Blockchain Voting: A Better Election System?

Currently, although the use of blockchain in political elections has garnered increased attention, its actual usage has generated significant criticism. For example, in 2018, when West Virginia used blockchain-based voting for a limited subset of eligible voters, there were concerns regarding the security of the system and the accuracy of vote counting. These are matters that the public cannot definitively verify as neither the government nor the involved companies have disclosed essential information necessary to assess the success of using blockchain in elections. Experts have added their voices to the chorus of disapproval, suggesting a high probability of errors during system operation. They highlight risks to users' mobile phones, the election system network, and the servers handling data, all vulnerable to cyber exploits. Additionally, Voatz has been criticized over potential failures in the vote count. In practice, the voter's vote was sent digitally, as a PDF, to the county clerk staff for printing and inclusion in the tally alongside traditional paper ballots. While this process facilitated the post-vote tabulation audit, it did not contribute to the vote casting process. Online voters lacked the ability to verify the accurate recording of their vote or whether the automatically generated paper ballot truly reflected their intentions.^1/ Consequently, voters were compelled to rely solely on the integrity of state officials and the election management system, trusting that the recorded vote aligned with the cast vote. In fact, this instance exemplifies only one of the myriad concerns surrounding the adoption of blockchain-based voting systems.

Nevertheless, whether elections are conducted through traditional paper-based methods or online platforms, transparency and data integrity remain at the heart of the election process that responsible authorities must always prioritize. Officials tasked with organizing elections need to ensure that these concerns always remain front and center, and therefore, must be able to clearly demonstrate to voters, using credible evidence, that the election has indeed produced a "true winner.“
 

The BVMS – an example

A significant international effort has gone into researching blockchain-based voting and creating frameworks to ensure that this remains as transparent and secure as possible. Among these various proposals, the ‘Blockchain-based Voting Management System’ (BVMS)  (Farooq, Ifthikhar & Khelifi, 2022) has achieved some prominence. BVMS proposes the use of a flexible consensus algorithm to govern system operations, enabling the adaptation of the consensus mechanism to accommodate a large number of users even while voting is underway. Moreover, it incorporates measures to prevent a 51% Attack,^2/ a potential threat during voting, and introduces a chain security algorithm to autonomously verify the correctness of the blockchain network. Additionally, BVMS integrates UTXO^3/ and smart contracts mechanisms to prevent incomplete or malicious transactions within the blockchain network, aligning with efforts to mitigate various vulnerabilities associated with blockchain-based voting systems. These endeavors distinguish BVMS from other systems.

In the BVMS election management system (Figure 1), eligible voters must have access to voting devices, such as mobile phones or computers, and they are required to register on the system to verify their identity beforehand. The BVMS advocates the utilization of smart contracts to verify whether (1) the voter is indeed eligible to vote and (2) if they have already exercised their voting rights. Upon successful completion of these verifications, the user's online wallet is credited with a single voting coin, which is then used for voting. Once used, the voting coin is deducted from the user's account, rendering them ineligible to cast another vote. Following the voting process, the system validates the transaction details, which are then recorded on the blockchain. Due to its structure, the BVMS system has the capacity to accommodate a large volume of voters concurrently, regardless of their geographical location. Additionally, every voter’s transaction hash is stored on the blockchain alongside the result of the election, enabling registered users to check this on their screen displays or on the app's dashboard.

In addition to the BVMS described above, many other protocols have been proposed as possible ways of meeting the challenges associated with integrating blockchains into online voting systems; but despite their differences, these all share the common goal of enhancing the transparency, safety, security, and independence of the electoral process, as well as to save costs associated with organizing large-scale elections. However, online voting can utilize various technologies beyond just blockchains, and this leads to another question: Is online voting with blockchain better than without blockchain?

Is blockchain voting really better?

