200 comments

[ 3.0 ms ] story [ 237 ms ] thread
This is an amazing milestone, and a stake in the heart of the idea that blockchain tech is no different than "tulip bulbs".
I don’t think anyone is saying blockchain tech is “tulip bulbs”. The concern is Bitcoin (an instance of blockchain tech), et al., are not all the proponents claim them to be.

I’m convinced the blockchain is here to stay. Bitcoin? Not so much.

Fair enough, but there have been a lot of disparaging words said toward blockchains as well until recently.
I don’t think I’ve seen any of that, just a sense of weariness and disgust with their applications in cryptocurrency. I think that the raw excitement over blockchain tech has been damped from the initial fire, given the issues around scalability, but it still seems to enjoy a lot of respect. The problem is usually that like AI, “blockchain” just gets slapped onto a lot of dogs in an attempt to get money.

I wouldn’t confuse that with rejection of the blockchain tech, just the cynical implementations that have mostly emerged.

actually a lot of people are saying that, mostly non-technical who have very little analogue for understanding why distributed consensus algorithms could have merit. I've been presented that analogy by several friends and my father, for instance.
In my opinion, distributed ledgers and mutable blockchains based around trusted actors are business as usual and frankly not very interesting. Bitcoin could actually make everyone's life a little better. Isn't that what technology was meant to be?
Personally, I'm saying Bitcoin is tulip bulbs (or, in Sarah Jeong's excellent phrase, "math Beanie Babies").

The blockchain, on the other hand, I think is more like XML/XSLT: a really interesting technology that has almost no real-world use that couldn't be done more easily with some other technology. And that 15-20 years after its popularity will be similarly obscure.

I've been looking for years, but, digital speculative pseudo-commodities aside, I still have not found an in-production, value-delivering use of blockchain technology that couldn't be done as well or better with some more well understood technology.

XSLT is one of those things where an XSLT ninja can be super productive in transforming XML and do things much quicker than the coder using a general purpose language. But most of us don't use XSLT enough to get that good, so for most of us XSLT is harder than just coding something.
Kind of off topic, but just want to chip in to say that XSLT is awesome. The average programmer can learn it quite quickly. For me, the "killer application" for XSLT is screen scraping HTML. If you want to aggregate data that is spread across a whole bunch of websites, it absolutely rocks. It is especially good if your organisation uses a SaaS that doesn't give you access to an API. Even if you have an API, it is often an order of magnitude easier to do what you need to do in XSLT. Which reminds me, I've been meaning to generate burn down charts for Trello for a long time now...
I'm not denying that XSLT is a neat technology.

But for those who don't know the history, the vision was that XML would be this amazing interchange technology, and XSLT would be used to transform the XML as needed between and within apps, without needing real programmers.

For example, I know of one top-10 website circa 2004 that had their Java programmers producing only XML output. Then, XSLT specialists would transform that into HTML for rendering.

In theory, this provided a clear separation between back-end and front-end programmers. In practice, it was a giant clusterfuck, because any real work required coordinated changes at multiple levels. Although in theory the front-end work was independent, the reality was absurdly convoluted XSLT trying to turn not-very-good XML into something that rendered well on screen. Nobody sensible does this today.

At the time, XML/XSLT was expected to be central to a new, better way of making software. But now it's a weird niche thing, because although it was technologically cool, it was not actually better for 99% of use cases.

Yes that does sound like a cluserfuck.

However I have seen one neat use in a previous job. We we dealing with a crappy API from a vendor. Crappy because it was a weird XML format, partially specified by a DTD but did unexpected things.

So we created an XSLT for the XML returned by their API. .NET allows you to generate classes from XSLT, so now we had a handy way to parse the data and process it. If we made any mistakes in the XSLT, just fix and regenerate the code. If the build breaks fix up any issues. The strong typing end to end meant we knew we had most of the cases covered.

I just noticed your reply now. That's really interesting, because I don't think that this was ever what XSLT was for. However, now that you mention it, the company I was working for thought the exact same thing. I thought it was just they who were crazy. I guess the idea was more wide spread than I realised.

FWIW, there was a time when many people (embarrassingly, even myself) who thought that XML was a good way to represent data in a language agnostic way (these days, JSON fills that void -- there are even people trying to recreate SOAP and CORBA with JSON ;-) ). I won't go into the details of that, but even now I can probably make a pretty convincing argument that it's a good idea (which is why people are trying to recreate SOAP and CORBA with JSON ;-) ). But the point is that once you have data in XML, it's kind of a PITA to parse it (well, JSON is slightly better off there). If I just want a subset of the data, or I want to take bits of it and insert it into a different XML data set it's quite a lot of code to write. XSLT was for that.

But where we agree is that XML is not a great way to represent data (and, jokes aside, while JSON is much better it's also being overused). So without XML, there is no need for XSLT. But given that HTML can often be parsed as XML, it's still really useful for its intended purpose: to extract and transform data.

