Read on Twitter
Oh can I do a thread on Blockchain voting? I have *opinions*!
Let me burn your dreams with whimsical abandon, and then offer you a better future from the ashes... https://twitter.com/cz_binance/status/1324170287009554432
Let me burn your dreams with whimsical abandon, and then offer you a better future from the ashes... https://twitter.com/cz_binance/status/1324170287009554432
First, let me zoom all the way out and state that under the right conditions, using a blockchain as part of the voting process isn't an absurd idea - there are actually a few schemes that have some nice properties, and we will get to them...but all those words are important.
Let me take you all the way back to 2018, when I bright eyed technocratic clusterfuck of a project called Voatz was awarded a contract to pilot "blockchain" voting for overseas military. https://twitter.com/SarahJamieLewis/status/1003015316664811520
Was the solution that Voatz provided better than the existing use of Fax or Email? No.
But was it cheaper? No.
Did people use the pilot to put out some ridiculous press releases heralding Blockchain e-voting as the saviour of democracy? Of course they did.
But was it cheaper? No.
Did people use the pilot to put out some ridiculous press releases heralding Blockchain e-voting as the saviour of democracy? Of course they did.
This isn't a thread about Voatz because this is a thread about Blockchain e-voting, and what Voatz did/is doing is...not that https://twitter.com/SarahJamieLewis/status/1238478618386259968
But you need to understand Voatz to understand the core issue at the heart of (blockchain) e-voting - decentralizing and distributing power and trust.
In functioning democratic societies the operation of elections is a symphony, orchestrated by the many different centres of power, kept in check by a strong civic society and a free press. Every piece fundamentally both independent and cohesive.
Advocates of blockchain voting often mistake this jumbled, amorphous process for inefficiency = something that can be streamlined with technology - and if there is anything you take away from this thread let it be that you understand this core belief betrays their ultimate vision
For you see, dear tweet reader, if there is a place for blockchain e-voting in this future then it is one that requires, even demands, the existence of that hydratic orchestra.
The thing about blockchains is that they require a mechanism of power distribution that the participants recognize as beyond corruption - for now there is a contingent of people that are happy entrusting money to proof-of-work, that ain't gonna fly for, you know, democracy.
Proof-of-stake is also a dubious proposition (both generally, and in this particular semi-diatribe), and so we are left the one mechanism that pretty much all "real-world" "blockchain" experiments have arrived at proof-of-authority.
This is where I would insert a rant about how all current Blockchain e-voting experiments basically collapse into the same abyss as non-blockchain e-voting experimens - cluster fucks of proprietary centralization - but I've done that rant too many times: https://twitter.com/SarahJamieLewis/status/1228717024504766464
That' all the bad ideas, we've set the stage, I've already annoyed a few people with my terse rhetoric, so with all that out of the way, let me tell you how one might construct a blockchain-based e-voting system that actually does-a-democracy.
To make this at home you will need:
* A cryptography textbook written sometime since the 1970s
* a functioning civic society (if you don't have this you can use an historical federation as a substitute)
* A cryptography textbook written sometime since the 1970s
* a functioning civic society (if you don't have this you can use an historical federation as a substitute)
The recipe is pretty easy, first, agree on set of entities that have the power to issue voting credentials to voters - sometimes this will have been done for you! These organizations know who voters are, and can issue them a "ballot" or in cryptographical terms "magic numbers"
Set up your proof-of-authority blockchain by distributing the consensus power among independent members of civic society (or states in your federation) - any anyone else you think would be cool (except the voting credential peeps)
OK, there are some constraints - you need enough entities that any significant subset of voters believes that some of your "authorities" won't be corrupted by the others. There is an upper bound too because you actually want to use the system to decide something.
The job of these "authorities" is simple. They will run a node, that will accept encrypted ballots from voters, they will then conduct some kind of anonymization protocol (I'll come back to this), and then include the ballot in a block.
Until the polls close...
Until the polls close...
Once the polls have closed they work together to construct the decryption key (i'll get to this too) and publish it. Anyone who wants to check the results grabs this key and runs it over the ballots in the blockchain *poof* election results! No need for 2am press conferences.
You don't even need much fancy crypto to make this work, you need an asymmetric encryption scheme where the public key can be generated from a set of independently held private keys (you will find this in your old textbook), a public signature scheme (for the consensus) and...
some form of anonymous communication protocol - the good news is that you can bootstrap any system from your consensus members - they are sufficiently independent and decentralized - you can even just* onion route the ballot through a few of them
*disclaimer can't fit in tweet.
*disclaimer can't fit in tweet.
The point is that the actual cryptographical primitives needed to make a system like that work have received pretty intense scrutiny over the last 20 years - and you can better avoid doing the thing that Scytl did in Switzerland and Australia... https://twitter.com/SarahJamieLewis/status/1112784907929972737
Anyway, the point of that very high level, ridiculously over-simplified cryptographic description was to try and convince you that the actual math doesn't really matter - as fun as bleeding edge zero knowledge proofs are.
