Thoughts or critics that characters like Nakamoto and Brunei about electronic vote through blockchain.
Affidaty s.p.a. CSO Luca Vignali
The scope of this document is to highlight and solve the potential criticalities of an electronic voting system that carries with itself technical complexities. These are hard to understand and resolve for the general public and, if ignored, could give the illusion to have found the solution around the corner and ask why other people didn’t come to this arrangement.
To achieve this objective, I imagined a scenario where myself, Luca Vignali, stand in front of Satoshi Nakamoto (creator of bitcoin blockchain) and Brunei (a famous worldwide hacker)
What would Satoshi Nakamoto say if I presented him an idea about voting through blockchain without undisclosing the architectural techniques?
Indeed, he would agree with me about the cost incompatibility with bitcoin architecture and however bitcoin technology, even if promising, wasn’t created and has no intention to evolve to host votes or similar systems.
Certainly, Ethereum would fit better due to its nature, but every user would need to have its wallet on Ethereum to vote and anyway there would be an economic transition as a basis, whose costs could voluntarily skyrocket while waiting for an election, gambling on a technology that was born to attract Ether spenders.
He would ask: “ Why blockchain? Use the cloud! If you’re going to use a private blockchain, under several aspects is centralized anyway, or reproduced in authorized environments (so under the control of somebody). Consequently, the forced adoption of the blockchain technology, besides its costs and inefficiency, doesn’t produce benefits of public and distributed system, since you’re here set it up on Amazon and apply all cryptography techniques and Kerberos anonymous to uncouple the vote and the user”.
What would Brunei say if I presented him an idea about voting through blockchain without undisclosing the architectural techniques?
A hacker can be defined as a profound connoisseur of essential information systems.
These are mostly used by people that ignore its fundamental characteristics (developers), that see their work eased by high-level programming languages, and that usually tend to commit formal errors that can be exploited by hackers to make profits.
Often these errors aren’t real programming errors, but a hacker can collect data from different sources and bypass even complex systems moving in areas unknown even to the most expert consultant.
This said, what would Brunei say about an electronic voting system based on blockchain technology?
Firstly, if the blockchain was public (Ethereum or Bitcoin), any hacker could sniff the transactions that land on the smart contract, mapping transactions IP addresses and could find with extreme precision who voted, maybe not the vote itself (several obscure techniques involve social networks). If the vote was expressed through a conventional browser, there could be the economic interest to produce a virus able to intercept voters’ passwords as these type. If it successfully infected, 10% of voters is the same as if the hacker constituted a political party.
If the blockchain was private and had few nodes (hundreds of nodes = very few) maybe there could be the interest to overload the network with DDoS attacks to make it unusable during electoral consultation.
One should remember that the current electoral system is ancient and manual, but for these characteristics, violating it without getting your hands dirty is almost impossible. Secure protocols guard ballot papers (way less in the case of voting from abroad), there are several law enforcement bodies and being caught implies being sent to jail. In a digital ecosystem, the manipulation is within reach of many, and frequently if the police can find the guilty IP address when breaking through the door of the physical address, they would find an old lady sitting in front of her computer that has been remotely hacked.
Brunei would probably put the accent on the security and violability of a digital system naturally implies; systems like FBI or PlayStation Network have been violated, and it’s not possible to think that the ones that have designed and secured these systems are incompetent.
Probably, if an electronic voting system were announced, the interest of those that violate information systems for a living would rise, since the control and manipulation of a political election is no small business.
It has to be kept in mind also that an informatics system, that can be manipulated by a group of trusted people, is not incorruptible per se and there is no way that Vignali or Brunei would be part of this group, because everyone is corruptible, both in the easy way with money and benefits and in the hard way with blackmailing or threats, both direct and aimed at close people (eventuality that no one would like to be part of)
Brunei would agree with me that the 28 people that nowadays handle the source code of Bitcoin (https://github.com/orgs/bitcoin/people) sleep peacefully since there is no way that they could manipulate or affect any bitcoin transaction and this is why they are exempt from the abo mentioned conviction methods.
So, undoubtedly the adoption of blockchain technology for a voting system would be approved by Brunei, but before expressing his opinion would like to understand how this technology is employed, since the employment technique is way more important than the technology itself.
What suggestions would Satoshi Nakamoto give if I would ask him to help to build a voting system using blockchain technologies?
A friend of mine, a crypto-Taliban, once said: “Bitcoin is a religious cult, is worth nothing for who don’t believe in it and means everything for who accepts its values and works to maintain them, using or producing bitcoin means contributing to the maintenance of the bitcoin ecosystem itself”.
Consequently making a voting system using blockchain technologies means that the data contained inside should be valuable for who placed it there. The miners in question should be a plurality of entities that have no interest in coining or spending cryptocurrency, but that at the same time have an interest in maintaining safe the data contained inside.
So the choice narrows to private blockchains, MultiChain is undoubtedly suitable and mature, the miners in consideration should be political parties themselves or the embassies.
What suggestions would Brunei give if I would ask him to help to build a voting system using blockchain technologies?
He would undoubtedly opt for a mixed VPN/public network where the different nodes are all peers connected through VPN and maintain the distributed ledger (it is correct to refer to it as copied ledger, since in blockchain terminology the term distributed is misused), but are also nodes with a semi-public interface, that is that they are able to establish a secure connection with the voting client, but then it will be the single node to share the transaction with the other ones via VPN.
This solution makes the architecture scalable, and in the event of a DDoS attack, every node should individually provide to defend itself through the system available on the market and widely tested, and he could suggest using CloudFlare.
Surely the issue with the PIN would have to be answered since it can be embedded in a touch system or with the mouse (without using the keyboard) casually placing the order of numbers.
The Kerberos Anonymous system is capable of uncoupling the relationship between the user and the vote, but it should be kept the relationship between the polling station and the voter, to guarantee the fact that the vote is coming from Argentina and not England.
It can be done if the node allocated in Argentina is capable of issuing an auto-signed token and publicly (via VPN) recognizable from the other nodes.
Probably the pre-voting phase and the voting one should be asynchronously implemented, since by comparing the date and the hour of the token emission and the date and hour of a user request to Kerberos Anonymous. If the operation is synchronous, it is possible to reconstruct in the aftermath the owner of the vote.
Maybe there should be a different moment in which the voting paper is issued compared to when the vote is issued (after hours, days, weeks).
It should be studied the client to vote, the standard technologies (API REST + xhr, POST, client request) are to be considered superficial and easily hackable. Maybe Brunei would suggest a socket solution, in which the data are coming from the client and the server is fake, and only the vote is good, but only both sides know which is which. To avoid that the vote is the last data transmitted, and consequently easily identified, the client randomly chooses when to stop transmitting fake data to avoid the error that was made by Germans with Enigma, whose encryption was discovered thanks to the machine made by Alan Touring, but mostly thanks to the systematic human error to conclude every communique with the phrase “Hitlergruß”.
Luca Vignali’s conclusions
I hope that this schizophrenic is interpreted with the seriousness that this argument requires.
Considering that most source code of blockchains are available on the internet, these are a good starting point, thanks to the help of my two friends (not so imaginary), I can surely assess that rightly implementing the several ecosystems, it would be possible to lead to a conclusion the unreasonable task to create a voting system that can replace or help the current system.