e-Voting with Blockchain – DLT
In Switzerland, and other parts around the world, there are initiatives to have e-Voting in place. A system which makes it possible to vote/elect electronically.
Such a system has to cover a few requirements:
- Authenticity
Only users with the right to vote should be able to cast a vote
- Singularity
Each voter should be able to vote only once
- Anonymity
It should not be possible to associate a vote to a voter
- Integrity
Votes should not be able to be modified or destroyed
- Uncoercability
No voter should be able to prove the vote that he/she has casted
- Verifiability
Anyone should be able to independently verify that all votes have been correctly counted
- Auditability and Certifiability
Voting systems should be able to be tested, audited and certifiable by independent agents
- Mobility
Voting systems should not restrict the voting place
- Transparency
Voting systems should be clear and transmit accuracy, precision, and security to voter
- Availability
Voting systems should be always available during the voting period
- Accessibility and Convenience
Voting systems should be accessible by people with special needs and without requiring specific equipment or abilities
- Detectability and Recoverability
Voting systems should detect errors, faults and attacks and recover voting information to the point of failure
Kudos to https://aisel.aisnet.org/cgi/viewcontent.cgi?article=1296&context=amcis2019
Let us concentrate on these only:
Authenticity
Singularity
Anonymity
Integrity
Uncoercability
Verifiability
Auditability and Certifiability
The other criteria I guess cannot be guaranteed by DLT but these other criteria are less security oriented, they are rather more availability oriented.
For easier understanding we take XRP as the base technology for the solution.
Let us check if a “slightly modified” XRP ledger could achieve the other security criteria:
Assumption:
The government “account” issues 1 token for each vote, see below, to each eligible account, could even be like an IOU with an “identifier” for the particular election, to make sure someone is not using unused tokens in a later election to cast 2 votes then.
We in Switzerland, with direct democracy, can sometimes vote more than one topics in the same voting session. So an identifier based token (or IOU) would make sense to uniquely identify that each YES/NO goes to the right place/result in the end.
Obviously the distribution of the private key to the proper people is a separate problem which has to be dealt with in the first place. This could be handled via a mobile app and 2FA authentication. We in Switzerland are currently building infrastructure for a SwissID
Authenticity
Only accounts which are eligible would have received the token in the first place. Hence only these can vote. This could be controlled by the government issuing the “voting token”.
Singularity
As each vote would submit the token it could be easily verified if the user has voted/elected already, ie. his voting token balance is zero.
Anonymity
The actual vote could be encrypted the same way the transaction is signed. Only the receiving “account” could decrypt.
Integrity
Encryption and consensus would take care of this, same as it does for the balance of XRP accounts.
Uncoercability
By eliminating the actual transaction this could be achieved. This would mean that the vote receiving account would need to extract, more or less instantly, from the encrypted transaction the vote, add it to the “table of votes” and encrypt the table such that until certain criteria are met, eg. more than 1 candidate received votes, or both NO/YES received votes, and then delete the actual encrypted vote.
Maybe “eliminating” would not even be required as the vote would be encrypted and ONLY the receiver (ie. governement) could decrypt it.
Verifiability
Don't know how this could be achieved by DLT. But “paper” voting has the same problem. The vote counters can count wrong, whom can prove they counted wrong? Recount? Whom proves the recount was right? Recount?
Maybe some algorithm may be developed which would 100% make sure that votes were counted properly. One idea could be to create X encrypted votes for X vote counting servers. Those servers code could be hashed (same as @Codius does) to ensure integrity of the program code. If all vote counting servers reach the same result: we have guarantee it's valid!
Auditability and Certifiability
No doubt here.
What's your thought on this?
Could this be achieved?
best regards
Michael