A few others have already touched on this, but I’m not sure what problem you’re trying to solve, and the tool you’re proposing we use to solve it wasn’t at all designed to solve the types of problems associated with electronic voting.
The benefit of public blockchain validation in bitcoin is that it allows decentralization. That is, no central banks or trusting the government to manage fiat currency.
By their very nature, government run elections are highly centralized, an important and valuable characteristic that you’ve in fact used in your hypothetical, since the highly centralized government is the organization issuing these “vote coins” in the first place. So right off the bat you’ve completely scuttled the main thing people like about bitcoin.
It seems to me that the part you’re actually interested in is asymmetric encryption combined with public key infrastructure. This uses a lot of the same math that you seem to like about the blockchain but doesn’t actually require anything related to the core of cryptocurrencies. Instead, the government running the election would issue x.509 certificates to every voter, along with a blank digital ballot. The voter would fill out the ballot and digitally sign it using their private key. The government, or anyone else for that matter, could then verify the legitimacy of the ballot using the voter’s public key.
This is a very secure system, and will likely be a component of electronic voting in the future, but it obviously still requires the public to trust the government. If we want to maintain the principle of secret ballots, then the government must protect the digitally signed ballots and report only the aggregate results and who voted – exactly like they do now.
How does the blockchain prove that someone wasn’t somehow issued multiple tokens? Can these tokens be publicly traced back to a specific person? If so, it’s no longer a secret ballot. If not, or if “yes, but the government keeps that list secret,” then it’s no longer transparent.
It is not transparent. Any voter or interested person who wants to do a recount won’t be able to do the recount, unless they have access both to the votes and all the public keys issued. Which is the (surprise) blockchain.
Right, the answer to my question, “How does the blockchain prove that someone wasn’t somehow issued multiple tokens,” per post #59, is “it doesn’t.” You just think that it’s somehow better because there’s only one point of failure – the issuance of the tokens.
But that’s a pretty massive point of failure, wouldn’t you say?
It’s as “massive” as any one of the multiple points of failure in the paper ballot scheme. Would you prefer to have one point of failure vs. multiple (and never-ending, since you can stuff ballots after recounts as well)?
It’s one point of failure with multiple attack vectors. Malicious software could be implanted on the computers issuing the tokens. Insiders could be coerced into issuing additional tokens, or simply to support the candidate they prefer. Firmware shipped with the computer hardware from China could manipulate the tokens. Network vulnerabilities could lead to intercepted tokens.
This is basically every information security problem we deal with today, and there’s no recourse to any of them because there’s no way to validate who these tokens were issued to once they go out the door. Except to ask the government that issued them, and well now we’re back to a lack of transparency.
I believe you are very mistaken that blockchain has fewer points of failure.
The major problem is that almost no one using it understands how it works. And that problem permeates every interaction with it.
How will people verify that they’ve voted correctly? Almost everyone can pretty easily determine by looking if they’ve filled in or punched out the correct circle on a piece of paper (Florida voters notwithstanding). Now, sometimes there are problems with counting or securing pieces of paper, but they’re relatively well-understood by mere mortals. We have auditing and tracking systems in place for detecting things like ballot stuffing. And the way you verify a count is by doing it multiple times.
The fact that, hypothetically, everyone could verify that they voted correctly by writing their own blockchain parser is not very useful. What people will really do is rely on systems written by others. They’ll go to “securevotecoin2020.com” and what they’ll get is whatever that website does. If the proprietors of the website are extremely careful and scrupulous, then all those votes will be cast and verified correctly. If not, who knows!
This is exactly how every existing user of blockchain technology who has been failed by it has been failed. The shit is too complicated to do yourself, and when you use a third party, you often find that it’s too complicated for them to do correctly, too.
Again, at some point the government has to be involved (and trusted) since it is responsible for the elections. But minimizing such points is the goal. I believe what I suggest minimizes it, since once the tokens are issued, both the casting of the votes and the counting of the votes are decentralized and out of the government’s hands.
OK, let’s have an election. BobLibDem is the government, and he issues 1000 tokens to dopers. There’s 2 blockchains, yours and mine, about 200 go to yours and 400 go to mine.
A completely separate issue. If the keys are issued on paper, that’s the equivalent of “paper wallet” in cryptocurrency, and is not hackable (unless someone stealing the piece of paper is “hacking”).
As much as I trust BobLibDem. Which isn’t much. Why go to personalities though?
That is why I suggested that the issuance of keys, destruction of undistributed keys, and distribution of keys be supervised by all the interested parties. Closely. All the keys generated are recorded in the blockchain. All destroyed keys are recorded in the blockchain. That way any key that is recorded as a voting transaction can be checked to have been generated and not destroyed.
Once that is done, though, there are no more points of failure. Any voter holding a token can vote. His vote cannot be falsified. And the total results can be verified by anyone, openly, at any time, and all the tallies will match.
I can guard a ballot box and I can tell if somebody is trying to stuff fraudulent votes into it. And you can let a guy from the other side stand guard next to me to make sure I don’t stuff the fraudulent votes in.
Have me stand guard next to a computer and it can create all the fraudulent votes it wants without me ever seeing it happen.
Wait, if nobody knows what my key pair is, then how are they able to decrypt and/or verify the transaction I’m sending? If the message is supposed to be public, why am I encrypting it again? What’s the role of the public key, private key, and the token as they relate to each other?
If you’re going to say “this is obvious”, you need to show your work on how all these things interact. Because these things are more complex than you seem to understand.
You encrypt with the private key. You give the public key. It is decrypted with the public key. But since the public key is not anywhere associated with your name in my scheme, it is anonymous. Hope this made it clearer.
Hey, Okrahoma, aside from your proposal here, what do you think of the voting system in which every eligible voter is mailed a ballot, which they can then fill out at their leisure and mail back in?
Seems like this addresses many of your intentions in the system you are proposing. No need to show up at a voting booth. Every voter has a chance to vote. Authenticity of the ballot can be established with simple measures, like having a unique identifier on every ballot mailed out (and returned). So, why doesn’t this solve any voting problems you are concerned about?