I have been researching the bitcoin/blockchain tech recently, for various reasons. It really is a very elegant system that the guy (whoever it was) invented. Different aspects of the system just mesh nicely, ensure anonymity of transactions together with iron-clad verifiability, and provide the huge computing power required for the verifying/storing transactions by distributing it worldwide among “volunteer” computers with some incentives.
Then I thought that this can be fairly easily applied to voting. Voting should be anonymous and fully verifiable. So - make a new “coin”, call it VoteToken2020 - for the 2020 election (has to be new token/blockchain for each election). Distribute one to each registered voter. Allow them to “spend” it by sending it to the candidate of their choice. To take care of the mining incentives for the block generation, have the government pay the transaction fees to the miners. The only difficulty I see is the sheer amount of transactions in a short time, so the mining difficulty would have to be adjusted, hopefully without undermining the overall integrity of the blockchain too much - but the length of the blockchain would by itself increase its security.
After the election, each voter could check his/her vote as it is recorded in the blockchain, and as it is with Bitcoin, the blockchain is not falsifiable.
Huge step in the wrong direction. Electronic voting machines malfunction and leave no paper trail to correct them. This proposal would take the opportunity for malfeasance to the next level. If you want the Kremlin to just take over the country, this is how it could be done. The election goes to whoever has the most resources to commit cyber warfare on it.
Read up on blockchain technology. It addresses every one of these concerns. You would not need “electronic voting machines” any more than you need them to use bitcoin today. You could vote through your smart phone if you wanted to. There is ironclad trail, it is the whole basis of the system. That’s why it is called “blockchain”. It is not “paper” but it is un-counterfeitable (at least, not with modern computing technology). And the Kremlin cannot do anything about it, any more than it can do anything about crypto currency trading.
And you trust the programmers to do it on the level and that other superpowers couldn’t be able to hack it? Here’s an idea: suppose we gave each voter a piece of paper, had them mark their choices, and count them in view of all interested parties? Low tech, but Canadians manage to do it and people trust the results.
Again, read up on the technology. I don’t trust the programmers. That trust is not needed. You trust the underlying math. If the programmers don’t implement it correctly, the system can’t work. It can’t even pretend to work.
I’m not going to read up on the technology any more than I already have, so explain this to me and don’t just tell me to visit Wikipedia or whatever.
So with bitcoin, if some miners stumble across the right numbers, they are free to spend the mined bitcoin as though it was any other bitcoin. The provenance of it is irrelevant.
For voting, we very much do not want miners to be able to create new votes. You wrote, “To take care of the mining incentives for the block generation, have the government pay the transaction fees to the miners.” I don’t understand what you mean by “transaction fees.” Does that mean that the government would pay people who mine new votes?
Does your system also mean that the tallying of votes also depends on the election authority examining the blockchain of every vote cast as a matter of routine, or would that be done only in a disputed election?
That’s just how it is done with bitcoin, for now. Eventually, there will be no bitcoin awarded for mining at all. All miners will get will be transaction fees. In fact, Bitcoin miners get transaction fees now for the transactions they include in the block. Those fees come from people initiating the transactions and are the incentive for the miners to include the transactions in the blocks (they are not required to include any transactions in the block). In case of voting, the mining would only be transaction-fee-driven, and the transaction fees would be paid by the government to incentivize it.
The election authority (and anyone else who wants to do it, since the blockchain is public and is open to all) will be able to compute the results of the election by examining the blockchain, yes.
Many, many problems with this idea. A couple of obvious ones: what you propose is not secure, anonymous voting, but more like each voter standing in the forum and shouting, “My name is XX-123 and I cast my vote for YY!”, with all the potential problems and possibilities for corruption that entails. Also, how do you propose to keep people from voting twice?
Another: a “volunteer” network? For official elections? Who approves these “volunteers” and their hardware and software?
Not to say that there is no way to implement verifiable electronic voting. Here is an old survey which lists some requirements for an acceptable voting system (registration, privacy, integrity, availability, ease of use).
A Great Debate is whether any of the proposed (provably secure) schemes offer a great enough advantage over paper ballots to make them worthy of consideration.
ETA: ultimately the public must also have confidence in the scheme!
I haven’t got enough coffee into my brain yet, so apologies in advance for whatever incoherent things I may write here.
I think the idea is interesting, and my gut reaction is that the blockchain technology could probably handle the transaction logging. I’m a little hazy on how it works, but I think it could be applied to this, at least from a technical perspective.
