Towards a meaningful and responsible use of blockchain in elections
Earlier this month, the Iowa Democratic caucus was thrown into chaos by a series of technical and bureaucratic mishaps. First, the privately-developed IowaRecorder app reported only partial results. (Subsequent testing of the app found security vulnerabilities in addition to these functional flaws, though no evidence that any vulnerabilities were ever exploited.) Second, some of the worksheets used for hard-copy recording and tabulation were found to have arithmetical inconsistencies that invalidate their results. Third, the Iowa Democratic Party has insisted that “those worksheets are considered legal documents and tampering with them would amount to a crime”.
These events have renewed public attention to the reliability and security of our elections. As a high-stakes venue where errors have catastrophic consequences, the ballot box is no place for novel or untested technology. However, as Yugen Partners Chief Scientist Scott Stornetta told the Government Blockchain Association at the Congressional Auditorium on Capitol Hill on January 31, whether we cast our ballots on our smartphones or on paper, our democracy ought to employ every technology at our disposal to help secure and verify our votes. Used judiciously and responsibly, blockchain can be one of these technologies—as this post discusses.
We looked at the expert literature on the use of Internet systems, including blockchain networks, in governmental elections. We concur with election experts’ cautions that blockchain technology cannot, by itself, solve many fundamental and potentially intractable problems of Internet voting. For example, blockchain technology cannot secure a voter’s computer or smartphone to prevent compromise or leakage of their ballot, nor can a blockchain guarantee that it will be recorded and transmitted correctly and confidentially in order to be tallied.[1] We also share the security community’s concern over specific findings that Internet- and blockchain-based voting systems launched to date do not appear to be designed[2], implemented, or operated[3] with security commensurate either to their importance or to their makers’ own claims.
However, we believe it is premature to dismiss blockchain technology as entirely irrelevant or inappropriate in electoral settings. We believe that the relationship between Internet- and blockchain-based election systems has been misunderstood, with the result that the latter have been both over-hyped and over-critiqued. We contend that blockchain-based election systems are not a strict subset of Internet voting systems, as is usually assumed. More concretely, blockchain-based tallying does not imply or require Internet balloting. Based on this difference, we cite and amplify two realist visions that we believe more accurately represent the benefits that this technology can offer our elections—whether conducted by smartphone app or paper ballot.
The minimalist vision: secure timestamping for key election parameters
The first vision is deliberately minimalist. It attempts to secure only election-level configuration information; it is not concerned with data corresponding to individual ballots or voters. The US Vote Foundation’s report on “The Future of Voting: End-to-End Verifiable Internet Voting” describes the precedent and motivation for this approach:
Within the context of election systems, hashchains are a common means of recording privacy-preserving election logs for post-election audit, constructing digital ballot boxes, crafting public bulletin boards that contain evidence of an election’s correctness and security properties, and more. […] Proposals to use blockchains for elections are plentiful, but have been shown to be naïve in most instances and inappropriate as a foundation for a public [Internet voting] protocol. (53)
The three critical requirements for a secure election are known together as “end-to-end verifiability”. First, an individual voter can verify that their ballot was “cast as intended”. Second, they can further verify that their ballot was “recorded as cast”. Third, they, or any member of the public, can verify that all ballots were “tallied as recorded”.
Most Internet- and blockchain-based voting systems emphasize the first two criteria, which can be understood together as offering “individual verifiability”. This emphasis is naïve because, as a recent security audit memorably puts it, a ballot can be “busted before the blockchain”—i.e., tampered with or leaked by a hacked phone, an insecure wireless network, etc. This emphasis is further inappropriate because some properties of a blockchain are themselves ill-suited for electoral recordkeeping without careful mitigation. For example, the order of the blocks in the chain would “approximately preserve the order in which ballots were cast”, creating the possibility of discovering the order and thereby the voters of the identities who cast them.[4]
The third criterion, however, constitutes “universal verifiability”, which does not bear the same risks. “The Future of Voting” cites as “the only reasonable proposal for the use of blockchains for parts of an election” Clark and Essex’s proposed CommitCoin, a protocol that harnesses Bitcoin to publish a timestamped (“carbon-dated”) commitment. In direct homage to Haber and Stornetta’s original proposal for the blockchain technique, Clark and Essex’s introductory use-case is an intellectual-property claim, with the addition that the commitment itself (although not its contents) is visible in the public Bitcoin blockchain. In a proof of concept during the November 2011 municipal elections in Takoma Park, Maryland, the CommitCoin scheme was used to timestamp the pre-election “[c]ryptographic commitments to the verifiable shuffle and decryption” processes used by the town’s Scantegrity II voting machines. This is a version of the “public bulletin board” use-case mentioned by the US Vote Foundation.
