Alternatively, if I live with a controlling parent/partner/other, they can verify my ballot is the way they want it before sending it.

        The solution to this is similar to the solution for the mail in problem, which is vote invalidation. The idea is that I can vote as many times as I want, and each time I will get a different identifier. However, only the last vote I make will actually be counted. This allows me to vote however an outside force compels me too, so I have verification, and then vote again with how I truly feel. As an added bonus, we get the solution to people who fat finger the button or otherwise see that their vote is different than they wanted after they go home and check the block chain.

        The downside to this solution is that it would be easier to DDOS the system by sending massive amounts of votes, because you would need to add every vote to the block chain. I’m not sure how this problem would be solved, but it doesn’t sound intractable.

        1. 1

          I don’t have a solution for the DDOS but wouldn’t proof of work make it too expensive to generate massive amounts of valid votes, bloating the block chain?

          1. 1

            One problem here is that it wouldn’t be possible to also verify that your vote (the last one you submitted) was included in the results (as your sibling commenter suggested) because then outside actors would be able to verify that you hadn’t overridden the vote you showed to them. It’s a tricky problem… :-)

        2. 3

          or we just do it by making crosses on paper, which has all properties one wants.

          if that doesn’t work, there are other problems not related to the voting mechanism.

          1. 1

            The problem is you get a lot of invalid ballots. People don’t fill in the circle, they draw an X. They fill in the circle, then erase it a little. They fill it in, then scratch it out and draw an arrow pointing at the other candidate.

            Electronic ballots have the potential to be type safe, in programming terminology.

            1. 1

              I think perhaps the advantage of electronic voting is just that the votes would be counted quicker?

              1. 2

                Cheaper, too. There are great, obvious benefits and tremendous, nearly-invisible risks.

            2. 2

              Why the fuck do you need block chain for everything ?
              1. Everyone should register their Public Key with a central server.
              2. Everyone can vote with Candidates Public Key and sign with their Private key.
              3. A vote is a bloody byte at best. The costs of the server are trivial at best.
              4. Let them fucking vote at their leisures time after reading the manifesto or something.
              5. Once the vote is done open up the damn data to let everyone verify the final counts with their signatures.

              1. 4

                I agree with what I take to be your overall point - blockchains solve a very specific category of problem, and it’s frustrating how many people talk about applying them to things where they add enormous overhead for no benefit. I think, in particular, people think they’re magic anonymity sauce, although they don’t actually provide anonymity at all.

                I do think that the non-tampering properties offered by blockchains are worth thinking about here, but @zeebo’s suggested properties elsewhere in the thread make even more sense to me, and I don’t see that a blockchain would be useful for those.

                1. 2

                  This is more-or-less how it’s done in Estonia, except:

                  1. Your private key is stored on your ID card.
                  2. You don’t use a candidate’s public key; there’s a list of candidates and you just encrypt the candidate selection to the government then sign it.


                  1. You can verify your vote at any time, from a range of devices, to ensure tampering hasn’t occurred.
                  2. You can update your vote at any time: the latest vote is used. Deduplication is done by signature.
                  3. Signatures are separated from the encrypted contents before decryption occurs.
                  4. Source code for the server component is online.
                  1. 1

                    Seems like a Paradise.

                    1. 1

                      Haha, not particularly. But at least online voting works.

                      1. 1

                        It works because you can be quite sure that your goverment doesn’t make your life miserable if you vote wrong. I wouldn’t say Estonias system would work nicely in Russia for example :)

                        1. 1

                          Absolutely right, indeed.