For elections to be considered transparent and to maintain their integrity, they must demonstrate several qualities, but three of the most central include the following. (i) To ensure that voters’ intentions are respected and that the overall process remains trustworthy, the individual votes cast and the count made must be verifiable and auditable. (ii) To prevent voter intimidation and block the possibility of vote-buying, ballots should be strictly secret, and votes should be anonymous. (iii) The management system, or the software, used in the election must be independent. Software independence means that any errors occurring in the election software must be detectable, traceable, and investigable to ensure fairness to candidates. Whether the errors are small or large, election managers must be able to explain them to the public to build confidence in the election results. Achieving these three fundamental principles is challenging for designers of online election management systems compared to using traditional paper ballots, due to the following constraints.


I. Verifiability and Auditability

The example of the 2018 West Virginia midterm elections described above illustrates how voters were unable to physically view the printed ballots included in the final count. Consequently, users had no means to verify if the actual ballot accurately reflected their voting intentions expressed in the app. Any errors in the electoral process would likely go unnoticed, but blockchain technology can address issues like this with voter verifiability. For instance, BVMS allows the hash of voters' blockchain records to be sent to their mobile phones, serving as a key for accessing the data on the blockchain. Access to this data is secured using the voter's public key and can be unlocked using the private key, enabling individuals to verify the transactions recorded in their wallet before confirming their vote. Data transmission is encrypted, and once the vote is confirmed, it cannot be altered. Additionally, adding a digital signature to the transaction will enhance the system's overall security. Utilizing blockchain technology in online voting, as proposed in BVMS, will thus restrict access to a voter's data to the voter alone, who can verify its accuracy and ensure that their recorded vote is the same as that which was originally cast.

Apart from voter verifiability, auditability is also crucial in maintaining public trust in the electoral process. Trust in election outcomes also depends on the ability to audit the system and verify the count, whether it is a centralized online voting system or a blockchain-based one. While blockchain systems may seem to offer advantages in security and transparency, online voting systems face various threats, including network security, user authentication, privacy maintenance, hardware vulnerabilities, and potential attacks on supporting infrastructure. Therefore, it may be concluded that, for this issue, integrating blockchains into online voting systems does not automatically enhance the ease of auditing and verifying vote counts. In fact, the added complexity of blockchain systems may make this task even more challenging.
 

II. Ballot Secrecy and Voter Anonymity

Central to a healthy democracy is the protection of ballot secrecy and voter anonymity, guarding against intimidation, threats, and vote buying, thus enabling voters to express their genuine desires freely. Interestingly, research by Ostwald and Riambau on voting in Singapore shows that voting behavior changes when voters suspect that privacy and anonymity may have been compromised, even when in reality this was not the case and there were no-post election consequences for voters, however they had cast their ballots (Ostwald & Riambau, 2021). Ostwald and Riambau demonstrate that in these elections, when voters were worried that the secrecy of the ballot may not have been maintained, 3-5% of voters voted for the expected winner, even when this was not the party that they supported.^10/

Utilizing blockchains for election infrastructure offers several advantages over other technologies used in online voting. The decentralized and disintermediated nature of blockchain means there is no central authority, reducing the risk of data exposure and breaches of anonymity. Additionally, blockchain-recorded data is typically immutable, preventing tampering with voting records after ballots are cast. With encryption, both election officials and hackers have limited access to individual voting records, theoretically ensuring the confidentiality of election results until they are officially released.

Moreover, using the blockchain as the data storage backbone will allow individual data from voters to be recorded as hashes, further helping to preserve anonymity. One way this might be implemented is using Ethereum-based smart contracts (Alvi et al., 2022) designed to allow voters to identify themselves and establish their eligibility to vote without revealing personal information. On the blockchain, public keys function similarly to email addresses for identifying individuals, while hashes are used instead of the voter’s personal data. These are combined, and the votes are encrypted to avoid exposing the link between ballots and voters. Once all the votes are collected and decrypted, the smart contracts transfer the voting coins to the relevant candidate without revealing any personal information. Throughout this process, anonymity is maintained, as shown in Figure 3.

