TLDR
- Developed and developing countries have adopted electronic voting (E-voting) to replace the traditional ballot box or postal method of voting. However, the requirement to be met to achieve voters’ privacy and the process verifiability is high.
- Research has been conducted into applying cryptographic techniques to achieve privacy and verifiability, but the solutions are usually hard to implement.
- The researchers propose an easy-to-use, secure, and verifiable design for E-voting on the Blockchain that requires minimal setup.
Core Research Question
How can privacy and verifiability in E-voting systems be achieved without relying on a centralized server?
Citation
Moritz Eck, Alex Scheitlin, Nik Zaugg, “Design and Implementation of Blockchain-based E-Voting.” University of Zurich, Feb. 2020. https://cdn.jsdelivr.net/npm/@meck93/evote-crypto@0.1.10/report.pdf.
Background
- Access Provider: An authorization service run by or on behalf of the voting authority that grants only eligible users access to the E-Voting system.
- Ballot Secrecy: A casted vote must remain private and unlinkable to the voter.
- E-Identity: A digital certificate issued by the government containing the unique ID of a voter.
- Identity Provider: A trusted third-party responsible for validating and verifying potential voters’ eligibility and electronic identity.
- Individual verifiability (IV): An IV is assigned when a voter can ascertain that their vote has reached its intended destination without any alterations.
- Limited Votes: A voter can vote for a certain number of candidates out of a total number of candidates. For instance, a voter can choose to vote for two (2) candidates (the first and third candidates) out of a total number of three (3) candidates.
- Multi-way Elections: A voter can select one out of multiple candidates in an election.
- Proof of Work: A form of cryptographic mechanism primarily used by permissionless Blockchains such as Bitcoin or Ethereum to come to a consensus on the state of information recorded on the Blockchain or verify the accuracy of transactions added to the Blockchain.
- Proof of Authority: A consensus mechanism that gives some Blockchain actors power to validate transactions or interactions across the Blockchain.
- Receipt-Freeness: A voter must not be able to prove to a third party that they have cast a particular vote.
- Sealer: A service in the E-voting system to run a blockchain validator, participate in the distributed key generation, and tally votes once voting has ended.
- Secure Public Bulletin Board (SPBB): A public board used to broadcast a publicly verifiable log of communication of an ongoing election or vote and to store the final result.
- Universal Verifiability (UV): A concept that allows a third party to verify the outcome of a vote.
- Voter: Any eligible person who wants to participate in voting.
- Voting authority: The administrator and coordinator of the E-voting system. They are responsible for coordinating with the sealer, setting voting questions, opening and closing the votes, and deploying a smart contract.
Summary
- Traditional voting systems are frequently faced with voter manipulation, vote-buying, and human errors, which has led to governments seeking alternatives in E-voting systems.
- E-voting makes it easy for people with disabilities, people living abroad, or people in remote areas to exercise their right to vote.
- There is a general distrust and lack of acceptance of E-voting by voters. It is challenging to balance the protection of a voter’s privacy while also verifying that the vote was included in the ballot as intended by the voter.
- A common feature of existing E-voting systems is that trust is embedded in central authorities who control the system even though it is distributed or replicated.
- Research into cryptographic techniques has yielded fruitful results toward achieving a balance between privacy and verifiability. However, there is still a heavy reliance on centralized servers.
- Using centralized servers for encryption and proof verification requires the voters to trust the central authority, thereby defeating the purpose of decentralization on the Blockchain.
- Centralized servers also provide no ability for voters and third parties to verify votes since all the cryptographic operations occur on a central server.
- The researchers seek to tackle the shortcomings of E-voting systems on a centralized server by designing and implementing a new proof-of-concept E-voting system.
- The system consists of various stakeholders such as the sealers, the voting authority, voter(s), identity provider, Blockchain, and access provider who constitute the E-voting architecture.
- Interaction between stakeholders in the E-voting architecture:
Method
- Using a proof-of-authority blockchain to act as a secure public bulletin board, client-side vote encryption and proof generation are employed and all votes and proofs are verified and stored inside a smart contract on the Blockchain.
- To create an E-voting prototype that is easy to use and requires minimal setup, the researchers chose a browser-based implementation. In addition, typescript was chosen to enhance developer experience and a type-safe implementation.
- For the prototype’s frontend, the researchers used React and MaterialUI, while the backend was built with Typescript and Node.js to avoid context switches.
- The prototype is then built on the Ethereum blockchain using the Parity client.
- To ensure fast setup and no installation, all the services were containerized using Docker which can be started through a single script.
Results
- Vote encryption and proof generation is performed by the client’s server instead of a central server.
- The E-voting system ensured voters’ ballot secrecy since voters encrypt their votes using the public key of the system created using each sealer’s public key as a share.
- A third party cannot gain information about a voter’s choice once the system has generated the encrypted vote and proofs, ensuring receipt freeness.
- Coercion resistance is not guaranteed if the voter and the coercer are in the same physical location, as the voter can be forced or manipulated to abstain from voting or give up their credentials.
- Fairness is guaranteed as the results of the voting exercise can only be accessed at the end of the exercise when all the sealers must have submitted their decrypted share.
- The system also fulfills the requirements for individual and universal verifiability.
- The eligibility property of the E-voting system ensures that only eligible people can vote and the voter’s privacy is private.
- The system is reliable as it is built on a blockchain that ensures redundancy and protects against data loss. Therefore, where one of the sealers malfunctions, the system will still be operational.
Discussion and Key Takeaways
- The identity of a voter could be discovered by tracing their IP address to their exact location and the system cannot guarantee the privacy of the voter’s identity in this situation.
- Where the identity provider goes rogue, they can create their blockchain wallet and gain access to the voting system by trying all generated one-time tokens. Unfortunately, this activity may go unnoticed as not all eligible voters will eventually vote.
- If the identity provider and access provider collude, it would be possible to link a voter’s wallet with their E-identity, thereby removing the receipt-freeness property of the E-voting system.
Implications and Follow-ups
- The researchers did not enforce communication over secure channels due to time constraints.
- Due to the limitations of the Ethereum virtual machine, only 256-bit integers could be used which weakens the security of the system. Therefore, it is recommended to use 2048-bit integers for future work on production settings.
- The ability to trace a voter’s location by tracing their IP address can be avoided by incorporating onion routing between the voter and blockchain network.
- A scheme involving blinded voter tokens could be deployed to solve the problem of possible collusion by the identity and access provider.
- The E-voting system designed only supports elections with two options; multi-way elections and limited votes could be implemented in future systems.
Applicability
- Private and public entities looking to conduct free and fair elections devoid of common problems associated with traditional voting systems while maintaining a balance of privacy and verifiability.
- Private and public entities seeking to ensure that vote encryption and proof generation are done by the client-server instead of a centralized server in their electronic voting systems.