                2. 1

                  This is a particularly bad design for several reasons:

                  1. It allows voters to obtain their own vote. Several people have already covered this, but among other things this means voters can prove how they voted, and therefore sell their votes. This is unacceptable.
                  2. It allows the holder of the static key (i.e. the government) to see how you voted, which means you have lost the property of a “secret ballot”. At least as described, users are “sealing” their identities under a single X25519 static key, then publishing the results to a public “blockchain”. This lacks forward secrecy and is therefore something of a terrifying single point of failure: if ever this static key were to be compromised, an attacker could decrypt everyone’s identities and see how they voted.
                  3. It still doesn’t allow voters to verify their votes were actually counted: Voters are effectively sealing a set of weak credentials under an ephemeral key and a static key they don’t hold. Lacking access to the ephemeral key, they can’t decrypt the message “E” and see if it actually maps back to their identity. A malicious system could show several users who voted the same way the same “E” value and they have no way to prove the vote is actually theirs

                  That’s why verifiable voting systems need to be built on zero knowledge proofs and/or (partially) homomorphic encryption. Ignoring the practicalities of actually deploying a system like this, I think what you actually want looks a little more like this:

                  1. Use Identity-Based Encryption to link a set of weak credentials/“voter ID” to a set of keys. This prevents the voting machine from generating duplicate receipts for people who voted the same way: your identity and the fact you voted is strongly linked to your credentials, not just to an ephemeral key
                  2. Use zero knowledge proofs to enable voters to check their vote is included in the corpus, without being able to see what it actually was
                  3. Use partially homomorphic encryption to encrypt individual votes and combine them together indivisibly as they’re added to a larger and larger corpus, but still allow totals to be calculated from an input corpus

                  I think much of this can be accomplished with pairings-based cryptography and algebraic circuits, at least until large quantum computers are built.

                  1. 1
                    1. Anonymity is not included in the list of criteria when it is probably the most important of all. This scheme leaks who voted for whom to the government.

                    2. Ability to verify that your own vote was counted and recorded as you wanted is equivalent to ability to verify that someone else’s vote was counted and recorded as you wanted. It enables bribery and abuse.

                    3. Publishing the results as you go along is a bad idea. In the UK (but not the US or Canada) it’s illegal to start revealing results until every polling station has closed, because elections should be run under scientific conditions to as great a degree as possible. If voters can change their vote based on the votes of people who arrived before them, it greatly increases the potential for tactical voting.

                    1. [Comment removed by author]

                      1. 1
                        1. Agreed. Although revealing who voted at all is already public record, and arguably a good thing.

                        Yes, revealing who voted is altogether different from revealing how they voted — at least as long as there is more than one sincere candidate on the ballot.

                        1. False. You can have zero knowledge proofs that your vote was counted without revealing who you voted for

                        Okay, you can prove your vote was counted, but not that it was counted correctly.

                        1. Possibly? Surely you can reveal encrypted results that let people audit the process without revealing what any of the votes are.

                        If you only reveal the number of votes and not the pattern, it should be fine.

                    2. 1

                      I was under the impression that the mathematically correct way to do voting with cryptography was figured out quite awhile ago and the problem is the technology. If you need a computer it’s just not possible to ensure that computer is secured against fraud. Is that incorrect?

                      1. 1

                        Voting has two very important, totally conflicting requirements:

                        1. No one should be able to submit more than one effective vote
                        2. No one should be able to know who you voted for

                        I don’t see way to perform voting electronically without either compromising one of the requirements or making vote tampering even easier than it is now.

                        Currently election voting fuilfills both of those goals by limiting amount of votes per person to one and physically separating strong validation of persons identity + vote available status checking from actual candidate selection. Persons voter ID is consumed, double voting is prevented and voter ID cannot be combined with the actual vote.

                        Sure, one cannot be sure that your vote really has been counted for the candidate you selected, but that is why there should be independent body supervising the election (from UN, etc). The upcome is that if you cannot check who you voted for, no one else can, not even your own government. In case of oppressive governments, this requirement is absolutely needed or otherwise people won’t be able to vote at all. Also, even when goverment systemically affects voting procoess it will be caught (for example, statistical proofs of vote tampering in Russia).

                        With electronic voting, to prevent double voting or voting behalf of other people, the strong verification of person + vote counting requires that everyone either has public key (Estonias model?) or somekind of generated vote voucher ID. In first case it is obvious how easy is is to tie the vote to the person who made. In second case one can, behind the scenes, keep track who gets which ID and use that to tie people to their votes.

                        Even if there is voting implementation which would fulfill both rules, how does the voter know that implementation is running? Physical seperation is easy to check and just walk away if necessary, which gives another layer of protection.