“tulip bulbs” are only a multi billion $ industry.

I'm pretty sure most people consider blockchain tech to be a trillion $ industry.

Whether it's a valid PoC or otherwise, it reminds me how the US is mired in hyper-political arguments about voter fraud/Diebold machine issues when time could be spent genuinely looking for improved processes of election.
Call me a Luddite but I still don't see it. It's still effectively a good old database rebranded as "blockchain" to sound cool and innovative. The tools to do something like that have existed for a long time.

The big issue these days is that the word "blockchain" is so broad that it's almost meaningless. I'm sure cryptocurrency advocates see this election as a win for instance, but in essence what do cryptocurrencies and this voting architecture share besides this rather nebulous concept of "blockchain"? Clearly the election is neither trustless, nor particularly decentralized.

Blockchain is not "tulip bulbs" (cryptocurrencies might be). Blockchain is like "cloud computing", "web 2.0", "web scale" or "full stack". It's a fancy marketing name that doesn't mean much on its own.

Blockchain-based elections seemed inevitable but I never saw it coming from a national election proxy-ballot first. I thought maybe stockholders at an AGM for a blue-chip company would be the first large-scale example.
Since this was just a proof of concept, I'd love to see the blockchain results compared to the actual results.
by 'blockchain-based' they mean, a normal election happened with traditional voting, and then some of the vote counters uploaded the tally of the votes they counted to a private blockchain
any quotes?
"The process, which aimed to prevent voter fraud in Sierra Leone, was powered by Agora, a blockchain voting solutions provider. The company used a permissioned blockchain to ensure that recorded data remained protected while also being transparent to the stakeholders, all of whom were given permitted access to the blockchain in order to tally the votes.

During the process, initial votes that are recorded on ballot papers are to be counted by neutral observers. The procedure, being watched by Agora, is the key step to entering that data on to the blockchain."

https://www.bitguru.co.uk/sierra-leone-presidential-election...

How is block chain used, besides as a buzzword?
It isn't.

You'll note that they carefully failed to disabuse anyone of the notion that the entire thing took place online.

They used Agora:

https://agora.vote/

(Aside: forgot to turn off my extension and so it appeared as, 'Sierra Leone just ran the first "Multiple copies of a giant Excel spreadsheet"-based election')

https://github.com/cynthiablee/blockchain-to-spreadsheet

Well, it's a reasonable translation - what precisely makes this vote a "blockchain" and not just a giant Excel spreadsheet?

There's no double-spend problem. There's a correct way to merge two ballots cast by the same private key: discard them both. Since all operations are mergeable in an arbitrary order, there's no need for proof-of-work or anything like that to determine which chain is the "correct" chain - any pile of ballots that contains all valid ballots is correct, and any partial pile can get the remaining ballots appended at the end.

From the whitepaper it looks like they're running their own "skipchain," which they refer to as a form of blockchain, but looks to me like a cross between a Merkle tree and a skip list with no proof-of-work mechanism. (It seems like a genuinely useful / novel data structure, I just wouldn't call it a blockchain.) And they're running some sort of proof-of-work consensus to gate additions onto this skipchain, and periodically storing the state of the skipchain in the Bitcoin blockchain.

I don't really understand why the latter two parts are necessary: the record of ballots should be self-authenticating, and it should be easy to tell if someone has removed a ballot, right? Is the idea that people are not likely to watch the skipchain a la CT log monitors, so they want to use Bitcoin because people already watch that?

On the one hand, they appear to have real cryptographers nad real research behind this. On the other, saying "blockchain" seems like a great way for someone running an unfair election to make it appear more legitimate....

> There's a correct way to merge two ballots cast by the same private key: discard them both

What about the scenario where someone puts a gun to your head and forces you to vote for them - and you can't change your vote at a later period?

Hm, do they intend to solve that problem? (Can't the person with a gun just force you to destroy your private key after voting?)

One answer would be to just include the old ballot in the new one, so it's clear which one to invalidate if you see both.

I guess now that I'm thinking about it you also want to prevent ballots from being cast once the election is over, and timestamping an event as having happened before a given point is a valid use of an actual blockchain.

Two ways:

1. Votes can replace older votes - although this has issues because they could just make sure you don't vote again by pulling the trigger.

2. Let the voter assign 1 and 2 to A and B himself when receiving the private key - which means that when the time to click 1 or 2 comes - only the voter knows if 1 => A or 1 => B which makes it impossible to know who he is voting for.

In Estonia they allow you to vote multiple times and only the latest vote counts. They even allow you to then go and vote in the booth which renders your e-vote invalid. I don’t know the internals of how they store the votes but I can’t think of a way to do this without the side effect of knowing who voted for whom.
If you do this with two systems, the e-vote could be encrypted to the second system, but submitted to the first system. During voting hours, the first system would collect the votes and apply the latest value wins rules. Then, once voting is complete, it sends the votes (without envelope information) to the second system to tally. In order to know who voted for whom, you need collusion between the systems.
> Well, it's a reasonable translation - what precisely makes this vote a "blockchain" and not just a giant Excel spreadsheet?