III. Software Independence

As mentioned earlier, trust in an electoral system hinges on its independence and the ability to audit all stages of the election process. For online elections, this underscores the importance of 'software independence.' A voting system is software independent if an (undetected) change or error in its software cannot cause an undetectable change or error in an election outcome (Rivest, 2008). In contrast, software that lacks independence may lead to significant errors or expose the election to cyber threats. For instance, if the software is not independent, a remote programmer could potentially access the system and modify its codebase. Even a minor alteration in the code could swiftly change millions of electronic ballots, unlike the scenario with traditional paper ballots, where altering them requires physical access and individual modification (Park et al., 2020). Consequently, the risks associated with online and analog election systems vary significantly in scale.

In principle, verifying whether an election management system is software independent should not solely rely on using software to check software, as this is currently challenging and may require advancements in technology to achieve error-free code. However, software is indispensable for online election management. Nevertheless, system designers should develop verification methods that minimize reliance on software or eliminate it entirely (non-software-based means). For instance, designing processes that enable the general public to verify without relying on technology or allowing individuals to use their own software for verification. Such system designs present significant practical challenges, irrespective of whether blockchain technology is employed in the management system or not.

Considerations of software independence are thus central to concerns regarding the operation of online elections, but contemplating these issues also raises further important questions. (i) If problems or security vulnerabilities are detected in the software, how confident can the public be that these concerns are genuine and not raised for ulterior motives? It is essential to recognize that while the auditing and verification process may be public at various stages, certain information remains private and accessible only to individual voters. Therefore, any reporting and discussion of potential issues should be grounded in publicly available evidence, regardless of when they occurred during the election process. (ii) When problems are identified and reported, is it feasible to promptly address and rectify them, and if not, what course of action will be taken? A well-designed system with software that exhibits a high degree of independence should enable the retrieval of data generated during the election using the digital footprint within the system. However, it remains uncertain whether currently available software meets these requirements adequately.

Krungsri Research view: One size doesn’t fit all

Transitioning to a new electoral system inevitably brings about challenges and introduces various new problems. Therefore, if we revisit the initial question of whether blockchain-based electoral management is truly superior to the current system, the answer that can be provided at this moment is "Yes, but only partially." While blockchain technology offers significant advancements, it cannot entirely address all the pain points of traditional paper-based elections. Although conducting online elections using blockchain technology may offer advantages in terms of convenience, data processing speed, and a high degree of public trust (because once data is securely recorded into the blockchain, it is extremely difficult for this to be altered, tampered with, or deleted), there are still limitations in addressing all dimensions of electoral challenges.

The flip side of this is that the decentralized nature of blockchains and the many participants active in the network will likely introduce new problems when incorporated into online voting. These issues will primarily pertain to governance and coordination, necessitating the development of more secure and complex systems and software compared to cases where data is managed on a single central server. This additional complexity will then bring with it a likely proliferation of bug fixes and the need to deploy new software, and when security vulnerabilities are found in blockchain applications, patching these is generally more difficult and more time-consuming than when providing updates for a centralized system.

Beyond this, despite the security inherent in the design of the blockchain and the additional assurances offered by measures like those implemented by the BVMS to prevent 51% attacks and automate checking for irregularities and threats, blockchain technology is not invulnerable. It is impossible to completely eradicate underlying threats to the security of blockchain-based voting systems. Because online elections, whether with or without blockchains, are conducted online, they will always be exposed to cyber threats. Unlike traditional paper-based ballots, vulnerabilities in the software may be exploited with significant effect, especially when compared to traditional paper-based election systems. For example, the ‘INVDoS’ vulnerability discovered by Braydon Fuller in 2018 (code CVE-2018-17145)^12/ allowed malicious peers to launch denial-of-service attacks by flooding fellow peers with randomly hashed messages relating to non-existent transactions, and this then had the potential to result in memory overflows and system failures. The Bitcoin software tracker reported that as of 2020, 27% of the Bitcoin network remained vulnerable to this threat (Park et al., 2020), and more generally, software developers accept that discovering vulnerabilities is a normal part of the blockchain development and tracking process.
 

