## Decentralized Electoral System

-2

So I have been thinking about this for only a couple of days, take this with a grain of salt.

I know that, in general, electronic voting is a bad idea for a number of reasons. But I think that there has to be a way of doing this safe and securely, maybe not though.

Lets try to imagine a decentralized voting system. Each individual, who has the right to vote, gets a public/private key pair (maybe there is a way of doing it so that only the government can generate those pairs, therefor ensuring that every vote is legal). Then we would have a block chain, where a block consists of a list of votes. A vote is just a public key tuple (and some signature), the first is casting their vote for the second. You would only be able to vote during a certain time period (every vote outside of this period gets discarded). The actual decentralization happens as soon as votes get counted, because now anyone in this system can count votes.

Now the main problem here is how do you get your vote into the block chain. Because if you use any electronic device connected to the internet, a man-in-the-middle attack might be possible (changing the vote before sending it out to the network). You might have to design a specific device solely for voting and make it open hardware/software but I don't know if that's not safe either.

In any case, what do you think of this idea? Do you think it could be theoretically done? Also, do you know if there have been similar suggested systems? I don't seem to find anything on this topic (except for electronic voting of course)

Question was closed 2017-10-22T18:16:36.657

Asking "is it theoretically possible" makes the answer probably "yes" (I'm not enough of a cypherpunk to analyse. But there is the practical problems: People who don't have a computer. People who don't understand the system. The cost of the hardware. The distribution of keys. And what is the problem it seeks to solve? – James K – 2017-10-22T17:05:44.437

well the advantage of this system (if it works) would be more transparency in general – Fullk33 – 2017-10-22T17:12:32.747

– Brythan – 2017-10-22T17:37:01.010

3Welcome to Politics.SE! This question looks like it invites for a debate and brainstorming the ideas about a theoretical situation, which is off-topic at this site. – bytebuster – 2017-10-22T17:39:49.797

Rather than just issuing a public/private key pair, you'd probably just want to use something like SSL certificates, like websites use. This gives you the same functionality, just it also asserts that a central agency signed the certificate. In this case, the central agency would be the government.

– Nat – 2017-10-22T20:24:35.567

As a suggestion, I'd note that major elections are pretty uncommon - so you don't need this system to be anywhere near as efficient as normal crypto to be practical. So you can do really heavy-duty stuff - like require that voters vote on webcam, provide finger-prints via their biometric thing on many laptops, take a close-up picture of their iris, or whatever, then sign those things along with their vote in one package. This wouldn't be fool-proof, but it'd provide a a lot more evidence of a vote's validity than just a normal encryption scheme. – Nat – 2017-10-22T20:28:10.727

Also, as Brythan noted, people might try to buy votes. One way to help avoid that bad behavior is to eliminate the buyers' confidence. So, allow people to recast their votes at any time until the end of the election. This way, if someone tries to buy a vote and witnesses it, they still can't be sure that the voter won't go back and change their vote later, or resell it, etc.. Enabling voters to scam vote-buyers would crash vote-buyers' confidence, severely deincentivizing the practice. – Nat – 2017-10-22T20:33:49.677

Picking the right system would require some consideration, but overall what you want to do is ensure that no one but the voter can be sure what they really voted, removing the incentive for buyers/attackers to try to coerce votes. – Nat – 2017-10-22T20:36:21.817

You might be interested in following the Area 51 proposals for SE.BlockchainTechnology or SE.Decentralization.

– Nat – 2017-10-22T20:50:17.950

Ahem. Have you met any real people? Like, normal ones, not SO/slashdot users. The ones who have password "password123" and write it on a post-it note on their monitor and use it for both pornhub and their bank? The ones who genuinely make those horrible calls to tech support that sound like deliberately hyberbolized parody but are indeed due to complete and utter inability to understand computers and software they try to use? Those are the people you expect to be able to use public key cryptography. *They won't*. – user4012 – 2017-10-22T21:16:57.697

@user4012 Good point... I wonder how to work around that? I mean I can see embedding the certificates into government ID cards (e.g., driver's licenses) or those little chips that can be injected into people now (as creepy as they are). Alternatively, there could be a system wherein keys that appear to be been compromised (e.g., used by multiple voters, found in the public domain or hacker dumps, etc.) could be invalidated - that'd be a touchy subject, as it'd have concerns about legitimacy or/and relate back to IQ-tests for voting, but dunno if it'd necessarily be unsolvable. – Nat – 2017-10-22T21:45:23.947

## Answers

2

### Selling votes

The number one problem with online voting is that it allows for the selling of votes. Assume that I want to buy your vote. We sit together at your terminal. You access your public/private key. I pay you $5 and cast your vote, signed with your key. Or I don't pay you$5. I just hit you until you give me your key. The higher the price, the more likely this is.

### Stealing votes

Now assume I am a spy for a foreign country. I get a job close to where the keys are generated and learn the system. I divert some keys from people who probably weren't going to vote to my own people. They cast the votes. Because I work for the government, which is the trusted agent, no one catches me doing this. And because it is electronic, I can do this for a large number of votes (in non-electronic cases, an agent might manage some of the votes in a single county, hardly worth it).

### Safe voting

We know how to count votes safely. We don't need new tech. Each person goes to a polling place and gets a ballot. The person fills out the ballot at the polling place, verifies that it is machine readable, and drops it into a locked box. If the ballot is not machine readable, the person exchanges the ballot (which goes into a different box) for a fresh ballot.

That system is fully tested and works. Done right, voting and counting can be quick. It's fully auditable. Recounts are straightforward.

### Absentee

The hardest kind of voting to verify is absentee. Because the person does not go to the polling place, we rely on things like the signature to verify the ballot's legitimacy.

Do you have a reference for the 'number one' claim? I'd expect lack of auditing to win in situations where the organizers aren't be trusted. – origimbo – 2017-10-22T21:36:28.370