This was my thought also. I could implement what I understand they did just using git. One vote = one line appended. With an append-only merge driver and Github push for publication. No blockchain needed for equivalent functionality and equivalent resistance properties.

This is quite an interesting idea! Selling votes becomes risky because the seller can just cancel his vote.
I remain interested in tamper evident logging, to better enable end-to-end auditing. In all systems, including election administration.

I worked as a poll inspector. Documenting and proving the physical chain of custody is an important function.

I have yet to see a compelling use case for using blockchains in issuing ballots or counting votes. That's a different beast entirely.

I love and hate this extension

99.9999% of every mention of blockchain is a scam or misleading hype

And yet I think bitcoin is an important and revolutionary technology

(comment deleted)
How is voter authentication to the system done? I think with blockchain voting there's still a huge issue surrounding validating that voter is an actual voter/citizen, and not someone else voting on their behalf (or on behalf of dead people).
I cautiously applaud the progress.

Back in Ron Rivest's 6.857 computer security class, we spent some time on electronic voting. If you're not careful to get the privacy right, you open up more opportunities for coercion.

With anonymous paper ballots, coercion can and does happen, but it basically requires physical control of the polling station / voting booth to pull off.

In this case, anonymized ballots are put on a blockchain. Hopefully the system is auditable, but provides no way for someone to prove which anonymized ballot serial number belongs to them. Otherwise, the thugs can come to your house and either beat you or pay you your bribe after forcing you to reveal how you voted.

How do you provide anonymized ballots while at the same time guaranteeing that fraudulant voting is not taking place? It seems that being able to verify that a ballot came from an actual person authorized to vote (and not some bot) is key, but I'm not sure how to satisfy both.
Perhaps with asymmetric key encryption? So someone can validate that a vote was theirs, but you can't pin a vote to a person without them doing so. It would require that everyone understood key management, which is probably untenable
That doesn't guard against the lead pipe decryption strategy. The point is that you need a way to prove that a vote was yours, without any possible way to prove which vote was yours, whether you want to or not. I'm not a cryptography expert, but that sounds difficult if not logically impossible.
How is lead pipe coercion currently handled?
There is no way to prove you voted one way or another with anonymous ballots, so there is no incentive to bribing or threatening violence to influence your vote.

The desired outcome is to prove that each vote came from a valid voter, while being impossible to prove which vote came from whom.

There is a cryptographic primitive that does just this allowing of plausible deniability whilst ensuring that only persons able to vote voted: Using Linked Ring Signatures.
> There is no way to prove you voted one way or another with anonymous ballots.

The coercing party can insist that you take a mobile phone picture of your ballot. This kind of coercion is common in some regions of Russia where civil servants and teachers are told by their superiors that they must vote for the preferred party “or else”, and a mobile phone picture is demanded as proof.

The way around this is to give each person 1 ballot for each of N candidates. 1 ballot goes into an envelope and into the vote box. N-1 ballots go into envelopes and into the discard box. It's trivial to show a photo of your ballot for Dr. Evil, but it would take a video of you going into the voting booth, closely following your hands to prevent three-card-monty, and continuing to follow you into the public lobby containing the vote and discard boxes. If you strictly enforce no recording in the public lobby, then there's no way for you to prove to your boss which box got your ballot for Dr. Evil in the end.

Edit: Perhaps I wasn't clear. Each of the N ballots is already filled out for a different candidate. The envelopes are all identical and sealed by you inside the voting booth. That way an existence proof of a ballot for the given candidate leaks absolutely no information. There are no empty paper ballots, and none of the paper ballots can leave the polling station. Ballots need to be counted both from the "vote" and from the "discard" boxes. Ballots missing from the discard box prove vote tampering.

I suspect the envelope with the good ballot is sealed in some way. All they would have to do in that case is force you to take a picture of the sealed ballot with the non-desired ballots next to it.
All of the envelopes are identical. Absolutely the only difference is which envelope goes into which ballot box. Taking a photo of N-1 ballots for non-Dr. Evil next to one sealed envelope only discloses that the Dr. Evil ballot was put into an envelope first. It gives no information as to which box that envelope was placed into later, and therefore leaks no information about how the vote was cast.
So you just need to take N photos with the correct voteon every ballot. No matter which will be discarted.
But each ballot is pre-filled out for a different candidate. The vote fixer already knows what's on all of your ballots, they just don't know which goes into which box. Photos showing what's on the ballot don't disclose any information. The attacker already knows that you have one ballot pre-filled for each candidate. The only secret is which ballot goes in which box.

You go into the voting booth, seal the N ballots in the N identical envelopes, being sure to keep track of where the ballot for your desired candidate is. You leave the voting booth and drop the one envelope in the vote box, and the N-1 envelopes in the discard box.

