Research Summary: Design and Implementation of Blockchain-based E-Voting

TLDR

• Developed and developing countries have adopted electronic voting (E-voting) to replace the traditional ballot box or postal method of voting. However, the requirement to be met to achieve voters’ privacy and the process verifiability is high.
• Research has been conducted into applying cryptographic techniques to achieve privacy and verifiability, but the solutions are usually hard to implement.
• The researchers propose an easy-to-use, secure, and verifiable design for E-voting on the Blockchain that requires minimal setup.

Core Research Question

How can privacy and verifiability in E-voting systems be achieved without relying on a centralized server?

Citation

Moritz Eck, Alex Scheitlin, Nik Zaugg, “Design and Implementation of Blockchain-based E-Voting.” University of Zurich, Feb. 2020. https://cdn.jsdelivr.net/npm/@meck93/evote-crypto@0.1.10/report.pdf.

Background

• Access Provider: An authorization service run by or on behalf of the voting authority that grants only eligible users access to the E-Voting system.
• Ballot Secrecy: A casted vote must remain private and unlinkable to the voter.
• E-Identity: A digital certificate issued by the government containing the unique ID of a voter.
• Identity Provider: A trusted third-party responsible for validating and verifying potential voters’ eligibility and electronic identity.
• Individual verifiability (IV): An IV is assigned when a voter can ascertain that their vote has reached its intended destination without any alterations.
• Limited Votes: A voter can vote for a certain number of candidates out of a total number of candidates. For instance, a voter can choose to vote for two (2) candidates (the first and third candidates) out of a total number of three (3) candidates.
• Multi-way Elections: A voter can select one out of multiple candidates in an election.
• Proof of Work: A form of cryptographic mechanism primarily used by permissionless Blockchains such as Bitcoin or Ethereum to come to a consensus on the state of information recorded on the Blockchain or verify the accuracy of transactions added to the Blockchain.
• Proof of Authority: A consensus mechanism that gives some Blockchain actors power to validate transactions or interactions across the Blockchain.
• Receipt-Freeness: A voter must not be able to prove to a third party that they have cast a particular vote.
• Sealer: A service in the E-voting system to run a blockchain validator, participate in the distributed key generation, and tally votes once voting has ended.
• Secure Public Bulletin Board (SPBB): A public board used to broadcast a publicly verifiable log of communication of an ongoing election or vote and to store the final result.
• Universal Verifiability (UV): A concept that allows a third party to verify the outcome of a vote.
• Voter: Any eligible person who wants to participate in voting.
• Voting authority: The administrator and coordinator of the E-voting system. They are responsible for coordinating with the sealer, setting voting questions, opening and closing the votes, and deploying a smart contract.

Summary

• Traditional voting systems are frequently faced with voter manipulation, vote-buying, and human errors, which has led to governments seeking alternatives in E-voting systems.
• E-voting makes it easy for people with disabilities, people living abroad, or people in remote areas to exercise their right to vote.
• There is a general distrust and lack of acceptance of E-voting by voters. It is challenging to balance the protection of a voter’s privacy while also verifying that the vote was included in the ballot as intended by the voter.
• A common feature of existing E-voting systems is that trust is embedded in central authorities who control the system even though it is distributed or replicated.
• Research into cryptographic techniques has yielded fruitful results toward achieving a balance between privacy and verifiability. However, there is still a heavy reliance on centralized servers.
• Using centralized servers for encryption and proof verification requires the voters to trust the central authority, thereby defeating the purpose of decentralization on the Blockchain.
• Centralized servers also provide no ability for voters and third parties to verify votes since all the cryptographic operations occur on a central server.
• The researchers seek to tackle the shortcomings of E-voting systems on a centralized server by designing and implementing a new proof-of-concept E-voting system.
• The system consists of various stakeholders such as the sealers, the voting authority, voter(s), identity provider, Blockchain, and access provider who constitute the E-voting architecture.
• Interaction between stakeholders in the E-voting architecture:
  

Method

• Using a proof-of-authority blockchain to act as a secure public bulletin board, client-side vote encryption and proof generation are employed and all votes and proofs are verified and stored inside a smart contract on the Blockchain.
• To create an E-voting prototype that is easy to use and requires minimal setup, the researchers chose a browser-based implementation. In addition, typescript was chosen to enhance developer experience and a type-safe implementation.
• For the prototype’s frontend, the researchers used React and MaterialUI, while the backend was built with Typescript and Node.js to avoid context switches.
• The prototype is then built on the Ethereum blockchain using the Parity client.
• To ensure fast setup and no installation, all the services were containerized using Docker which can be started through a single script.