The actual bit that makes blockchain voting desirable; the feature that should sell the vision; is the magic of the decentralized collection of entities who act as consensus authorities.
It's also the really, really hard bit.
It's also the really, really hard bit.
Very few societies have a set of entities that are
1) (seen as) mutually independent and distrusting
2) able to cooperate towards a common goal
1) (seen as) mutually independent and distrusting
2) able to cooperate towards a common goal
At this point I'd be remiss if I didn't shout out this paper ( https://www.zora.uzh.ch/id/eprint/186713/1/SAC20-Killer-Rodrigues-Matile-Scheid-Stiller.pdf ) by @killerdesign_ch et al which I had the opportunity to provide feedback on, and which inspired me to dive deeper into this whole zone.
The events that led to that opportunity are too long for this thread, but the short version is that in 2019 I got to learn a lot about Swiss politics... https://twitter.com/SarahJamieLewis/status/1105378257317191680
Anyway, Switzerland is a very weird country that I recommend visiting (after you know..the pandemic), the people there are very passionate about their democratic institutions and this is reflected in the fierce decentralization of their federation.
The paper I referenced, suggests using Swiss Cantons (the member states of the Swiss Confederation) as the voting authorities - and it is probably one of the few sets of entities that could actually satisfy the criteria.
But then why, I hear you ask, can't the same be said for US States or Canadian provinces or <insert geographic partition nomenclature here>?
Because Switzerland is a directorial republic relying on direct democracy, proportional representation and primus inter pares. Cantons have a high degree of independence, to the point of being mini-countries in their own right.
Not unique in the world, but rare.
Not unique in the world, but rare.
It is only in a society like that that you can begin to talk about infrastructure projects (like e-voting) that aren't theatre.
Strongly independent parts that aim to act together, occasionally, to reach a consensus on an issue that impacts them all.
Strongly independent parts that aim to act together, occasionally, to reach a consensus on an issue that impacts them all.
Perhaps I should have begun, as I will finish: A blockchain is a protocol through which global consensus is determined.
You can do many cool things with votes on a blockchain...like count them quickly, and allow the public to count and verify the results at the same time,
You can do many cool things with votes on a blockchain...like count them quickly, and allow the public to count and verify the results at the same time,
The technical challenges are not insurmountable - blinded tokens for voter auth, onion routing for privacy, digital signatures and multi-party protocols for consensus and delayed decryption.
The parts are out there, have ample scrutiny and engineering behind them already...
The parts are out there, have ample scrutiny and engineering behind them already...
The actual hard part is distributing the power...which is unfortunately the thing you were trying to do in the first place.
(Postscript: I see many of you have *questions* which I've been ignoring I'll do my best to find them and answer them below)
For a larger audiance: Yes! Some overseas military members do as they are often in places with no reliable postal service and so the only effective system is proxy voting via email or fax. https://twitter.com/sabini404/status/1324216816714076160
Proof of Authority means that the decision on whether to include a block in the chain (i.e. the consensus) is delegated to one or few entities by-definition, rather than allowing anyone to participate through e.g. hashing power (proof of work) https://twitter.com/jpanzer/status/1324199189404819456
Proof of work doesn't work for democracy because you don't want a random entity *cough* <insert nationalistic boogey man here> *cough* selfish mining your chain on election day. https://twitter.com/omynuts/status/1324205083341463552
A couple of questions here:
1) "isn't constantly published merkle root sufficient" - I'd argue that if you also want public validators who construct/verify the data (but not add to it), then any solution approximates a blockchain. https://twitter.com/bozhobg/status/1324222774529921024
1) "isn't constantly published merkle root sufficient" - I'd argue that if you also want public validators who construct/verify the data (but not add to it), then any solution approximates a blockchain. https://twitter.com/bozhobg/status/1324222774529921024
2) "will onion routing (mixnets) allow you to replace a vote once you've cast it" - Yes, there are ways of doing this - the simplest would be that if multiple ballots with the same (blinded) token are on the chain then only count the one included in the most recent block.
I skipped over this when outlining, and then uttered the spell "blinded tokens" later on - but that is basically the answer - ballots can be verifiable but anonymous through a blinded token scheme whose issuer operates the electoral register. https://twitter.com/tahpot/status/1324210317925122049
(if I missed a question, or you have other questions, @ me and I'll get to them)
Ultimately I do think that if we have any hope of evolving society towards consensus, understanding and anarchy then that path leads through e-voting - doesn't mean it's a clear or easy path.
Ultimately I do think that if we have any hope of evolving society towards consensus, understanding and anarchy then that path leads through e-voting - doesn't mean it's a clear or easy path.