Even if you're forced to videotape inside the voting booth of your sealing the N ballots in the N identical envelopes, you could pull a quick 3-card-monty when leaving the voting booth. Even a quick random shuffle would be sufficient to statistically nullify your vote, or if you're only able to keep track of where the Dr. Evil ballot is, a quick deal from the bottom of the deck would guarantee a vote for a random opposition candidate. As long as there's some spot between the polling both and the ballot boxes that isn't covered by video, there's no way for a third party to know which ballot went where.

You aren't allowed to leave the polling station with any of the envelopes, and a tally of the ballots in the discard box will show what percentage of people have left the polling station with their discarded ballots. Any non-negligible percentage of "discard" ballots leaving the polling station will make the whole vote suspect. (The discard ballot count will also provide circumstantial evidence for which way the tampering is going, although Dr. Evil will always claim it's false flag vote tampering to make him look bad).

If someone is really coerced in sneaking their discard ballots out of the polling station, they could sneak N-1 ballots out and either put the ballot for Dr. Evil in the discard box or burn it right outside the polling station. They then show the jackbooted thugs the other N-1 ballots. They end up not voting, but at least Dr. Evil is denied the vote.

Well there's no need for an elaborate scheme like this, certainly no need for video. The buyer gives a paper ballot that's already marked for Dr. Evil, and asks the vote seller to bring back the empty paper ballot to get paid. It's that simple :( and being done in the places which still uses paper ballots.
There are no empty paper ballots, and if a ballot is brought back, then it's not in the discard box. Since votes in the discard box are still tallied, if someone leaves the polling station with a ballot, it will be obvious that someone has tampered with the election.
You could just avoid counting any vote in the "count" box that doesn't have a matching vote in the "discard" box.
We try to combat this in two ways in Germany (not that it currently poses a problem but still): 1. Voters can destroy their ballot before putting it into the box and get a new one for any reason thus making it possible to create fake proof. 2. Taking pictures inside the booth is explicitly prohibited (which stated on signs in the booth) and if the poll workers notice you taking a picture they require you to destroy the ballot and fill out a new one. I actually had to do this to a women last election who wanted to post a picture on social media – and didn't turn off the shutter sound.

This requires the poll workers to be somewhat impartial. If they are not all bets are off. In the German Democratic Republic voters where socially pressured (by official policy) to not use the booths at all.

Taking pictures in the booth isn't actually prohibited. You can do it but the helpers will probably take your ballot and destroy it, then give you another one.

(An exception is when you are a government delegate voting for chancellor, in which case you pay a fine of 1000€, especially after the president has clarified this rule to new delegates repeatedly)

It depends on your definition (there is no fine or anything) but it's now explicitly prohibited and poll workers are required to reject such voters (and give them a new ballot), see § 56 Abs. 2, 6 Nr. 5a BWO.
We've actually had members of parliament in the Netherlands proudly show of the selfies they took in the ballot booth with their ballot on Twitter, encouraging people to take selfies (nicknamed 'stemfies'; a portmanteau of vote ('stem') and selfie) to show that (and how!) you voted on social media.

The election council and a lot of privacy-conscious citizens weren't amused to say the least, but a subsequent ruling by a judge turned out that it isn't strictly speaking illegal, because the law doesn't explicitly prohibit photography in the ballot booth. So until parliament enacts a law that forbids it (like Germany), we are stuck with this rather dubious phenomenon.

At least we've banned voting computers for a good while — the ones we had ran closed source software and the votes cast couldn't be verified by the voters or the election council — so there's that.

Why is that any different from being anonymous on a blockchain?
It isn’t unless you have some way to verify your vote. Lots of blockchain ideas offer that, though.
How about this: when you get into the booth you're given an ID. You then cast your vote for Ms A and you can see on the block chain that it was recorded for A. After you cast, the system shows you a bunch of ids on the chain which voted for other candidates and you can memorise the id shown that voted for Mr B. When people come round, you tell them that other id. When they look it up they see that it voted for B and leave you alone.

That doesn't solve the potential problem of vote stuffing... Still thinking about that one.

However in this setup, anyone can bring a smartphone in and take a picture of the screen when it displays anything that separates your id from a fake one.

Sounds like you might be on the right track if you can get over that hurdle somehow.

The smartphone problem exists currently with paper ballots. You're not supposed to be allowed to bring a camera into the voting booth, but this is not enforced particularly well.

One approach to this problem is to make it easy to cancel a previous ballot and submit a new one, so you can get your evidence that you voted the way e.g. your employer wanted you to, but then you can cancel it and vote with your conscience.

As far as I can remember from the instructions last time I voted, in Britain you can do this, just return the ballot to the person handing them out and say that you made a mistake, and they should issue you a replacement.
In the Brazilian voting machine this is often done. You type the numbers and it loads the candidate info in the screen. Once you click [Confirm] the screen gets blank with the message of success. Therefore the only way to take a picture is before the vote is actually processed. You have a [Reset] button to re-enter the numbers.
> When people come round, you tell them that other id.

