
An idea for encrypted, verifiable voting - mpcsh
https://blag.mpcsh.xyz/0001
======
iainmerrick
There's a bunch of academic research in this area -- how to build an encrypted
ballot box that lets you audit that your vote was counted correctly, but
prevents anyone else from seeing what your vote was.

However, a fundamental problem with any kind of online voting is that it
doesn't prevent your vote from being coerced: [https://freedom-to-
tinker.com/2006/12/12/erosion-secret-ball...](https://freedom-to-
tinker.com/2006/12/12/erosion-secret-ballot/) The best known way to do that is
to make you walk into a secure area, secretly make your vote on a piece of
paper, and put it in a common ballot box. That's the system most countries
already have!

E-voting also fails to solve voter suppression problems -- how do you decide
who gets a voting ID?

Finally, this kind of thing just isn't needed right now. Is anybody claiming
that fraudulent voting was a significant problem in this election, or in any
recent US election? Where's the evidence? The current highly decentralized
system is already pretty robust against widespread fraud (though slightly less
so as electronic voting machines become more popular).

There are far more important problems to solve, like voter suppression and the
extreme polarization of politics.

~~~
nickff
There is little evidence of voter fraud because nobody who wants to look for
fraud is able to do so (due to many measures put in place to keep voting
private, make it easy, and keep it simple), and as Feynman said "absence of
evidence is not evidence of absence". Evidence of fraud does exist, but it is
difficult to discern whether it is the tip of an iceberg, or just an ice-
cube.[1][2] Given the fact that presidential candidates are spending $5-$200+
per vote, it seems like voting fraud would be cost effective, and is likely
done at some scale.

[1]
[https://en.wikipedia.org/wiki/Lyndon_B._Johnson#Contested_19...](https://en.wikipedia.org/wiki/Lyndon_B._Johnson#Contested_1948_election)

[2] [http://ktla.com/2016/11/03/possible-voter-fraud-being-
invest...](http://ktla.com/2016/11/03/possible-voter-fraud-being-investigated-
in-san-pedro-after-83-ballots-are-mysteriously-delivered-to-one-womans-
apartment/)

~~~
iainmerrick
[1] is from 1948, but [2] is definitely worth looking into. 83 ballots isn't
_widespread_ fraud unless it's happening a lot, everywhere. Maybe it is! But
it would require a massive and very disciplined conspiracy working at many
levels across the country. To me, the burden of proof lies on anyone claiming
there is such a conspiracy.

(Trump complained of a vote-rigging conspiracy, of course, but unsurprisingly
he shut up once he actually won. He changes his position too often to be
credible.)

~~~
nickff
I am not saying there is a vast voter-fraud conspiracy, and those two links
are not meant to be an exhaustive list; I included the Johnson link because it
is so famous, and the more recent link to show that the phenomenon seems to
persist. If there is widespread voter fraud, I would guess that it exists as a
(large) number of relatively small operations, probably emanating from 'get-
out-the-vote' campaigns.

I am not a 'team player' for any party, and take all allegations by candidates
with a heaping mound of salt.

~~~
iainmerrick
I didn't mean to imply you had an agenda, sorry! Trump is just the most recent
example of someone making vote-rigging claims.

As people have commented elsewhere in this discussion, an online voting system
would probably be _more_ vulnerable to fraud, given what we know of the
methods and capabilities of the NSA and other organisations.

I agree that there's probably petty fraud going on here and there but I don't
see the need for sweeping and risky changes to try to fix it.

------
rlarkins
A key part of the America system of voting is that we use a "secret" ballot.
This important to prevent vote buying and voter intimidation. I like the rest
of the proposal.

~~~
no_protocol
Right, it's important that no one else would be able to know how you voted.

Perhaps the election commission would also have a paper receipt with a
different unique key.

Then both your receipt and the county's receipt would be necessary to locate
your vote on the blockchain. Then vote verification could be restricted to the
same level of privacy as when voting takes place.

~~~
ozborn
Great comment. Without privacy for verification the election is open for vote
buying which I think is the biggest flaw with the proposed system.

