hi everyone this is charles hoskinson broadcasting live from warm sunny colorado i just got back from wyoming i was running around gillette wyoming hanging out with the parents uh taking a look at some ranches and it's just a lovely time this weekend and somebody over twitter pinged me and said hey there's this lovely paper from mit uh written by ron revist and niha and a bunch of other fellows michael spector and sunoon park mit and harvard talking about blockchain-based voting and the crux of the paper is that internet internet voting bad and blockchain voting even worse and it's actually a really fun paper to read it's about 24 pages long and it has embedded within it a lot of interesting questions and a good framework to look at elections and though though i disagree vehemently with the paper's context although you know it is kind of ballsy to stand up before the r in rsa there is this is a great example of the power of the scientific method in the academic process it is actually a really good paper to think about elections in general and i'd highly recommend reading it and it provides a pretty good definition of evidence-based elections and they say these are necessary but not necessarily sufficient conditions to satisfy the ability to have auditability and auditing in your election so they kind of outline five items in the paper of thing properties elections should have the secrecy of the ballot software independence voter verifiable ballots contestability and then obviously some mechanism of auditing and then they go on to talk about some of the challenges that both permissioned and permissionless blockchains have in e-voting in general and they take a position that basically online voting and blockchain based voting doesn't really have these properties as a standalone system if it's hybridized with a paper system and you're using the blockchain for a a facility known as a public bulletin board or an authenticated bulletin board uh then they're not quite as dismissive but it is a very interesting paper nonetheless and i think at the the very end of it and i don't see here uh where was that section on page security mechanism design ah critical questions in page 4 16 where they actually go through a bunch of things like stakeholders and adversaries security objectives and the threat model uh security mechanism design evidence-based elections vetting and transparency and so forth so uh the problem when you have cryptographers talk about something is that they only have part of the puzzle and you have to really think around the social components of the system as well for example one of the core things that they fight very aggressively in from a security perspective is this concept of ballot secrecy why because one you don't want people to know why you voted one way or the other your vote should be secret but then also you shouldn't be able personally to prove that you voted for a candidate a or b because their primary concern there is vote selling and uh here's the reality we don't live in the 19th century anymore where vote selling is rampant we live in a highly digitized age and there are far better means for people to interfere and intervene in elections than going to alice and say if you vote for candidate x i'll give you a boatload of money here's a good example united states so if you look at demographic statistics certain demographics tend to vote for certain political persuasions much more so than others for example united states african americans historically vote around 80 to 90 percent democrat in the uh presidential election so a rational game theoretic strategy if you wanted to buy votes instead of trying to spend five million dollars trying to convince random people to vote for uh your democrat candidate or you know pick your favorite would be instead to spend that five million dollars going into places where people typically don't vote but are of that demographic and just simply register them because you know that eight to nine out of ten you register will likely vote for your candidate so it's a significantly more rational strategy to just spend money this way and technically speaking that's not a violation of ballot secrecy or vote selling or these things so these are examples that whether you're on a paper-based or a blockchain based system you can't really do much about and those are far more effective means of getting hundreds of thousands of extra votes one way or the other okay so these are examples of things that are not addressed in the paper but are incredibly important when you think about the meta of a voting system in general is that if you know certain things about how certain demographics vote you can just use that fact to take advantage of the system as it is now the other thing is that and this is a fair there's two very fair complaints in the paper one is that we suck at public key private key management the guy who invented it ron is probably a really good person to tell you that and pki is an important thing and the reality is you cannot do e-voting unless you have an authenticated bulletin board it's not good enough just to say i can click a button and vote you need some sort of a symmetry in the system where what you input into the system cannot be forged and has a degree of non-reputability about it the only way you really can do that effectively is with a digital signature at some capacity okay but they very rightly point out that pki is real hard in practice and they say hey hundreds of millions of dollars worth of cryptocurrencies have been lost because we're not so good at keeping our private keys secure that said our entire industry wakes up every day and tries to figure out ways to make this more usable and more secure and so forth they also point some things out in the paper that i think are very unfair like i took some notes for example when they said hey let me find the the notes i have here oh like for example they cherry picked this thing as saying that online voting may not increase turnout that's a relatively counter-intuitive thing because anytime you make voting more accessible you'd expect more people to do that and they point out uh some of the cantonal elections that were done in switzerland that's one of the citations as well as decreased voter turnout in belgium and some things in estonia and canada or how online voting