That doesn't work if someone else has already told them the same ID.

Presumably you'd want a deniable system. So, something where you have a private key 'k', some function 'f', and the public chain 'p'. So, you compute:

r = f(k, p)

Suppose r may be 1 or 0. The meaning of 1/0 will be randomly distributed among the population, and will be made known to you when you place your vote, but at no other time. So, later on, you understand that a value of 1 means your vote counted for candidate A, but if someone tries to coerce you, you can realistically claim the opposite.

How do you know that the people tallying the vote have the same meaning for r?

(That is, how do you prevent a butterfly-ballot-style situation where people think they're voting for Gore, accurately cast a ballot that appears to them to be a vote for Gore, and actually end up casting an objectively valid vote for Buchanan?)

Presumably you could generate some proof that the vote was correctly cast at the moment you cast it, and that 1 corresponds to A and 0 corresponds to B. But that proof would not be accessible after you leave the polling booth (because it'd require some ephemeral value that you could retain or throw away).
Maybe you could do a block tallying with verification scheme.

1. Enter your vote and receive an identifier

2. Group n identifiers into a batch ensuring not all votes in the batch are for the same candidate. Record the n identifiers into a block then randomly order the identifiers but don’t record the randomized sort order. Display the index of their identifier to each user but don’t record it. Record the actual vote in this (random) order to the block. Allow each voter to see all votes recorded in the block at each location (including the one only they know represents their vote). Allow the voter to manually tally the block to ensure the sum of symbols reflects their vote intent. Present to each voter cryptographic proof of the existence of the block and the net affect the block as a whole has on the vote tally for each candidate.

Each voter leaves with:

1. cryptographic proof of having voted

2. Cryptographic verification of the effect their vote had on vote tally

3. Ability to claim having voted for any candidate represented in their voting block/inability to prove to others who they voted for while being sure of how their vote was counted themselves.

(comment deleted)
Would zero knowledge proofs work for this?
Rivest invented the 3-ballot voting protocol (see https://en.wikipedia.org/wiki/ThreeBallot)

The trick to the 3-ballot voting protocol is that not everyone can validate their vote. However, when a group of voters band together, they should be able to validate that a subset of their votes (1/3) were registered with high probability.

With a sufficiently large group of voters checking results, the law of large numbers comes into play and they can statistically detect the presence of voting fraud.

I like how the example ballot on that wikipedia page has Alex Jones running for president.
It's an interesting idea whose utility depends on whether you think turning casting a valid vote for the intended candidate into a logic puzzle is a good thing
(comment deleted)
One simple way (basically using Zerocoin/ZCash) is the following.

Every voter is issued one "vote coin" at registration time. There are special addresses for each candidate. Each voter sends their "vote coin" using a zero-knowledge/private transaction to the candidate of their choice. It's totally auditable, not possible to vote more than once, etc.

The main issue is in making it potentially easy to sell your vote, which as the OP was getting at is at the heart of the tension.

Voters can sell their votes now. While unethical, it's not illegal and probably not worth combatting since, technically, that is the will of the voter.
So this basically reduces democracy to "moneycrasy". Whoever has/can promise most money, wins. And then when they in power guess from where (whom) they will get back all the money that they spent? It's like saying, well it's your kidney, it should not be illegal to sell it...
> So this basically reduces democracy to "moneycrasy".

"Plutocracy".

But if properly implemented (use metal detectors to keep cameras and phones out of the voting booths), it's difficult to prove how you voted using paper ballots / old fashioned mechanical voting machines.

I don't see much problem in selling your vote if there's no way to verify that you're not ripping off the person buying the vote.

No need for expensive high tech solutions. Just provide one of each possible ballot and a pen in the privacy of a booth. Fold the ballot, step out of the booth and give it to one of two officials which puts it in the ballot box for you.

Now you can take as many pictures you like of whatever ballot which proves nothing.

Elsewhere in this discussion, I suggested the same thing, except using envelopes instead of folding. You also need to separately tally the other N-1 discarded ballots to make sure they're not being brought out of the polling station. (Discarded ballots brought out of the polling station prove to jackbooted thugs that you didn't vote for the opposition.)

Though, I don't understand the purpose of the pen in the proposal. There's already one of every possible ballot, so you don't use the pen to mark candidates. You don't write your name on the ballot, as that would ruin anonymity. You don't cross-out the ballots that you don't cast, as that would open back up the weakness to photography. So, how is the pen used?

Also, what's the purpose of having the official put the ballot in the box instead of having the voter put the ballot in the box? Is it to prevent multiple votes from being cast? You need to have a discard box for the unused ballots and tally those discarded ballots in order to detect when the jackbooted thugs force people to walk out of the polls with their discarded ballots in order to prove how they didn't vote. Once you have this, you've also got multi-vote detection.