I also like the idea of using 2 paper receipts which I think is easy for
people to understand.

~~~
geofft
It's not just vote buying, it's pressuring. If you don't want your employees
to unionize, insist they vote for right-to-work laws. You don't have to insist
very openly. Just take them out to drinks and mention the election in passing,
see who voluntarily shows you their receipt on their phone, and prioritize
them for bonuses and promotions.

------
yaur
The most common form of vote fraud is probably ballot stuffing by an insider.
With this type of attack every voter who actually voted can verify that there
vote was counted properly but the aggregate is still not legitimate. One of
the advantages of a paper system is that 10000 ballots is physically large and
would be difficult to sneak in to a polling place/ballot box.

With something like this you just need a USB stick, the voter registration
database, and the records from the last few elections (and/or death records)
to figure out which votes are safe to stuff. If you do make a mistake you will
end up with some people who's votes are rejected and no way for an election
official to differentiate between that and someone trying to vote twice.

------
kaoD
Honestly, a very naïve solution.

I tried formalizing the protocol but there are so many inconsistencies. E.g.
the ephemeral key is mentioned briefly... Who generates this key? Who encrypts
the message? What's the purpose?

Critique of the few parts that are clear:

1\. It mentions a vote blockchain. Why blockchain? There's (apparently) no
reason to have a chain of votes here. Even a spreadsheet would be fine.
Buzzword alert! I know it's irrelevant but it's a huge red flag that a
blockchain is crammed there for no reason at all.

2\. _" the government can know who individuals voted for"_ This is a no-no.
HUGE no-no. TFA trivializes the impact but I definitely wouldn't vote in a
system where _anyone_ but me can verify my vote.

3\. Even if you can verify your own vote, that's pretty much it for
verifiability. Everything else relies on trusting election officials. What?

And I stopped analyzing there because frankly that's pretty much a broken
system.

~~~
maemilius
In regards to 2, for most Americans, it's probably a fairly trivial* matter to
infer who they voted for. For a large number, almost their entire lives are
digitized in some form or another. I wouldn't be at all surprised if a modern
AI could deduce your voting preference just using your public data.

EDIT: *In retrospect, "trivial" is probably vastly understating the
difficulty. However, I still don't think this is a "hard" problem.

~~~
kaoD
That's a personal choice and, even then, you really _can 't_ be sure. Someone
might be a Dem in public and vote Rep in the privacy of the booth. I'm sure
this happens _a lot more_ than you think.

------
zitterbewegung
There should be a zeroth rule that an voting system intended to be used for
government which would be that the average person is able to audit /
understand the system. This was in an ACM magazine article.

~~~
bdamm
Indeed. Pencil & paper, with multi-party oversight, and long nights of
counting.

~~~
lisivka
Number of ways are developed to circumvent that in countries where police and
court are not strong enough:

* bribing of voters to bring their empty ballot to briber;

* fake voters (commission is not police, they are not checking documents as carefully as police do);

* bribing of counters for direct replacement of votes;

* pens with ink which is easy to remove and correct;

etc.

------
castratikron
The main problem with digitally signing/encrypting a vote is that the public
key must be known, which means that someone's vote cannot be anonymous.

I like the idea of a county/precinct/district being the entity who signs the
results of a vote. This would protect the anonymity of individual voters,
since results are reported on a per county basis today anyways. And if a
county is suspected of voter fraud, you could always add their public key to a
blacklist..

~~~
delinka
You assume that a key pair is (publicly?) associated with an individual. I can
generate a key pair, sign something (publishing the public part of the key,
but not the fact that it was me owning it), then discard the key pair.

How will you associate the public key to me?

~~~
castratikron
What's stopping a single person from generating multiple keys?

------
jedberg
I made this comment on a related thread yesterday[0]:

You don't need crypto. You just need a machine that prints out a human
readable receipt that the voter can see but not alter, which then drops into a
secure holding area on the machine. At the end of the day, you randomly select
say 1% of all the machines and hand count all the ballots inside, making sure
the counts and votes match. If they do, then you can be reasonably sure it
wasn't tampered with, and if they don't match, then you can hand count all the
paper ballots using the old system to verify the computer.

[0][https://news.ycombinator.com/item?id=12924053](https://news.ycombinator.com/item?id=12924053)