Results

• Vote encryption and proof generation is performed by the client’s server instead of a central server.
• The E-voting system ensured voters’ ballot secrecy since voters encrypt their votes using the public key of the system created using each sealer’s public key as a share.
• A third party cannot gain information about a voter’s choice once the system has generated the encrypted vote and proofs, ensuring receipt freeness.
• Coercion resistance is not guaranteed if the voter and the coercer are in the same physical location, as the voter can be forced or manipulated to abstain from voting or give up their credentials.
• Fairness is guaranteed as the results of the voting exercise can only be accessed at the end of the exercise when all the sealers must have submitted their decrypted share.
• The system also fulfills the requirements for individual and universal verifiability.
• The eligibility property of the E-voting system ensures that only eligible people can vote and the voter’s privacy is private.
• The system is reliable as it is built on a blockchain that ensures redundancy and protects against data loss. Therefore, where one of the sealers malfunctions, the system will still be operational.

Discussion and Key Takeaways

• The identity of a voter could be discovered by tracing their IP address to their exact location and the system cannot guarantee the privacy of the voter’s identity in this situation.
• Where the identity provider goes rogue, they can create their blockchain wallet and gain access to the voting system by trying all generated one-time tokens. Unfortunately, this activity may go unnoticed as not all eligible voters will eventually vote.
• If the identity provider and access provider collude, it would be possible to link a voter’s wallet with their E-identity, thereby removing the receipt-freeness property of the E-voting system.

Implications and Follow-ups

• The researchers did not enforce communication over secure channels due to time constraints.
• Due to the limitations of the Ethereum virtual machine, only 256-bit integers could be used which weakens the security of the system. Therefore, it is recommended to use 2048-bit integers for future work on production settings.
• The ability to trace a voter’s location by tracing their IP address can be avoided by incorporating onion routing between the voter and blockchain network.
• A scheme involving blinded voter tokens could be deployed to solve the problem of possible collusion by the identity and access provider.
• The E-voting system designed only supports elections with two options; multi-way elections and limited votes could be implemented in future systems.

Applicability

• Private and public entities looking to conduct free and fair elections devoid of common problems associated with traditional voting systems while maintaining a balance of privacy and verifiability.
• Private and public entities seeking to ensure that vote encryption and proof generation are done by the client-server instead of a centralized server in their electronic voting systems.

Hi @Tolulope. Thanks for an excellent contribution to the Forum. Here’s something I recently read about that made me think of your research summary:

David Chaum, the legendary cryptographer and inventor of digital cash, has completed preliminary work on a system called VoteXX. It claims to solve the problems of remote voting.

“VoteXX is a joint effort by xx network and an international team of academics to create a massively scalable, end-to-end voter verifiable, coercion-resistant and remote election system.”

https://chaum.com/votexx/
https://votexx.org

If this project is as described, will it change our reading of this paper?

Hello @Tolulope,
Weldon for the research summary. I am thinking that Voting receipts could be another transparency measure that can be used in E voting solutions to help assure voters that their ballots have been received by the voting server. Do you think it is necessary.

Thank you @rlombreglia for sharing David Chaum’s great work.
The project will definitely change our reading of the paper and the entire e-voting landscape when finalised.

While the architecture seems quite similar to the one designed by the researchers in the paper, it introduces ‘hedgehogs’ who can nullify votes with the keys provided by voters. The Votexx project addresses the problems of voter coercion and vote buying while using a fully decentralised model. The coercion resistance function is equipped to ensure that voters cannot prove how they voted, and the ability of both the voter and ‘hedgehogs’ to nullify votes would really go a long way in ensuring coercion resistance.

However, I am curious about how the model would work with multi-way elections since it currently allows two options. Also, I feel the project focuses a lot on online coercion. I wonder how the model will mitigate coercion from physical forces present at the voter’s location and can watch the voter select a candidate and vote for them. However, that may not be a great problem since the voter is able to change their votes with the passphrase using the hedgehogs. I wonder if there would be a limit to the number of times a voter can nullify/change their votes and if the system will be able to flag such votes and set measures to ensure there is no ongoing manipulation.