This scheme doesn't allow you to verify your vote was counted at the end of the day though.
Most people don't vote at all. Find a big group of poor people, give them 10$ each for voting for your candidate and hope that they do what they were paid for.
If voters can sell their vote, they can also be COERCED to sell their vote at an unfair price. Coercion can disguise itself as "free will" when combined with privacy.
That doesn't answer how the vote is anonymous. Presumably every coin/token has an unique identifier, and the issuer knows who received which coin.

And since it's a public blockchain, you know exactly which token went to whom.

> And since it's a public blockchain, you know exactly which token went to whom.

You don't (well, shouldn't) know with Z-Cash/Zerocoin

Politicians are already buying votes by promising future policies for specific groups before the election. This is supposed to be forbidden yet this occurs constantly.
Preventing non-registered voters is the easy problem. Some signature systems allow blind signatures: I can create a ballot and encrypt the ballot. The government can sign the ballot, and then knowing my secret encryption key, I can decrypt the ballot and transform the government signature so that it matches the decrypted ballot. The signed but decrypted ballots can then be published using mixnets, Tor, or some other anonymous publishing mechanism.

As I remember, it's still an open problem to set things up (without requiring trusted hardware or trusting the government to destroy a private homomorphic encryption key) so that I can't later prove to Dr. Evil's jackbooted thugs that I voted for Dr. Evil.

Though, maybe there's some mechanism where I actually generate ballots for all candidates and only submit one of the ballots and it's impossible for me to prove which one I actually submitted, and I could cheat by submitting more than one ballot but there's a zero-knowledge proof that my ballots were for all of the N candidates, so in an American-style first-past-the-post voting system, submitting all of my ballots has the same effect as submitting none of my ballots.

(comment deleted)
> With anonymous paper ballots, coercion can and does happen, but it basically requires physical control of the polling station / voting booth to pull off.

> In this case, anonymized ballots are put on a blockchain. Hopefully the system is auditable, but provides no way for someone to prove which anonymized ballot serial number belongs to them. Otherwise, the thugs can come to your house and either beat you or pay you your bribe after forcing you to reveal how you voted.

I don't agree. The amount of damage to the voting mechanism a malicious group can do when physically controlling a polling station (which in itself proves a huge amount of reach and political power) is way greater than thugs coming to someone's house to check the right person was on a 'virtual ballot'.

I agree that with this approach you can do voter information data gathering 'at scale' but if you can't really do coercion 'at scale' if you can't afford either violence 'at scale' or similar enforcement via the public system (no benefits, pension cut, etc..) then it's all for nothing. But if you can do all in the first place then there's no sense in talking about the method of voting, neither will be less secure or less private than the other.

Thugs don't beat you up these days, they throw money at you. At least that happens in India these days.
I don't think we are reading the same headlines these days.
It is common for roadblocks to be erected on election days in order to stop/search cars with bundles of cash in the back to pay the non-enfranchised to vote for a particular candidate. Sadly, lack of political awareness means many are ok to give their vote for cash.
The point of a secret ballot is that there is nothing to stop them taking the cash, then going to the polling station and voting for someone else. Are the ballots not secret in India?
They are. People sometimes take money from multiple parties at the same time. However many times largest spenders get the max votes. It is just not money, gifts including alcohol jewellery etc are given, so it mix of relationships with grassroots party representative(inc caste equations) and the gifts. If the sentiment is really against candidate no amount of money help.
You might not have enough power for "violence at scale" but you could have enough money to "invest" to buy your way in to government for bigger ROI.
Low-level coercion can have high level effects. Coercion doesn't have to be at the national level, either. Most elections aren't at scale, and the ones that are, are decided on a relatively few elections around the nation.

Coercion doesn't have to take on the form of violence, social and financial reprecussions can be incentive enough to vote a certain way with the proof that you did.

Think about this: "I don't want to associate/hire/do business with anyone who voted for Candidate X or Referendum A"

Why not just a voters ransomware? Lockdown the computer except for access to the voting tool, activate day-of, and it lays the stakes out: vote for our guy or say goodbye to your data.

You don't need a physical presence to coerce, it's simple to click and deploy, and even easier to Target phishing sites when you know what people are looking for.

I easily believe that an interested party would drop big cash on a good exploit for such an event.

Because that would be easily verified, and the election would be thrown out. The attack wouldn't accomplish anything.
This is a tactic used to maintain power - delay elections indefinitely. Currently it’s happening in a number of African countries.

Undermining the credibility could therefore accomplish “everything” (the intended purpose).

I'm pretty sure if I get the election thrown out and smear my likely to win opponent as someone doing this kind of tampering it's all good.
Being able to sabotage elections and force a rerun might be an accomplishment for somebody.

For example a foreign entity could use this to cause confusion and undermine people's trust in elections.

