What Are the Difficulties?
1. Anonymity and Control of the Voting Process.
Remote electronic voting imposes stringent security requirements on the voting process, because, in serious elections, the temptation is too great and the risk of large-scale manipulation is simply too high. This is why such voting cannot be carried out in black-box mode — the process should be clear and transparent for all participants. It should always be possible to monitor the process and easily verify its results.
2. Coerced/Influenced Voting and the Ability to Verify That Your Vote Has Been Counted.
How do you protect people from external pressure or the temptation to sell their votes? Importantly, we still want to have some kind of mechanism to verify that a vote has been counted — and if such a mechanism is in place, it can be used for trading in votes.
3. Transparency and Unavailability of Intermediate Results.
Again, keeping in mind the transparency and distributed mechanisms provided by blockchain, we face the issue of intermediate voting results being available.
These are only a few examples. Note that in the process of working on possible threats, sometimes answers to these threats come up which themselves create new threats on a different plane. Which produces a set of threat vectors and answers to these threat vectors with complicated dependencies, eventually shaping the requirements for the system’s behavior. And of course, not all these threats are covered by the blockchain technology alone.
This is why we needed some sort of superstructure on top of the blockchain, which would enable the relevant requirements to be satisfied to a certain degree.
Superstructure on Top of the Blockchain
We will start by listing the most serious problems and tasks that need to be addressed:
- Excessive transparency of the blockchain. If voting results are recorded in the blockchain in unencrypted form, they are distributed among all observers and intermediate results of the election become available, which is against the law and does not make sense;
- Anonymity – each user should be confident that his or her vote is anonymous and the system does not know how that user voted;
- We need to preserve transparency when counting votes and taking each vote into account;
- To preserve trust in the system, voters need a mechanism for verifying that their votes have been counted. At the same time, all other properties of the system should also be implemented.
As a result, we have a situation in which some of the system requirements are mutually exclusive. Obviously, a blockchain with a voting system on top of it is not sufficient — a set of algorithms is needed to satisfy the requirements discussed above.