Computer Scientists/Math Geeks: Would it be possible to design an open source voting machine based on Bitcoin verification math?
I don’t fully understand what’s involved in Bitcoin’s verification process, but I was thinking each voter would have their Social Security Number (or voter ID# if they are eligible to vote but don’t have a SSN—not sure if that’s possible), a private 6-digit pin, and then the results of their candidate selection (Clinton = some value, Trump = different value, etc.) all hashed together using some public formula.
This number (a private key) could then be uploaded to the polling location’s computer which based on the same/similar methods that bitcoin uses for verification (I’m not entirely sure how this part works) would be verified and updated. Periodically all local numbers are uploaded to the master server in a secure manner. The voter would get a printout of a unique number, and a hardcopy ballot is also generated with the only identifying info being that same number.
The voter could could then input that number into a field on the official election website later along with their SSN and PIN and it would allow them to see confirmation that their vote was actually recorded for who they selected, but it’s just a number so it doesn’t reveal their candidate selection to anyone else. Also, if done correctly, all numbers must be built on the ones before it the way Bitcoin works, which means either the entire election is valid, or invalid and it’s impossible to tamper with the vote without breaking the checksum, (or however the process is verified).
Is this possible, or is my ignorance of how Bitcoin works causing me to make false assumptions about what’s mathematically possible? One major benefit is that voter fraud would be nearly impossible, because it requires a valid SSN to be used (only once per election), along with a PIN. Not that Republicans would want to listen to reason, but it would eliminate arguments for why we need voter suppression laws, and provide peace-of-mind that our democracy isn’t being stolen.
Observing members:
0
Composing members:
0
9 Answers
I would have applauded this as an interesting idea until I heard of yet another bitcoin theft today. Sounds to me like the whole bitcoin verification is not terribly secure.
Also, SS# is not proof of citizenship.
@zenvelo I’m not entirely certain of the details, but it’s possible that bitcoin thefts have nothing to do with the legitimacy of the mathematical verification process, and instead have to do with breaching security at the exchange and stealing the data. Those are potentially unrelated issues, but I don’t know enough about the details to say one way or the other.
As for the SS#, I’m not sure what number would make sense for that. The point is, you wouldn’t be able to enter the same number multiple times, because the system would detect that. So it is possible to have voting rights and no SS#? I wasn’t sure if you’re given one when you become a citizen.
Bitcoin has potential problems because it is run on publicly accessible networks. I assume voting tabulation is done on a closed government run network.
There is work being done to try to replace passwords, using such methods as fingerprints or optical scanning. If any of these systems become at least as reliable as passwords then they could be incorporated into current voting machines, eliminating any talk of voter ID.
Regarding bitcoin thefts, there’s actually two perpendicular issues. To use an analogy, I can prove that I own a locked box because only I can open it, but that doesn’t prevent someone from stealing the key from me. “Bitcoin’s verification system” simply means that it’s impossible to create counterfeit boxes/keys. In bitcoin, there’s the concept of “cold storage” which is when a user physically prints out the key on a piece of paper and deletes all digital copies of it, so that nobody can steal it by hacking their computer. Back on the subject on voting, this means that the central server’s security has to be airtight, but it also means that using a “bitcoin-based” vote verification system isn’t a security vulnerability (the weaknesses lie elsewhere).
Regarding the details of bitcoin, it relies on “security through brute force” since the only way to create counterfeit money is to control a sizable percentage of all computing power that’s hooked up to the bitcoin network. This approach isn’t really applicable to voting, but there’s plenty of other ways to use cryptography to make open-source voting software. Two organizations that are working on it are Helios and OSET.
Voting verification is rather complex because there’s several (at first glance contradictory) requirements that should ideally be fulfilled:
- It should be possible to verify that every vote came from a single eligible person, but impossible to reverse-calculate which vote came from which person.
– It should be possible for me to verify that my vote was counted properly, but impossible for me to prove to other people which way I voted. This is important because it prevents vote buying / vote extortion: I should be able to be personally confident that my vote goes to the candidate I truly desire, but I should be able to lie to other people about which way I voted in case a family member / employer wants me to vote in a particular way. (related wiki article)
The actual details on how these procedures work are beyond my level of education.
Here in Europe, we have an id system where we can sign sensitive documents ‘virtually’ and gain access to personal tax and corporate records. I could imagine a voting system similar to this, but the US has far too many loop holes and ability to steal personal information and steal identity to have anything reliable. Because Americans are so paranoid, they haven’t been able to put a decent identity security system in place. Colour me ironic.
@PhiNotPi So if the system is required to have a Zero Knowledge Proof, in the event that your vote was altered, you’d be unable to prove to others (e.g. journalists) that there was potentially foul play. It seems like that requirement might be counterproductive, unless I’m missing something?
Yes. But it would be prone to a denial of service attack. The server could crash If everyone voted at once.
@gorillapaws I don’t think you need to be able to identify any particular individual whose vote was altered in order to prove that a vote was altered.
Using some advanced encryption techniques, it’s possible to encrypt each vote individually, add up the encrypted votes, then decrypt the total number. Also, I’m not sure if the systems in development actually use true zero-knowledge proofs, but the concept is similar. voters receive a “tracking number” that’s derived from their vote (Helios describes it as a “fingerprint”) with which they can verify that their vote was added into the total. If I understand it correctly, this tracking number alone doesn’t contain the information of who I am / which way I voted.
Answer this question
This question is in the General Section. Responses must be helpful and on-topic.