And you think nobody would report that to the police?
Granted, but people already report ransomware to the police with little to no effect. Businesses held hostage with their entire livelihood report it and still end up paying most of the time. The resolutions come month later typically.

I'm not against the idea of trying to modernize voting or blockchain in general, but there are extremely practical and real problems that come with it which are a magnitude easier to accomplish than it is with paper ballots at the moment.

I'm sure there is a procedural medium which alleviates this but I'm not bright enough to think of it at the moment.

The effect would be to hopefully have the election rescheduled. In this case actually catching the people isn't necessary to make the attack useless because the final goal is to compromise the election which can be prevented without trying to break the ransomware or find the perpetrators at all which is why reporting it to the police usually does nothing. Also the stakes are a lot higher than the usual ransomware so unless the government itself is trying to break the election the police have a much large incentive to get involved.
If you have a group physically controlling a polling station, it will be obvious to everyone that the election is rigged.

Small scale coercion, however, is easier to execute and easier to get away with, hence the need for your private vote to be cast in a public place.

Russians have been stuffing boxes for years in Russia and it only came known after the surveillance camera was retrieved.
The Carter Center, among others, have published standards, criteria for observing elections.
> Small scale coercion, however, is easier to execute and easier to get away with

And it's something that, if standards of voting privacy are sufficiently eroded, could easily emerge even without any big conspiracy behind it. Just think of something as grass-roots as spouses not being amused about a certain vote, that alone could have a huge influence on the outcome in some settings. This potential for casual coercion is why I even consider it an erosion of democratic values when people abuse absentee votes for convenience. A mild erosion, but an erosion nonetheless.

Electronic voting could maybe improve on the issue of casual coercion if they allow individual votes to be recast until last minute, maybe even with some mix of deadline customization/randomization (with silent failure if already past the deadline) to add friction to less casual coercion attempts.

> I don't agree. The amount of damage ...

It wasn't a statement about the amount of relative damage. It was a statement that a voting system that leaks privacy beyond the polling station strictly increases the number of parties capable of coercion vs. a voting system that only requires securing the polling stations.

There's a big "if" in trusting the government to run honest polling stations (and keep phones/cameras/etc. out). That's not in question. However, if a blockchain voting system leaks voter privacy, then random online criminals halfway around the globe with no capability of controlling polling stations can still coerce voters without needing to physically control even a single polling station.

Electronic voting done right can be a force for good and transparency, but getting privacy right is absolutely critical. If you screw up privacy, you enormously increase the number of adversaries you need to worry about.

And there are many kinds of coercion. What's the price per vote in the poorest half of the population in Sierra Leone?

I also wonder if the blockchain means votes are cast publicly. Typically you vote, then tally. With every vote in public on the block chain, I could see mining companies bidding against each other for votes in real-time...

Both systems have their disadvantages. Electronic voting, especially when it's not completely anonymous, opens up the voting process for all kinds of vote buying, coercion and intimidation.

Take Turkey or Russia for example. Voters know exactly that the current radical governments can track their ballot numbers, so they'll think twice before voting against them.

Agora's ballot privacy (secrecy) is apparently based on Neff shuffling.

A verifiable secret shuffle and its application to e-voting [2001] https://dl.acm.org/citation.cfm?id=502000

All prior crypto-based voting systems I've studied rely on hash collisions, algorithmically simulating the secure one-way hash of physically dropping a ballot into a box, for an individual's ballot to get lost in the herd. But for this to work, ballots have to be simple and elections have to be large (enough).

In the USA, ballots are complicated and precincts are small. Appropriate for elections administration based on the Australian Ballot, bad for crypto-based balloting system.

--

I'm very surprised this is the first I've heard about Neff shuffling.

But I know a lot about VoteHere. Even though they are a proven bad actor in this space, I'll suspend disbelief and see if something good came out of their efforts. The Agora people appear smart, earnest. So maybe there's something here.

If Neff shuffling (or something similar) actually works for this application, it'd be remarkable. Least importantly, I'd have to update my world view. Specifically: no fully digital voting system can both protect the secret ballot and ensure a public vote count. (In practice, electronic voting systems do neither.)

--

PS- Scanning the other comments, feel compelled to point out:

Design the whole system. Understand election administration. Protecting the ballot is not enough. Information also leaks from poll books, voting history, etc., which then deanonymizes the secret ballot.

For Sierra Leone, Agora might be a great idea. Maybe the benefit of extending the franchise (reduced costs, increasing access) outweighs the loss of individual privacy.

> thereby offering instant access to the election results.

...

> it is still unclear who won

Only 70% of the votes were using this system.
Even when only 70% of the votes are counted, it should be pretty clear who got more votes than another. The problem in this case is that no candidate got a majority, so the top two will need to have a run-off election.
I hope people there don’t automatically imply trust everytime they hear blockchain. If controlled by central authorities the blocks can be changed like text on a file.
Does anyone know if this decentralized with miners rewarded with coins to keep the nodes and network running?
In future, anybody with sufficient support can propose any change in legal system and have it backed up directly by individuals instead of elite parliamentary class. Will that happen ? That can remove whole election criteria.
That's basically referenda and direct democracy, and I don't think it's the technology that's holding that back.
> anybody with sufficient support can propose any change in legal system

so Switzerland?

