The last week has been awash with U.S. Presidential elections with Trump’s team claiming the election was rigged. In light of this, various experts in the blockchain and crypto field have come forward strongly supporting the use of innovative technology in voting and elections in the future. However, recent research from the Massachusetts Institute of Technology (MIT) advocates against blockchain-based e-voting systems.
According to the research by MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL), blockchains do not provide solutions to voting processes as they do to the financial world. Despite the research recognizing the pros of using blockchain, including a faster and more efficient voting process, technology also increases the possibility of hacking.
In an accompanying post, one of the senior authors of the report, Ron Rivest, wrote,
“While current election systems are far from perfect, blockchain would greatly increase the risk of undetectable, nation-scale election failures. Any turnout increase would come at the cost of losing meaningful assurance that votes have been counted as they were cast.”
Notwithstanding, voting on a blockchain opens up questions on the tolerance of the systems receiving the votes, cybersecurity issues, and anonymity of the voters.
A trustworthy voting ecosystem is needed
One of the most significant issues with blockchain-based e-voting is the cybersecurity issues underlying the system. Unlike internet voting, blockchain-based voting hacks and cybersecurity problems can be both scalable and undetectable.
While the cost of carrying a hack on blockchain-based systems can be expensive, a nation-wide election could offer a good enough incentive to complete the hack. One of the common cybersecurity issues is the “zero-day vulnerability,” a security flaw in the system that everyone could know about, but a patch is yet to be available.
If such an attack is exploited, many votes could be compromised, leading to a “failed democracy,” the report further stated.
“For elections, there is no insurance or recourse against a failure of democracy,” Rivest says. “There is no means to ‘make voters whole again’ after a compromised election.”
The hack could also be undetectable, given many vendors and devices involved during the voting process. The report claims the security flaws could arise from any of the third parties involved in the election – “the voting software vendor, the hardware vendor, the manufacturer, or any third party that maintains or supplies code for these organizations.” – making it hard to detect the flaw.
Moreover, other hypothetical issues arising from blockchain-based e-voting such as system bugs and implementation headaches make the system unusable.
Are the arguments for blockchain-based voting valid?
The research further lays out some of the arguments made for blockchain-based voting and why they do not hold up. Some of the arguments for blockchain-based voting include using a public/private key as votes, using a permissioned blockchain to set the voting parameters, and introducing zero-knowledge proofs to ensure voters’ privacy.
Voting using public/private keys?
According to the report, pro-blockchain voting advocates that a coin produced on a blockchain can be used as a vote. Here, the voting authority provides the registered voters with a public/private key combination whereby the public key is sent to the authority – ensuring one vote for each voter. It further reads,
“Then, the voter registry spends one coin to each public key. To vote, each user spends their coin on the candidate of their choice.
After a period, everyone can look at the blockchain, total up each candidate’s coins, and select the one with the most coins as the winner.”
However, this raises privacy issues as all votes cast are directly posted on a blockchain. If a person associates you with your public key, then they can follow through and check who you voted for – killing the concept of a secret ballot.
Furthermore, miners who verify the transactions (cast ballots) could collide and exploit the vote by forking the blockchain and reporting false results. A bad actor could also drive up fees on the public blockchain, making it impossible for some people to cast their votes in time.
The biggest problem, however, is voters securing and managing their private keys. As crypto transactions have shown before, users could lose their keys, which could lock them out of the voting process.
Privacy is relative
Zero-knowledge proofs (ZKP), a cryptographic system that increases users’ privacy, has also been advocated as a solution to maintaining the concept of a secret ballot. However, these systems are still vulnerable to system bugs and, more importantly, “voter coercion and buying,” the report states.
ZKP’s are built for users who wish to secretly transfer confidential information but cannot stop a user from revealing the information voluntarily. In e-voting, a voter could sell their vote or be coerced to relinquish their ZKP hence interfering with the election.
Could a permissioned blockchain work?
Finally, the report also mentioned the disadvantages of using a permissioned blockchain as key management vulnerabilities. Permissioned blockchains allow a central authority to be in charge of who can vote, the qualifications need to vote and the actions allowed to participants on the blockchain.
This raises issues of a centralized attack since a permissioned blockchain will likely have a smaller number of servers receiving and tallying the votes.
The use of blockchains does not solve the main issues facing elections fraud or security concerns. Moreover, using blockchain technology could add to the vulnerabilities already present in voting systems.
Author: Lujan Odera