In the event that a large-scale election involving many participants encounters problems, the authorities will need not only to urgently address the specific issues affecting the vote but also to provide the public with a clear explanation of what has happened, backed up by empirical evidence acquired from an investigation of the event. This is a point that needs careful consideration because explaining problems with software or networks to the public in an easily understandable form is not straightforward, particularly when contrasted with traditional paper ballots that can simply be recounted in front of observers to dispel public worries over the validity of the results.

For high-stakes national elections, any new voting system or technology introduced should undergo rigorous testing beforehand. This could involve piloting the system in small-scale local elections and/or testing it in advance or remote voting scenarios multiple times until confidence is established that the online electoral management system is fully prepared for large-scale national elections. It is possible that the development, testing, and patching of a new voting system could take a decade or longer, though the timetable for this would be at least partly determined by the pace and advancement of technological development.

Nevertheless, while blockchain-based online voting systems may not yet be suitable for national or general elections due to technological limitations, they present an intriguing possibility for smaller-scale elections with limited budgets or in remote areas with logistical challenges. This could extend to facilitating voting for overseas citizens or those who struggle to reach polling stations in person. Ultimately, maximizing the potential of blockchain will require finding tailored applications that suit the unique context of each election, as there is no one-size-fits-all solution.

References

Alvi et al. (2022) DVTChain: A blockchain-based decentralized mechanism to ensure the security of digital voting system voting system. Retrieved May 16, 2023 from https://www.sciencedirect.com/science/article/pii/S1319157822002221/pdf

Catalin Cimpanu (2020) Researcher kept a major Bitcoin bug secret for two years to prevent attacks [Blog post]. Retrieved August 10, 2023 from https://www.zdnet.com/article/researcher-kept-a-major-bitcoin-bug-secret-for-two-years-to-prevent-attacks/

Eghe-Ikhurhe et al. (2023) The Relevance of Blockchain Based Voting Adoption in Governance Structure. Evidence from Nigeria. International Journal of Economics, Commerce & Management, United Kingdom. Retrieved August 20, 2023 from https://ijecm.co.uk/wp-content/uploads/2023/01/1111.pdf

Farooq, Ifthikhar and Khelifi (2022) A framework to make voting system transparent using blockchain technology. IEEE Access. Retrieved May 16, 2023 from https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9787540

Kai Ostwald and Guillem Riambau (2021) Voting Behavior under Doubts of Ballot Secrecy: (Un)Intentionally Nudging Voters Towards a Dominant Party Regime. Retrieved August 13, 2023 from http://guillemriambau.com/Ostwald%20Riambau%20Voting%20under%20doubts%20of%20ballot%20secrecy.pdf

Li et al. (2017) Proof of Vote: A High-Performance Consensus Protocol Based on Vote Mechanism & Consortium Blockchain [Conference paper]. Retrieved September 13, 2023 from https://www.researchgate.net/publication/323209703_Proof_of_Vote_A_High-Performance_Consensus_Protocol_Based_on_Vote_Mechanism_Consortium_Blockchain

Park et al. (2020) Going from Bad to Worse: From Internet Voting to Blockchain Voting. [Draft November 6, 2020] Retrieved May 17, 2023 from https://people.csail.mit.edu/rivest/pubs/PSNR20.pdf

Ronald L. Rivest (2008) On the notion of ‘software independence’ in voting systems. Philosophical Transactions of the Royal Society. Retrieved August 10, 2023 from https://royalsocietypublishing.org/doi/pdf/10.1098/rsta.2008.0149

Yael Grauer (2019) What Really Happened With West Virginia’s Blockchain Voting Experiment? [Blog post] Retrieved July 22, 2023 from https://slate.com/technology/2019/07/west-virginia-blockchain-voting-voatz.html