Importantly, the Scantegrity II is an optical scanner for paper ballots. CommitCoin demonstrates that a blockchain can help provide cryptographic universal verifiability for a paper-ballot election, without inviting the substantial risks of Internet balloting. We submit that there is no paper-based voting system whose trustworthiness would not benefit from secure timestamping of its configuration and election-level parameters, in keeping with the original purpose of the blockchain technique.
The consortium vision: multi-party tallying
The second use of blockchain we envision is more comprehensive, although it is still concerned only with tallying and does not claim to solve the problems of Internet voting. For their part, the authors of “The Future of Voting” do not see valid cryptographic reasons to employ a blockchain even in an end-to-end–verifiable Internet voting (E2E-VIV) system; other cryptographic methods are sufficient to meet the three criteria above without involving a blockchain. They do, however, acknowledge a possible architectural and operational role for blockchain technology that could serve a social (i.e., political) purpose. They describe an E2E-VIV system deployed in a peer-to-peer fashion so that
the computational work of the system is distributed across all the participants and there is no clearly defined distinction between “client” and “server”. For example, […] a peer-to-peer system with some peers belonging to individual voters, some belonging to political parties […], and some belonging to the electoral authority. (73)
They go on to observe that such a
peer-to-peer architecture raises significant security concerns that differ from those of the other architectures we have described. While some of the computer systems controlled by the electoral authority might be trusted, the vast majority of systems belonging to individual voters or political organizations will certainly not be. […] It is therefore important to ensure that no corrupt peer, or set of corrupt peers, can undetectably compromise election results, violate voter privacy, or otherwise violate the E2E-VIV system requirements.
One way to address this problem is to employ a blockchain […] to log critical election information (cast and spoiled ballots, the fact that a given voter has voted in the election, etc.). At any given time, it is likely that the computing power contributed by the electoral authority and high-profile political organizations […] will vastly outweigh the computing power contributed by individual voters during their ballot casting sessions […]. Thus, maintaining the integrity of the blockchain should be reasonably straightforward in an E2E-VIV system. However, other aspects of implementing a peer-to-peer architecture—such as distribution of the computing client to voters and organizations, achieving sufficient ease of use and performance, etc.—may prove more difficult. (73)
On this view, Clark and Essex’s CommitCoin scheme offers a possible redemption of Bitcoin’s paranoiac insistence on distributing not just transactions but computations (and the contest to be assigned them), at notorious cost of performance and energy. In the case of a governmental election, these are features, not wastes. Their cost is acceptable because the event itself is exceptional—both rare and high-value.
We read this proposal even more conservatively than the report offers it. As in the minimalist vision, which provides only timestamping of the parameters used to configure ballot-scanning machines, we prefer to eliminate entirely the ambition of Internet balloting. Rather, this design envisions multiple independent parties collaborating on recordkeeping and tallying—perhaps of scanned paper ballots—and doing so not despite but because of their divergent interests in the outcome of the process. We believe this approach applies the essence of the blockchain technique and demonstrates the reality of any successful blockchain consortium.
We are not aware of anyone working seriously to implement either of the models we’ve cited here. (If you are, we’d love to hear from you.) Despite the concrete assurance offered by the former model, it may appear too incremental or even trivial to attract commercial interest. The latter model, meanwhile, would demand buy-in from multiple entities across the electoral system and would require a degree of privacy and security conscientiousness that has so far eluded commercial groups working in this field. It may be that neither model ever comes to pass, whether or not the problems of Internet voting in general can be solved. Still, we believe that these models offer more-realistic points of reference for understanding the role blockchain technology could play in our elections.
Further reading
· The Verified Voting Foundation’s “Internet Voting” page
· Duncan Buell’s “Blockchain and Voting” page
Park, et al., “Going from Bad to Worse: From Internet Voting to Blockchain Voting”
Jefferson, et al., “What We Don’t Know about the Voatz ‘Blockchain’ Internet Voting System”
Specter, et al., “The Ballot Is Busted Before the Blockchain”
Jefferson, et al., ibid., 7