will simply favor one class of people or the other i think most people agree that a hybrid voting system makes a lot of sense and i don't see a reality where you move completely from a paper-based system to a blockchain based system what you would rather do is you would say okay you can do either or for example united states you can vote in person or you can get a mail in ballot okay so similarly you can vote in person with a mail-in ballot or you can do an online vote it's not clear to me how that would disenfranchise voters or reduce turnout the other thing is that you can have with an electronic voting system significantly more involved ballot complexity or faster polling of people so you can use different voting systems like ranked order voting and other things much more comfortably and you can have much larger ballots and more frequent elections and so forth there was a bit of a cherry-picking too when they pointed out that a blockchain-based voting system in moscow was was horrifically broken i happen to have been at the conference where that was uh discussed i believe that was real world crypto in colombia uh earlier this year and i remember that presentation quite well and yes it's very fair to point out that that system was terribly broken but that's not necessarily a representative sample of the state of the art and it's very easy for me if i'm trying to pick on a new crypto system to just simply uh pick on the worst possible systems or systems that are not well constructed uh there's also a little thing that says governments may also provide legal recourse for victims when they were talking about the differences between online shopping and online banking and how these are lower uh thresholds than e-voting they seem to make this assertion that there's no means to make voters whole again if there's a compromised election that's just not true it's just materially not true and the reason being is that we have the election but the people elected do not take office until much later after the election for example the united states we had the election in november and the president will not take office until january i believe it's 20th or 21st i can't remember the date which gives plenty of time for auditing oversight contesting and that's one of the properties they push is this notion of contestability so if there's a suspicion that the system upon audit mandatory or enforced is compromised in some way then there's plenty of opportunity to redo the election or plenty of opportunity to invalidate part of the election and uh and intervene so you can build in to the latency between when the new candidates take office and when the election happened uh all kinds of recourse so i don't think that's fair at all uh there's also this concept this is reading verbatim for the paper users of bitcoin other cryptocurrencies have lost hundreds of millions of dollars due to theft fraud or mistake cryptocurrencies have fewer risk absorption mechanisms than traditional banking that's also not true you can build all kinds of things with smart contracts and governance for reversibility oversight you can use multi-sig for things you have escrow accounts there's all kinds of staging mechanisms you put in so you can rewrite the logic of the system so these systems are much more flexible in general than a normal traditional e-commerce system or online banking system and you're not at the mercy of people but okay uh you know and so then they they go into uh you know things like software independence and i agree uh that's an incredibly difficult problem you have this issue that we don't have secure operating environments we're looking for them and we do build them in certain domains like for example dealing with classified information uh you know skiffs and other things exist and people invest billions of dollars into constructing air gap very sophisticated systems that are immune to foreign coercion or tampering but in general it is very expensive and hard to build a system that is ubiquitously uh secure this is the holy grail of information security and it very rightfully said that it's difficult to avoid a compromised infrastructure and uh you know there's many vectors of attack there so that's why a hybrid system makes a lot of sense because you have means to look at that now voter verifiability this is one that i think is very unfair they say even if about before ballots casting a voter composing about it must be able to verify for herself that her prepared ballot reflects her intended choices i have no way with a paper ballot of knowing if my ballot was actually counted and it actually reflected my choices or not i have to have just faith in external counters that that indeed was counted so let's be clear here that ballot construction is a problem with a digital system what can happen is when i submit my ballot to a public bulletin board i can take a hash of what i've submitted and all that metadata and data and sign that with a did or some sort of identifier and i can commit that to an authenticated bulletin board now if i do that that i can always verify that my ballot indeed was posted and recorded properly now they say well you shouldn't do this because if i can reverse the hash then i can prove to an outside party that i voted for trump or for biden or other things like that and then i could potentially sell my vote so you could create a system where you have plausible deniability where i can verify that i voted a certain way but you can put in another way of doing the verification so that you can make it appear that you voted for someone else so if anyone's attempting to buy my vote i could always make for example it it appears as if i voted for a particular candidate you know so that's one way you can look at that and you can build a back door into the system where there's an additional piece of information that the government could possess that would allow the government to know which one of those is legitimate but you couldn't prove that now the advantage there is criterion number five auditability now if i have the ability to reverse a hash what the government can do is pick a statistically significant subset of the people who voted and then simply say if you prove that your pre-images are correct and you check that and it's not a mistake in the system we can give you a benefit like a tax