Verifiability by an individual voter - given their receipt (hash) they would be able to verify that their vote (transaction) was in the chain that produced the final tally.
I am in general a blockchain skeptic - I think in most cases, there’s just enough trust to just use a centralized database - but voting seems like a good usecase for blockchain, as it provides voters with a receipt and it’s designed for auditing provenance.
This is, in fact, undesirable. If verifiability is possible by an individual someone can ask you (under thread of violence) to verify that you did or did not vote a certain way. It's especially undesirable if verification can be performed a long time after the vote is completed because laws and social mores can change turning a previously innocent vote into a black mark.
My linked comment(1) should be a way to verify that a vote was recorded as cast while at the polling place, and to provide a receipt to allow later checking that nothing was tampered with that doesn’t reveal ballot choices. This would stop anyone except the government itself from getting proof of how someone voted, and if the latter situation arises you have bigger problems, but burning your receipt is easy.
There are probably even better methods to further protect both anonymity and verifiability. I don’t know if the group at (2) is still active, but the graphic presented there looks like a good setup—-though I think they are after vote-from-home, while my linked comment still makes use of polling places.
I don't think verifiability is the same. Yes, assuming the public database has some unique ID per vote, one could go in and verify their own vote was in the tally, and we could also verify that the final tally is the sum of everything in the public database. But what about someone who claims their vote was eliminated after voting occurred? There's no way to verify that either way. That kind of tampering, though, would not be possible using a blockchain, where the chain is constructed as the vote happens.
Part of the point of voting machinery is to make it impossible for the government to see which way a specific person voted. (Excepting a totally unanimous vote, I suppose.)
But I figure we could tag each vote with a unique hash that's generated by, and known only to, the voter.
Then, when all votes are cast, the database can be made public, including the hashes. Then each voter can check that their vote has been registered correctly, without the government knowing who voted what way.
This wouldn't be good enough, though. We want to make it impossible to confirm to anyone else which way you voted, even if you want to, in order to prevent vote-selling.
> But what about someone who claims their vote was eliminated after voting occurred? There's no way to verify that either way.
You mean someone who cast a vote but then doesn't see it turn up on the public voting database? I imagine we could solve that with crypto. In my model: when you vote, you are given a cryptographically-signed proof-of-vote that is tied to your unique hash.
> would not be possible using a blockchain
Unless I'm missing something (which is entirely possible), I've shown that blockchain isn't the only solution.
If I understand your scheme, tampering is still possible, we can just detect that it happened. The major difference with a blockchain-based voting solution is that after-the-fact tampering is not possible; you can't arbitrarily remove votes from the chain. And if we try to modify your scheme so that we start cryptographically ensuring that votes are included in the final tally, it's going to start looking a lot like a blockchain.
Let me reiterate: I am a blockchain skeptic. I think that, for the most part, it's a solution looking for a problem, and there's enough trust in most interactions that it's not worth the trouble. I just think voting is one of the rare instances where it does make sense.
> If I understand your scheme, tampering is still possible, we can just detect that it happened
True, the voter can prove that tampering happened, as the signature receipt they are given is specific to their voting choice (as well as to their secret hash).
How would a blockchain fare against a 51% attack? What secret/proof does the voter have that an imposter doesn't have? Is each person issued a 'votecoin'? How could we maintain voter anonymity?
To your questions, I don't know. I would think we would try to avoid 51% attacks by construction because the blockchain would not be easily accessible by non-voting machines. Voting currently doesn't do much to prevent imposters, so I wouldn't even try to addres that. It's also possible that voters would not even receive a transactions receipt (votecoin). They may not even be aware blockchain is going on behind the scenes: they may just see a normal voting machine at their precinct, beep-boop the screen and go home. The value would be in being able to audit the entire vote chain, which we currently don't do. Currently we spot-check the paper ballots against machine output for auditing. Re-doing the whole thing is a recount, and rare.
My complaint about bitcoin itself is that rather than creating a virtual currency, we really created a virtual commodity; that is, it's the closest we've come to creating a virtual item that has the properties of scarcity and non-transferability of physical items. I think that's bad for a currency, but good for auditing votes.
> I would think we would try to avoid 51% attacks by construction because the blockchain would not be easily accessible by non-voting machines.
So we're trusting the voting machines? Doesn't that defeat the point? Surely they should be able to run on public networks while honouring Kerckhoffs's principle: A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.
That's the whole mission here, no?
> they may just see a normal voting machine at their precinct, beep-boop the screen and go home. The value would be in being able to audit the entire vote chain, which we currently don't do.
But if there's no 'voter identity' in the system at all, what's stopping a malicious government from just synthesising the whole blockchain?
Maybe. I'm not married to much - I'm just defending that voting is one of the rare cases where I think blockchain has value. We currently trust the voting machines, so even if we do it with the voting machines, it's still an improvement on what we're currently doing.
> But if there's no 'voter identity' in the system at all, what's stopping a malicious government from just synthesising the whole blockchain?
Not much! So we either have to allow individuals voters to get a receipt and verify their votes (which can introduce problems), or we have to print paper receipts which are kept on site. Yes, those can be printed out as a bad actor synthesizes a new blockchain, but paper ballots can be faked, too.
To me, the mission is creating an easily auditable voting record, which we do not have now.
Indeed, and that's a huge mistake. Should have stuck with paper ballot. The high-tech solution isn't always better. In this case, it seems pretty clear that it's far worse. The Diebold voting machines, for instance, have been shown to be a joke.
> I'm just defending that voting is one of the rare cases where I think blockchain has value
> the mission is creating an easily auditable voting record
I don't see any link between these two. I'm not convinced there'd be any value in a blockchain.
> paper ballots can be faked, too
But it's far harder to do so at scale than with voting machines, particularly if the voting machines are poorly implemented, which they invariably are.
I am in general a blockchain skeptic - I think in most cases, there’s just enough trust to just use a centralized database - but voting seems like a good usecase for blockchain, as it provides voters with a receipt and it’s designed for auditing provenance.