Voting is one of the most important elements of democracy. Despite the rapid development of e-government services, voting still has not been widely digitized. Besides voting service in Estonia and Switzerland, internet voting (i-voting) is still not ubiquitous. There are many reasons for the slow progress of introducing e-government services. One of them is a lack of trust in technology, and another one is a need for trust in the authorities controlling the voting process. Many researchers and experts in the field discourage internet voting due to software unreliability[@park2021going, @Whyblock10:online, @Noblockc8:online, @Blockcha27:online, @OnBlockc0:online]. However, in the context of recent improvements on the security of IT systems, the denial of internet voting seems to be too pessimistic foresee on the future.
Similar problems have not prevented electronic money from becoming widely used; therefore, the solutions for electronic money should also help solve the i-voting problem. Particularly, blockchain technology enabled creating secure systems without a central authority. Blockchains guarantee integrity and censorship resistance; however, voting process is more demanding. There are two more properties that blockchains do not provide natively; namely, privacy and cohersion resistance.
Privacy guarantees that no one can tell which candidate the voters voted for, or even if they voted at all—preventing preliminary results and guaranteeing freedom of choice without any repercussions. Cohesion resistance guarantees that voters can not prove to anyone how they voted even if they want to—preventing selling votes as there is no way of verifying vote details.
Although both proprties are not trivial to achieve, the privacy is apprently the easier of these two. Common solution is to encrypt the vote using election authorities' public key, and use mixnets to prevent side-channel timing attack. However, it does not prevent authorities—who own the correponding private key—from decrypting each vote and learning each voter option.
Cohersion resistance stays in conflict with blockchain's intrinsic property—correctness and verifability; therefore, most blockchain-based protocols ignore it. One solution [@juels2010coercion] is to introduce bulleting
Even if blockchain is not the final piece of the whole puzzle, we argue that internet voting is inevitable and therefore researching the missing pieces is worthwhile.
3. Motivation
• Transfer of value without trusted third party—electronic cash.
• Trust in cryptography, not in central authorities like banks. Bad people can
change law, but not math nor cryptography.
• Privacy and anonimity.
• Censorship-resistant.
• Virtual-
fi
rst currency, programmable money.
5. • Buyer buys eCash (certi
fi
cate)
from Bank.
• Buyer sends eCash (certi
fi
cate)
to Seller.
• Seller sends eCash to Bank,
which veri
fi
es if it hasn’t been
spend before and reedem eCash
adding funds to Bank’s account.
eCash
10. b-money
an anonymous (pseudonymous),
distributed electronic cash system.
Every participant maintains a (separate)
database of how much money belongs to
each pseudonym.
http://www.weidai.com/bmoney.txt
11. b-money
How to create value
• We value only what is a scarce resource like time, electricity, trust, or gold.
• How to create arti
fi
cial scarcity?
12. b-money
How to create value
• We value only what is a scarce resource like time, electricity, trust, or gold.
• How to create arti
fi
cial scarcity?
• Cryptographic puzzles (problems in NP).
• Example:
fi
nd x s.t. H(x) < d, where x is a number to
fi
nd, H is a hash function,
and d is a di
ffi
culty level.
13. b-money
How to create value
• We value only what is a scarce resource like time, electricity, trust, or gold.
• How to create arti
fi
cial scarcity?
• Cryptographic puzzles (problems in NP).
• Example:
fi
nd x s.t. H(x) < d, where x is a number to
fi
nd, H is a hash function, and d
is a di
ffi
culty level.
• Solving such a crypto puzzle consumes electric power, which is a scarce resource
✅.
• The number of monetary units created is equal to the cost of the computing e
ff
ort in
terms of a standard basket of commodities.
15. b-money
Solved:
- Money creation ✅
- Transfer of money ✅
Impractical assumptions:
- Assumed atomic broadcast
- 100% uptime peers,
Not solved:
- Not byzantine fault tolerant.
As a result, the idea was abandoned.
19. BitGold
Solved:
- Money creation ✅
- Transfer of money ✅
Not solved:
- Not decentralised.
- Missing incentives to keep nodes honest.
- Not byzantine-fault tolerant.
As a result, the idea was abandoned.
21. Bitcoin
First peer-to-peer electronic cash.
First to achieve global consensus in open-membership
network.
Innovations:
- Introduce the concept of blockchain as a data structure
that timestamps transactions.
- Used proof-of-work:
- to create scare resource
- to achieve global consensus in open-membership
network (leadership election by computing power)
- to prevent Sybil attacks (vote = collective computing
power)
- to secure the network (reverting history requires 51%
computing power)
https://bitcoin.org/bitcoin.pdf
22. Bitcoin
Utility — easy transfer of value
De
fl
ationary — halves currency
issuance every 4 years
Cap at 21mln, currently 17mln
(84%) in circulating supply
The law of supply and demand
Mining costs
Speculation
https://bitcoin.org/bitcoin.pdf
Where does value come from?
23. Transition state machine
S — states
T — transactions
Apply : S x T -> S — state transition function
Sn+1 = Apply(Sn, Tn)
Apply(state, T) = {
assert(state[Tfrom] >= Tvalue)
state[Tfrom] -= Tvalue
state[Tto] += Tvalue
}
Example:
{ Alice : 2, Bob: 8 } = Apply({ Alice : 10, Bob:
0 }, “Send 8₿ from Alice to Bob”)
Each transaction is recorded on a public, immutable and decentralized data
structure—Blockchain.
29. Internet Voting
Let’s give each eligible voter a right to vote
then
T = (from, to, value)
Sn+1 = Apply(Sn, Tn)
Apply(state, T) = {
assert(state[Tfrom] == true)
state[Tfrom] = false
state[Tto] += 1
}
∀voter ∈ voters state[voter] = true
Naive solution using blockchain
30. Internet Voting
- Correctness, all and only eligable votes are counted.
- Censorship resistance, any eligible user that wants to cast a vote can do it.
- Privacy, no one can tell which candidate the voters voted for, or even if they voted at all—
preventing preliminary results and guaranteeing freedom of choice.
- Coercion resistance, voters can not prove to anyone how they voted even if they want to—
preventing selling votes as there is no way of verifying if they indeed voted on paid candidate.
Requirements
31. Blockchain Voting
Privacy-preserving
Authorities prepare a voting
User encrypt a vote
T = (Tfrom, encrypt(Tvote, pubKey)),
where
- Tfrom is the voter public key,
- Tvote is chosen candidate.
User cast the vote to blockchain
Apply(state, T) = {
assert(state[Tfrom] == true)
state[Tfrom] = false
state[votes] = state[votes] Tvote
}
Authorities publish privKey, so everyone can decrypt and calculate the
results.
decryptedVotes =
(privKey, pubKey) ← generateKeyPair()
∀voter ∈ voters state[voter] = true
∪
{decrypt(vote, privKey)|vote ∈ state[votes]}
32.
33. Internet Voting
- Correctness, all and only eligable votes are counted.
- Censorship resistance, any eligible user that wants to cast a vote can do it.
- Privacy, no one can tell which candidate the voters voted for, or even if they voted at all—
preventing preliminary results and guaranteeing freedom of choice.
- Coercion resistance, voters can not prove to anyone how they voted even if they want to—
preventing selling votes as there is no way of verifying if they indeed voted on paid candidate.
Requirements
34. Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting
• Users can cast multiple votes
and have the ability to change
their key.
• “as is common for electronic
voting schemes, we assume a
publicly accessible append-only
bulletin board”
35. Multi-party computation (MPC)
• Multi-party computation (MPC) enables a group of independent parties who
do not trust each other to jointly compute a function where is
the private input for i-th party.
f(x1, x2…xn) xi
36. MPC Applications
Yao’s Millionaires Problem
"Two millionaires wish to know who is richer without revealing their actual
wealth.”
So the goal is to compute where is the
fi
rst party’s private input and
is the second party’s private input.
x1 ≤ x2 x1
x2
f(x1, x2) = x1 ≤ x2
39. MPC Applications
Secure machine learning
MPC can be used to create a setting where:
A client sends an encrypted input to the server’s pre-trained model and receive
an encrypted model’s prediction.
Handy in Machine Learning as a Service (MLaaS), where users send potentially
sensitive information.
With MPC both users and the service provider can keep their data private.
Example: MiniONN (Liu et al., 2017) — “the
fi
rst approach for transforming an
existing neural network to an oblivious neural network supporting privacy-
preserving predictions with reasonable e
ffi
ciency”.