Overall, Votexx proposes solutions to many of the issues currently faced by e-voting systems while being inclusive of traditional systems.

Thanks for the comment @Henry. Could you provide more context into what you mean by voting receipts?

Nice summary @Tolulope.
Despite the cutting-edge technology utilized in the implementation in this summary, I still believe that there are always security problems intrinsic to blockchain technology, thus does the blockchain system examined in this research satisfy the fundamental security requirements of internet voting?
I think the most significant limitation
for building secure internet voting systems is that
Regardless of how secure the voting system is, voting equipment could still be compromised or hacked into.

Voting receipt here could mean the identification code which proves that a vote is casted by the registered person

Let me assume that a voter realizes that his vote is not counted correctly? How will he be able to prove it?

I love the focus of the summary, Tolu…

I’ve always been curious about blockchain’s applicability in a country’s elections.

Unfortunately, the system does not meet the criteria for practical use. I hope the researchers continue and subsequently improve the work soon.

I believe then it could be used in elections, especially for African countries.

Thanks for clarifying @Henry. I think voting receipts would beat the point of the paper. The purpose of a blockchain-based e-voting system is to ensure ballot secrecy, among others. A voting receipt would negate that. It would also encourage coercion, voter manipulation and vote buying, which is what the design aims to achieve.

Fantastic summary @Tolulope
Some of the problems that currently plague election systems may be resolved by blockchain systems. On the other hand, privacy protection and transaction speed are the problems with blockchain applications that are most frequently raised.

I believe that remote voting security must be practical for a blockchain-based electronic voting system to be scalable. Additionally, transaction speed issues must be resolved. These issues make me believe that the frameworks need to be improved in order to be used in voting systems.

Thank you @Tolulope for this wonderful summary. It came at time when my country,Nigeria just passed an electoral law wherein section 84 approved electronic transmission and registration of vote. While the law doesn’t forsee e voting , i believe it it will only take time before that happens and who knows, you might be called as one of the experts to advice the federal government on this.

Considering the fact that election is a very serious and delicate issue capable of dislodging the unity of a country, especially multi-national country, does this research or any other research known to you, provide mechanism to prevent identity provider from from accessing the e voting system when the identity provider goes rogue as pointed out in the research?

Secondly, although secondary to the context and content of the research, to how extent does the research consider user friendly design of the system as to not widen the already existing digital divides in some countries, especially African Countries which has long history of election and voter manipulation.

Finally, deploying Blockchain in election will have implications to privacy of data subjects and thus conflict with data protection law viz: its immutability and the fact that the design proposed by the research has potential of revealing the identity of the voter and vote cast. Is there any available mechanism to remedy this?

Thank you

Happy you love the summary @Harvesto. I believe the implementation of a blockchain e-voting system would be very impactful in African elections, especially where vote-buying and ballot box thefts are rife. Do you think the current model as it is, if scaled, would make a lot of difference in the elections landscape in Africa?

Thank you for your contribution @Idara_Effiong. I agree with you that blockchain systems may solve some of the problems faced by traditional electioneering systems. I think one of the focal points of this system is to protect the voter’s privacy; also, ballot secrecy and receipt-freeness ensure that a person’s vote may not be linked to them after voting.
I am unclear about what you mean by transaction speed issues. Would you like to provide more context?

Thank you for reading @Samuel94. Elections are crucial to maintaining democracy and a country’s unity, as you have stated. One of the limitations of this prototype is that if the identity provider goes rogue or colludes with the access provider, they could link the casted votes to the voters. However, the researchers suggest that a scheme of blinded tokens in e-identity provisioning could solve this problem. Also, David Chaum’s VoteXX project could potentially provide other solutions.

To answer your second question, the researchers created an infrastructure that makes it as easy as possible for a person with basic computer skills to interact with, although it operates on the assumption that the government would have provided some infrastructures as well, such as a digital ID system. However, I don’t believe this design will widen the already existing digital divide gaps in African countries, but it doesn’t do anything to mitigate it either.

Privacy of voters is crucial to this work; while the design achieves the requirements of ballot secrecy on one hand, it identifies the possibility of breaches on the other hand. As suggested as part of the future work for the design, onion routing and blinded tokens in e-identity provision are mechanisms that could help to resolve the issue of data breaches.