~~~
jjoonathan
How does this accomplish goals #1 and #2 of TFA?

~~~
jedberg
What do you mean? It meets all six goals:

\- Be verifiable - you should be able to see your own vote.

You can view the print out of your vote before it drops into the secure box.

\- Be auditable - anyone should be able to tally up the results of the
election.

Anyone can count the paper ballots

\- Be secure - it must not leak anyone's vote to anyone else.

It's on an unidentified piece of paper

\- Be genuine - it should be cryptographically impossible to commit voter
fraud.

Well, you have to rely on standard methods of preventing voter fraud, but
since there have only been five cases of proven voter fraud in the history of
US elections, it's not really a big deal

\- Be tamper-proof - it must be impossible to forge results from the inside.

Since the paper is in the machine and verified by a human, you can't really
tamper with it any more than you can tamper with paper ballots today, and
since those or monitored by adversarial groups, it's basically impossible to
tamper with them.

------
no_protocol
It's a fun idea, but I would like to see you expand the article with a little
more consideration around the edges. The core idea isn't really new.

Possible expansion topics:

    
    
      - Handling a ballot with multiple separate races
      - Backup system for when the computers have gone down
      - Can it assist in any way with "voter suppression" issues
    

I don't like the idea that the encryption of the full list would be
reversible. If I had contrarian views, I might be afraid to vote if that would
put me on a list. Stick to one-way with a guardian to entry.

------
kaoD
I can't believe this talk hasn't been posted yet!

Theory and Practice of Cryptography: Verifying Elections with Cryptography

[https://www.youtube.com/watch?v=ZDnShu5V99s](https://www.youtube.com/watch?v=ZDnShu5V99s)

This is probably one of the homomorphic schemes mentioned in TFA.

It's very old (2007-ish?) and the state of the art probably advanced, but it's
very interesting and addresses a number of points that are not cared for in
TFA (like secret ballots verifiable by the voter but impossible to prove to
anyone else).

------
slcdogood
I think a major problem with this proposal is that all votes could eventually
be knowable. Let's be honest, the state of the art encryption we use today
will one day be sub-par. New has become antiquated a dozen times over the last
30 years already.

Put enough compute behind that blockchain and eventually you'll crack it, or
run Shor's algorithm on the first Quantum Computer and votes from a decade ago
are now public.

My contacts in the intelligence community say this is their biggest fear with
intercepted communications today. They may be 'secure enough' today, but some
of the information moved around would still be devastating if it were
decrypted 20 years from now by a bad actor, not all, but some.

The way you should go about this is little different IMHO. Have two
blockchains, one that checks if people have voted, and one that records the
vote. If you have not voted, then one anonymous vote may be added to the
ledger of votes for final tallying. If you have voted, your request is
blocked. Maybe you get a random key that gives you the right to add a vote if
you pass the first checkpoint, but that key can not be associated with the
record that you voted on the other blockchain.

Cool idea. I for one prefer physical voting. It sucks, but I feel safer with
it.

------
Findeton
You already have open-source end-to-end verifiable secure voting systems.

Full Disclosure: yes I work at nVotes/Agora Voting
[https://nvotes.com](https://nvotes.com)
[https://github.com/agoravoting/agora-dev-
box](https://github.com/agoravoting/agora-dev-box)

This approach uses a mixnet (like Tor) to anonymize the ballot so that the
secrecy of the vote is preserved. Only if all the election authorities are
compromised, the secrecy of the ballot is at stake, but in any case the
election is end to end verifiable (this is a sentence that means that specific
requirements are fulfilled).

This particular internet/electronic voting system is already being used by
many organizations in Spain and Europe.

PD: Yep, nothing is 100% secure. PD2: Yep, census/user authentication is still
an unresolved problem in computer science. In Spain we have a government-
issued electronic ids but it's no use because of the difficulty of using them.

------
godot
As a software engineer who knows very little about government security and
voting security, can someone explain why you can't just build it like a
regular web app (with very good security measures -- the usual HTTPS, database
encryption, proper firewall rules to servers, etc.), and have the user enter
their voter ID and social security and submit their vote via a web form?

From reading this article, it would seem that it satisfies the first 4 points,
just not the 5th. Is that the main reason to have to use the blockchain, to
prevent tampering from the inside?

~~~
lazaroclapp
Because whomever owns the server is now a dictator who can decide the result
of the election. When it comes to democracy, "tampering from the inside" is
your primary threat model.

Take it for someone who lived in a country where we had 70 years of elections
with the same party winning each and every one. Tampering from the inside,
when possible and hard to detect, becomes ubiquitous. We only started moving
towards semi-fair elections when the election authorities begun to include
representatives of all major parties. But in the server example, you would
need very complex procedures to replicate that, and make sure there is not a
single administrator that can tamper invisibly with the server. It is actually
_easier_ to build a tamper evident distributed system than a tamper evident
single-node server.

------
gduffy
[https://en.wikipedia.org/wiki/Scantegrity](https://en.wikipedia.org/wiki/Scantegrity)

------
CorvusCrypto
At least in California, this part is impossible to accomplish:

"And so long as the counties can protect their secret keys..."

------
devhxinc
If want to know why Internet Voting won't work, you should watch Alex J.
Halderman's talk at the 31c3 conference about internet voting in Estonia
[https://www.youtube.com/watch?v=JY_pHvhE4os](https://www.youtube.com/watch?v=JY_pHvhE4os)

------
thomasruns
Internet voting and/or the ability to verify your vote electronically seems
like a great idea until you realize how many voters do not have internet
access.