There’s nothing technical preventing this today, or anytime before. What’s been lacking is the political will and the class consciousness to implement it.
I'm glad to see they've backed away from doing an ICO token for now. That was sketchy as hell.
Found no description of how exactly people vote with Agora https://agora.vote/: do they come to a place and press a button or do they download an app(or go to a web page) and press a button?

Either way, I can't see how fraud is prevented even with a blockchain in place.

Blockchain provides no advantage over other technologies in elections.
So, this is a great way for a major states to actually brute-force hack elections: have several millions of computers do proof-of-work for false ballot data.
I miss details here.

1. Can it be said that the election was electronic? If so, why is the headline saying they used blockchain and not elections was first time electronic. (I consider blockchain here only as implementation detail).

2. Could voters vote from home over wire or they had to come to some kind of booth that had electronic voting device in it?

It can be said that the election was electronic, however other countries have used electronic polling stations (notably the USA) and those have since been proven to be easily hacked and the results modified.

The headline here stating the use of blockchain is important because its the first election on the planet that has used the implementation and its an implementation that can't be modified without trace.

As for point two I have no idea, I am assuming it required people using voting booths but given the technology used, nothing is stopping it from allowing decentralized voting.

edit: As it turns out it looks as though people voted using traditional paper ballets and it was inputted into the block chain via a neutral third party: https://www.bitguru.co.uk/sierra-leone-presidential-election...

I don't think that decentralized voting is a good thing at all. Voting will lose its significance when a vote can be issued with barely more than just a click. Elections and votes will become increasingly meaningless and much more frequent.

Social interaction suffers greatly today, because of the success of Social Media, which was praised as a new and easy way to socially interact without going outside.

Blockchain might be the right choice of technology for the voting process, people still need to be obliged to go to the city hall to issue their vote, in person!

The Swiss have very frequent votes, with direct votes on several issues 3 or 4 times a year. That’s in addition to electing representatives. Of course they are the oldest continuous modern democracy.

You could argue from the Swiss example that more voting occasions wouldn’t change the main issues of modern democracies, but it doesn’t seems to lower the importance of voting either, with a similar turn out that elsewhere.

(Also, a technical solution to constant voting and flexible, transferable delegation of voting power is the main goal of the fluid democracy movement.)

> people still need to be obliged to go to the city hall to issue their vote, in person!

And you can also then police the undesirables by putting them through onerous identification processes.

/sarcasm

>> Voting will lose its significance

Don't worry; in the United States, it largely already has. Blockchain tech can't make it much worse.

>> people still need to be obliged to go to the city hall to issue their vote, in person!

Yeah, that's not ableist at all. Don't worry about those with limited transportation options. And piling tons of people into city hall will totally make people social again.... ???

Good effort for trying, at least we have some potential even if it fails.
This has really gone to far. What’s next?

Some dictator will run the first blockchain-based death sentence via a distributed big data popular jury to guarantee a fair and auditable trial?

PS : forgot to mention this was a cloud based, severless solution developed by a scrum agile team while pair programming in a 6th generation language for extra scalability and safety.

(comment deleted)
I've got a question I didn't see answered in the article.

Is the ledger hidden until the end of the election or publicly visible throughout?

I only ask as it's a subtle technical difference that could massively influence the outcome.

In cryptography, a ring signature is a type of digital signature that can be performed by any member of a group of users that each have keys. Therefore, a message signed with a ring signature is endorsed by someone in a particular group of people. One of the security properties of a ring signature is that it should be computationally infeasible to determine which of the group members' keys was used to produce the signature. Ring signatures are similar to group signatures but differ in two key ways: first, there is no way to revoke the anonymity of an individual signature, and second, any group of users can be used as a group without additional setup. Ring signatures were invented by Ron Rivest, Adi Shamir, and Yael Tauman, and introduced at ASIACRYPT in 2001.[1] The name, ring signature, comes from the ring-like structure of the signature algorithm.

Linkable ring signatures [4] The property of linkability allows one to determine whether any two signatures have been produced by the same member (under the same private key). The identity of the signer is nevertheless preserved. One of the possible applications can be an offline e-cash system. [link: https://en.wikipedia.org/wiki/Ring_signature]

Linkable ring signatures are problematic because if someone can coerce you into signing a second message then they can identify who you voted for.
> His chosen successor, Samura Kamara, is being challenged by 15 other candidates

> Experts say a presidential run-off is likely as a first-round win would require one candidate taking 55% of the vote.

When even Sierra Leone has a more democratic voting system than Freedom Land™ (and I'm not talking about blockchains).