My huge concern, though, is that it would entrust tens of millions of voters to ensure the security of their voting tokens. I would expect this plan to result in a lot of stolen tokens, token phishing, disinformation about the tokens and voting process, etc. Such a widely distributed voting process would invite a lot of shenanigans that I think would be nearly impossible to combat. When it’s so easy to compromise the typical PC, I think we’d lose a massive amount of trust in the provenance of the votes. “A new report suggests that 10 million votes were cast by a botnet! Local octogenarian said she went to vote, only to find out that her vote had already been cast!”
In addition, I’m a little hazy on how blockchain works, and I do computer security for a living. I think it would be impractical to transition huge numbers of people from a simple and intuitive voting process to something requiring a working knowledge of blockchain.
This is not to say, of course, that our current voting system is great. Just that I see the “voting token” approach as introducing larger problems.
It can be devised that the initial voter’s token transaction is completely anonymous, thus the later transaction of transferring the token to the candidate of choice does not identify the voter (but the voter can definitely verify and identify his transaction in the recorded blockchain later).
The current bitcoin block mining is all done by a vast volunteer network, fueled by the mining awards and transaction fee incentives. That is why I said in the OP that the system as designed is very elegant. No one verifies their software or hardware. It doesn’t matter. What matters is that the result computes. You can’t mine a block for a transaction incorrectly - it can be very easily verified. That’s the beauty of the math - the solution for the math problem is very difficult to find and takes vast computing power, but once found it is very easily verifiable.
Is this system used for any other activity that is generally similar to voting? I would not consider the buying and selling of goods to be similar to voting in any way.
Basically blockchain is a string of blocks, starting with a zero block. To create a block, you have to solve a very difficult computational problem (but with a well-known degree of difficulty). Once the solution is found, it is very easily verifiable.
When you create a block, you can stuff it with some number (in thousands) of pending transactions (transactions are all encrypted with the public/private keys), then add it to the blockchain. As an incentive for you to spend your computing power/electricity to create that block, you get some number of coins for creating one and gather the transaction fees attached to the transactions you put into the block. You could also run this on transaction fees alone (though the transaction fees would have to be higher than they are today for bitcoin, they are really minuscule). The whole point is that the mining/verification network is not centralized. It is run by people who want to earn $ by running it.
There is some math done in wrapping blocks and chaining them that makes sure that in order to counterfeit a block later, you would have to re-create all the blocks that follow it, which makes it very difficult, considering how difficult it is to create the block in the first place. The whole chain is public, not centralized, and easily verifiable by starting from block zero and following the chain, verifying the blocks and looking at the transactions in them.
That blcokchain tech facilitated bitcoin is a bit of a red herring. Blockchain tech is severable from bitcoin. In fact, the logic is being used in expanding areas of financial transactions. Here’s a blurb from investopedia:
There’s potential I think, but the biggest hurdle in adoption would be understandability and confidence.
Right, I mean I don’t understand it at a very deep level.
This is my view as well. I think the loss in confidence would come from the difficulty in understanding the system (as you mention) as well as from the difficulty in guaranteeing the security of tokens held by tens of millions of individuals on their personal computing devices. (Not to mention the loss of access to voting by people who don’t have a personal computing device capable of handling the transaction.)
It sounds like this violates the requirement that the voter not be able to prove to anyone which way he or she voted.
What’s to prevent a resourceful adversary from taking over the network by sheer numbers, and/or distributing subverted hardware to legitimate voters, or DDOSing the election?
It doesn’t really. Only the voter himself knows that the transaction key he has is his. When he shows it to someone else, he could show someone else’s.
The adversary would have to be a lot more resourceful than current governments are, even the US government. You underestimate the total computing power of millions of incentivized miners. And you can’t DDOS a system that is as widely distributed as blockchain is. You’d have to shut down the Internet.
Voting should not be anonymous for the obvious reason that you only want eligible voters to vote. Plus, bitcoin isn’t anonymous, again for the obvious reason that you need a way to identify the owner of a bitcoin. Bitcoin is pseudonymous, meaning that (essentially) you can have as many pseudonyms within the system and every transaction is associated with one of those pseudonyms. The system is only anonymous to the extent that you can hide the fact that your pseudonyms are actually you.
A blockchain uses previous entries to encrypt the next one. This ensures that the previous entries can’t be modified. To use voting as an example your hash would be generated from your name, your vote, and the previous hash. It would look like this:
