Voting is one of the most important elements of democracy. Despite the rapid development of e-government services, voting still has not been widely digitized. Besides voting service in Estonia and Switzerland, internet voting (i-voting) is still not ubiquitous. There are many reasons for the slow progress of introducing e-government services. One of them is a lack of trust in technology, and another one is a need for trust in the authorities controlling the voting process. Many researchers and experts in the field discourage internet voting due to software unreliability[@park2021going, @Whyblock10:online, @Noblockc8:online, @Blockcha27:online, @OnBlockc0:online]. However, in the context of recent improvements on the security of IT systems, the denial of internet voting seems to be too pessimistic foresee on the future. Similar problems have not prevented electronic money from becoming widely used; therefore, the solutions for electronic money should also help solve the i-voting problem. Particularly, blockchain technology enabled creating secure systems without a central authority. Blockchains guarantee integrity and censorship resistance; however, voting process is more demanding. There are two more properties that blockchains do not provide natively; namely, privacy and cohersion resistance. Privacy guarantees that no one can tell which candidate the voters voted for, or even if they voted at all—preventing preliminary results and guaranteeing freedom of choice without any repercussions. Cohesion resistance guarantees that voters can not prove to anyone how they voted even if they want to—preventing selling votes as there is no way of verifying vote details. Although both proprties are not trivial to achieve, the privacy is apprently the easier of these two. Common solution is to encrypt the vote using election authorities' public key, and use mixnets to prevent side-channel timing attack. However, it does not prevent authorities—who own the correponding private key—from decrypting each vote and learning each voter option. Cohersion resistance stays in conflict with blockchain's intrinsic property—correctness and verifability; therefore, most blockchain-based protocols ignore it. One solution [@juels2010coercion] is to introduce bulleting Even if blockchain is not the final piece of the whole puzzle, we argue that internet voting is inevitable and therefore researching the missing pieces is worthwhile.

1. Stanisław Barański
stanislaw.baranski@pg.edu.pl
https://stan.bar
Blockchain
the solution to internet voting

2. Agenda
Motivation
History
Bitcoin and Blockchain
Internet voting
Multi-party computation (MPC)
My work

3. Motivation
• Transfer of value without trusted third party—electronic cash.
• Trust in cryptography, not in central authorities like banks. Bad people can
change law, but not math nor cryptography.
• Privacy and anonimity.
• Censorship-resistant.
• Virtual-
fi
rst currency, programmable money.

4. History
• eCash (David Chaum) - 1983

5. • Buyer buys eCash (certi
fi
cate)
from Bank.
• Buyer sends eCash (certi
fi
cate)
to Seller.
• Seller sends eCash to Bank,
which veri
fi
es if it hasn’t been
spend before and reedem eCash
adding funds to Bank’s account.
eCash

6. • Requires trusted third party––
Bank.
eCash

7. What happens when we remove
the central authority?

8. Double-spending problem

9. History
• eCash (David Chaum) - 1983
• b-money (Wei Dai) - 1998

10. b-money
an anonymous (pseudonymous),
distributed electronic cash system.
Every participant maintains a (separate)
database of how much money belongs to
each pseudonym.
http://www.weidai.com/bmoney.txt

11. b-money
How to create value
• We value only what is a scarce resource like time, electricity, trust, or gold.
• How to create arti
fi
cial scarcity?

12. b-money
How to create value
• We value only what is a scarce resource like time, electricity, trust, or gold.
• How to create arti
fi
cial scarcity?
• Cryptographic puzzles (problems in NP).
• Example:
fi
nd x s.t. H(x) < d, where x is a number to
fi
nd, H is a hash function,
and d is a di
ffi
culty level.

13. b-money
How to create value
• We value only what is a scarce resource like time, electricity, trust, or gold.
• How to create arti
fi
cial scarcity?
• Cryptographic puzzles (problems in NP).
• Example:
fi
nd x s.t. H(x) < d, where x is a number to
fi
nd, H is a hash function, and d
is a di
ffi
culty level.
• Solving such a crypto puzzle consumes electric power, which is a scarce resource
✅.
• The number of monetary units created is equal to the cost of the computing e
ff
ort in
terms of a standard basket of commodities.

14. How to transfer value
b-money

15. b-money
Solved:
- Money creation ✅
- Transfer of money ✅
Impractical assumptions:
- Assumed atomic broadcast
- 100% uptime peers,
Not solved:
- Not byzantine fault tolerant.
As a result, the idea was abandoned.

16. History
• eCash (David Chaum) - 1983
• b-money (Wei Dai) - 1998
• BitGold (Nick Szabo) - 1998/2005

17. BitGold
Assumes existence of distributed
timestamp services and distributed
Bitgold registry.
Money creation (proof-of-work
based + challenge string +
timestamping)
https://unenumerated.blogspot.com/2005/12/bit-gold.html

18. Money creation and transfers
BitGold

19. BitGold
Solved:
- Money creation ✅
- Transfer of money ✅
Not solved:
- Not decentralised.
- Missing incentives to keep nodes honest.
- Not byzantine-fault tolerant.
As a result, the idea was abandoned.

20. History
• eCash (David Chaum) - 1983
• b-money (Wei Dai) - 1998
• BitGold (Nick Szabo) - 1998/2005
• Bitcoin (Satoshi Nakamoto) - 2008

21. Bitcoin
First peer-to-peer electronic cash.
First to achieve global consensus in open-membership
network.
Innovations:
- Introduce the concept of blockchain as a data structure
that timestamps transactions.
- Used proof-of-work:
- to create scare resource
- to achieve global consensus in open-membership
network (leadership election by computing power)
- to prevent Sybil attacks (vote = collective computing
power)
- to secure the network (reverting history requires 51%
computing power)
https://bitcoin.org/bitcoin.pdf

22. Bitcoin
Utility — easy transfer of value
De
fl
ationary — halves currency
issuance every 4 years
Cap at 21mln, currently 17mln
(84%) in circulating supply
The law of supply and demand
Mining costs
Speculation
https://bitcoin.org/bitcoin.pdf
Where does value come from?

23. Transition state machine
S — states
T — transactions
Apply : S x T -> S — state transition function
Sn+1 = Apply(Sn, Tn)
Apply(state, T) = {
assert(state[Tfrom] >= Tvalue)
state[Tfrom] -= Tvalue
state[Tto] += Tvalue
}
Example:
{ Alice : 2, Bob: 8 } = Apply({ Alice : 10, Bob:
0 }, “Send 8₿ from Alice to Bob”)
Each transaction is recorded on a public, immutable and decentralized data
structure—Blockchain.

24. Blockchain

25. Think of it as a version control system

26. Proof-of-work

27. Ethereum – generalization of Bitcoin
Bitcoin
T = (from, to, value)
Sn+1 = Apply(Sn, Tn)
Apply(state, T) = {
assert(state[Tfrom] >= Tvalue)
state[Tfrom] -= Tvalue
state[Tto] += Tvalue
}
Ethereum
T = smart contract code
Sn+1 = Apply(Sn, Tn)
Apply(Sn, Tn) = EVM(Sn, Tn)

28. Internet Voting

29. Internet Voting
Let’s give each eligible voter a right to vote
then
T = (from, to, value)
Sn+1 = Apply(Sn, Tn)
Apply(state, T) = {
assert(state[Tfrom] == true)
state[Tfrom] = false
state[Tto] += 1
}
∀voter ∈ voters state[voter] = true
Naive solution using blockchain

30. Internet Voting
- Correctness, all and only eligable votes are counted.
- Censorship resistance, any eligible user that wants to cast a vote can do it.
- Privacy, no one can tell which candidate the voters voted for, or even if they voted at all—
preventing preliminary results and guaranteeing freedom of choice.
- Coercion resistance, voters can not prove to anyone how they voted even if they want to—
preventing selling votes as there is no way of verifying if they indeed voted on paid candidate.
Requirements

31. Blockchain Voting
Privacy-preserving
Authorities prepare a voting
User encrypt a vote
T = (Tfrom, encrypt(Tvote, pubKey)),
where
- Tfrom is the voter public key,
- Tvote is chosen candidate.
User cast the vote to blockchain
Apply(state, T) = {
assert(state[Tfrom] == true)
state[Tfrom] = false
state[votes] = state[votes] Tvote
}
Authorities publish privKey, so everyone can decrypt and calculate the
results.
decryptedVotes =
(privKey, pubKey) ← generateKeyPair()
∀voter ∈ voters state[voter] = true
∪
{decrypt(vote, privKey)|vote ∈ state[votes]}

33. Internet Voting
- Correctness, all and only eligable votes are counted.
- Censorship resistance, any eligible user that wants to cast a vote can do it.
- Privacy, no one can tell which candidate the voters voted for, or even if they voted at all—
preventing preliminary results and guaranteeing freedom of choice.
- Coercion resistance, voters can not prove to anyone how they voted even if they want to—
preventing selling votes as there is no way of verifying if they indeed voted on paid candidate.
Requirements

34. Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting
• Users can cast multiple votes
and have the ability to change
their key.
• “as is common for electronic
voting schemes, we assume a
publicly accessible append-only
bulletin board”

35. Multi-party computation (MPC)
• Multi-party computation (MPC) enables a group of independent parties who
do not trust each other to jointly compute a function where is
the private input for i-th party.
f(x1, x2…xn) xi

36. MPC Applications
Yao’s Millionaires Problem
"Two millionaires wish to know who is richer without revealing their actual
wealth.”
So the goal is to compute where is the
fi
rst party’s private input and
is the second party’s private input.
x1 ≤ x2 x1
x2
f(x1, x2) = x1 ≤ x2

37. Decentralized encryption using MPC
𝙵
𝟷
(x1, . . . , xn) =
𝙳
𝚎
𝚛
𝚒
𝚟
𝚎
𝙿
𝚞
𝚋
𝙺
𝚎
𝚢
(
𝙳
𝚎
𝚛
𝚒
𝚟
𝚎
𝙿
𝚛
𝚒
𝚟
𝙺
𝚎
𝚢
(
𝚂
𝚂
(x1, . . . , x2)))
𝙵
𝟸
(x1, . . . , xn, votes) =
𝙲
𝚘
𝚞
𝚗
𝚝
(
𝙳
𝚎
𝚌
𝚛
𝚢
𝚙
𝚝
(votes,
𝙳
𝚎
𝚛
𝚒
𝚟
𝚎
𝙿
𝚛
𝚒
𝚟
𝙺
𝚎
𝚢
(
𝚂
𝚂
(x1, . . . , x2))))

38. BB/Blockchain and MPC on voters’ smartphones

39. MPC Applications
Secure machine learning
MPC can be used to create a setting where:
A client sends an encrypted input to the server’s pre-trained model and receive
an encrypted model’s prediction.
Handy in Machine Learning as a Service (MLaaS), where users send potentially
sensitive information.
With MPC both users and the service provider can keep their data private.
Example: MiniONN (Liu et al., 2017) — “the
fi
rst approach for transforming an
existing neural network to an oblivious neural network supporting privacy-
preserving predictions with reasonable e
ffi
ciency”.

41. Questions?
Stanisław Barański
stanislaw.baranski@pg.edu.pl
https://stan.bar