Why Blockchains are not the answer to Voting Systems (yet)

Any time there is an election the inevitable question crops up about electronic voting. Paper ballots are rounded up, and there are delays in counting, recounts, contesting, nail-biting, and political shenanigans. Frustrated tweeters will shout:

Why aren't we just voting with a blockchain? All these problems will be solved!

As much as we love blockchains, and we've built products on them we love them that much, they are definitely not at a technological stage where they could replace our voting systems. They would solve some huge problems, but voting has two crucial requirements that any replacement system still needs to meet:

  1. A citizen must only cast a single vote.
  2. A citizen's vote is anonymous so it is true.

These aren't hard problems on their own, but when they're put together they must remain exclusive.

If we look at a blockchain voting system, then we'd effectively be looking at a mechanism where a citizen would hold a unique private key (somehow), and they'd be digitally signing a vote to add to the chain. Once confirmed the chain would then hold an immutable record of the vote.

Only one vote

It seems pretty straightforward, but there need to be protections in place for making sure a user can only vote once. Voting in elections usually takes place across large geographical regions, so you need to have systems in place to prevent a user visiting multiple polling booths and casting the same vote multiple times to inflate the count.

Blockchains would absolutely solve this problem. Once a citizen's private key has digitally signed their vote onto the chain and it's been confirmed, then it's an immutable record and they can no longer cast any more additional votes, and their vote cannot be changed in any way.

Anonymity

A voter must be able to cast a vote in absolute privacy, otherwise there can be social or economic pressure to vote in one direction or another if the public could see who voted for who. In some countries this may to be in the form of moral pressure. In other countries this may manifest in threats to physical safety if one chooses to vote against the incumbent. Anonymity gives a guarantee that the votes are truly reflective of the citizen's desires (we'll ignore the effects of misinformation, advertising, and close social pressures, which may still affect a vote).

Blockchains can solve this problem, as long as the user's identity remains separate from the actual vote event. And this is where problems start to appear.

What Blockchains Don't Solve

Anonymity is still a problem

If you add a record onto a blockchain, like a citizen casting a vote, then there needs to be a binding of the user's private key that signed the transaction and a binding to the user's identity to detect duplication. This instantly throws out the anonymity, as you end up with an immutable ledger showing exactly who voted for what.

Holding private keys

It's all well and good to declare that citizens must add their votes to a chain, but how exactly do they hold the private key that signs the transaction? How do you guarantee that it's only the citizen in control of that key? How do you detect stolen keys, or misplaced keys, or falsley registered keys?

Do you give each citizen a smartcard? A YubiKey? This still hasn't solved any problems, and there's still the $5 wrench attack if you choose to rely on those.

The Software Problem

Let's say you've solved the above problems. What about the software? How do you guarantee a vote hasn't been modified before being added to the chain? If a citizen can see a confirmation of successful vote on the chain at the polling place, how do you verify the confirmation message also hasn't been tampered with?

How do you guarantee the software that conducts the counts isn't also tampered with? How do you guarantee that private keys aren't being stolen and used to cast different votes at future elections?

Possible Solution: Multiple Chains

So if we need to split the event that a user voted on a chain and the actual vote itself, we could run 2 separate chains. One that holds all voter registration events, and one that holds all votes. Any variance in the number of events in each would indicate a problem immediately.

But this still raises more problems:

  • How do you know the votes are actually from the voter themselves? If you bind a timestamp or other factor between the two chains, then there's a way to link the voter to the vote, removing anonymity.
  • How do you still have assurance that the private key holder is the actual entity that submitted the vote?
  • If there is somehow a duplicate voter, how do you discern which vote was falsified?

Paper is still superior

As frustrating it is, paper still holds the crown of meeting the 2 key requirements for voting. Voters can register their identities for the vote to prove a single vote was cast, and the vote itself is managed as a separate physical entity with no identity bound to it. Voters are also able to vote privately to avoid external influences. It's subject to human errors during counting, but those can be alleviated with applying more humans, better coordination, and recounts if necessary.

If a blockchain system can replicate the paper system perfectly, without the issues that computer-based systems introduce themselves around software integrity, then it has a real shot as a replacement. But until then, paper is the best.

Timothy Quinn

Timothy Quinn

Managing Director of Congruent Labs