Hi @Tolulope

The transaction speed issue here refers to the emergent, unresolved issue of sluggish transaction speed, which poses a significant challenge in blockchain adoption for practical applications. Considering blockchain is decentralized, each transaction must be verified by the nodes before it is accepted as a block. In centralized systems, trust is put in a central governing body (government or bank), which allows them to process millions of transactions per day.

For comparison, consider Bitcoin’s transaction speed with businesses like Visa. Right now, Bitcoin can only guarantee 4.6 transactions per second. Visa, on the other hand, handles around 1,736 transactions per second on average (calculations based on the official claim of 150 million transactions per day).

There are several projects and startups working to expedite transaction speeds on blockchain, but all these solutions come with limitations.

Implementing an e-Voting system whilst tedious is essentially a solvable problem, even after scaling. Can you nominate specific anti-apathy arrangements (or additional papers that study such) to encourage say DAO members to participate?

• eg see DAOhaus holographic consensus

Yes, I believe so.

Take for example, the nation state of Nigeria.

It has an upcoming gubernatorial election next year. Nigerian elections so far have been full of complications, lack of clarity and corruption at different levels.

IMO, if the authors/researchers of this blockchain based voting system can make the necessary adjustments/improvements, it can be used to conduct elections of such scale, leaving positive results that the voters would talk about for years.

Hi, @Tolulope decided to do a summary of your insightful post for the Writer’s Cohort.

Developed and developing countries have been looking for alternative voting methods to replace the traditional ballot box. The answer is electronic voting systems (e-voting). But, unfortunately, while the answer has been found, it hasn’t achieved voter privacy and successful verification of votes.

The loophole in the current e-voting system has created the need for another innovative solution - using cryptography and blockchain to achieve said privacy and verifiability. However, implementing and integrating this solution is complicated due to citizens’ trust and acceptance and single points of failure due to reliance on centralized servers. Moreover, using centralized servers means third parties can access the voter’s identity and an inability to verify the votes count.

The question is how E-voting systems can ensure privacy and verifiability without relying on centralized data servers. Achieving this is possible with the easy-to-use, secure blockchain-based E-voting system the authors propose.

The Proposed E-Voting System

Current e-voting systems are still yet to be trusted and accepted by the general populace and voters for personal reasons. They also rely on centralized servers, defeating the blockchain’s decentralization promise. The research authors tackle these shortcomings by designing and implementing a Proof-of-concept E-voting system.

Because the voting system is built on a blockchain, data loss and manipulation are eliminated. And just like the blockchain is famous for not stopping even if one or multiple nodes go rogue, the system will still be operational if one or multiple sealers malfunctions.

The core research purpose - to ensure voter encryption and verifiability - is fulfilled because the voting data is stored and calculated by the client’s server. Therefore, the voter’s identity is obfuscated using the public key of the voting system and each sealer. Besides, the researchers built the voting system with an eligibility criterion, ensuring only people who meet the criteria can vote.

Third parties like thugs cannot know who the voter voted for once the system receives the votes. That said, voter coercion, i.e., forcing the voter to cast their votes for another candidate, isn’t eliminated because the coercer (thug) and the voter may be in the same physical location.

Bottom Line and Future Implications

Overall, any organization can use this e-voting protocol to conduct free and fair elections without the pain points of traditional ballot boxes. While the voting system ensures verifiability and security, anyone can trace voters with their IP addresses. Apart from that, the system has certain limitations due to the researchers’ design and channels. For example, EVM only uses 256-bit integers, which weakens the system’s security.

Additionally, the identity provider could go rogue and try to gain access to the voting system by randomly trying the one-time tokens. To overcome these limitations, the researchers should use 2048-bit integers soon. Furthermore, concerning IP address tracing, the system should integrate onion routing between the voter and the blockchain. Finally, a scheme that involves obfuscated voter tokens can solve the problem of identity providers going rogue.

Should the above recommendations be implemented soon, the protocol would be more secure and suitable for large-scale elections like Nigeria or any other nation-state.

Thank you for the summary and well-written comment.

I agree that the protocol will be more secure and suitable for elections in countries like Nigeria. However, I would like to ask, can you foresee any blockages to the adoption of this technology in African countries?