credit for example so why not have the people who voted themselves actually provide auditing and oversight of the system if you have dids or did aliases cannot connect it to non-reputable commitments in the system it seems like that would actually be a reasonable way of doing things and you actually have a great degree of auditability there as opposed to the existing auditability where if we lose for example the envelopes it's impossible to verify if a ballot is legitimate for male imbalance but okay contestability is another example of that i have to kind of be able to prove i voted a particular way to contest that my vote either wasn't recorded and if you have public bulletin board with um pre-image with commitments that are signed by a did alias you would be able to contest if the pre-image wasn't correct because you'd have your pre-image and people would have to forge your signature to um to get a different commitment but okay and then they uh they talk about different categories of voting systems inside the paper and i think that's pretty interesting but they keep just saying over and over again the conclusion of the paper uh they do talk about end-to-end verifiability in [Music] system level attacks yeah in section 2.4 uh on page number nine and i was actually very nice that they they cited ari jewels work and the civitas proposal with clarkson and also the u.s vote foundation's nose notes on end and verifiability and there's a great paper actually where they talk about many of the challenges and maturing that's required there so it's quite good and they talk a lot about transparency in section 2.5 and then different blockchain systems so uh it's a great paper in that it shows you how complex things are when you talk about actually building a real voting system and there is a real advantage to a paper-based distributed in-person system it's very hard to hack that especially if the machines that count things are air-gapped so if you want to actually get blockchain and voting you have to kind of answer three things at the same time one you have to actually figure out how you as a society are going to handle pki that's why we built prism it's an entire philosophy on identity management and how are we going to take identity management to the 21st century and there's a whole class of very elegant security problems that exist there and elegant cryptography that's required to make that meaningful okay you need some notion of identity to be able to do elections because you have this concept of those who are registered and eligible to vote and those who actually voted and you need an identity system to sort all of that out that we as a society accept second you need the ability to have non-reputability and to have unforgeability non-reputability is this process that i can't later on say no no no i did it the other way it's like a signature a digital signature when you sign something you you are it's non-reputable it's signed you can't unsign it and then unforgiability means that we have to have faith that people can't introduce data into the system ballots into the system that are illegitimate so that's a huge collection of problems onto itself and third we need a secure operating environment and that secure operating environment is another one of the holy grails of computer science you know it's in information security and cryptography in general it's a really really really hard thing to accomplish but we actually are making huge strides for example my phone has samsung knox there are trusted execution environments we have things like ubi keys ledger devices trezor devices and nothing's 100 but in life what's to stop somebody from just voting with your mail-in ballot when they see it put in your mailbox called ballot harvesting there's a litany of attacks that exist there they're low-tech and can easily be done and signature verification is not necessarily always done either and a lot of people can easily find out what your signature looks like with just a modest amount of social engineering so again this is not a game of perfection it's just a game of good enough and then there's a question of the vote domain so are you voting on everything digitally or are you just voting for example on approvals or preferences or are you voting in local elections but not federal elections to build confidence in the system and then there's this concept of universality of audit and oversight so for example if you have open source software in an open global transparent system then society can collectively iteratively improve the design of the system and insert all kinds of checks and balances for example a straw man system could be that after you vote and you make your commitment to the public bulletin board the blockchain that the system can mail you that commitment along with a chunk of the data record so you have a paper record of how things were recorded and if for whatever reason the database gets compromised that people can actually reassemble things and you also have to decide you know are all threats things that you hold equal or are certain threats worse than others um foreign adversaries would have a very hard time breaking signatures so really the only thing they could do is compromise the identity database and put fraudulent registrations in whether you have a paper-based ballot system or you have a digital system that's a lingering attack and all the arguments that can be made for software vulnerabilities can also be made for software vulnerabilities there what would simply stop me from putting 50 000 or 100 000 fake people in your voter registration database and they say oh well they have to have addresses or all these other things okay yeah but what would stop me from you know coming up with a scheme for that it's like oh but it has to be a distributed thing okay well if you think that's an issue then why are you worried about vote selling because vote selling would in it to be any have any statistical impact on the election you would have to do the exact same thing to attack the mail-in ballot system so if you say it's not a problem there but it is a problem for the digital ballot you know these are examples of trade-offs and so i think it's um interesting paper nonetheless i'll read it over the weekend much more carefully and also go through all the citations much more carefully but it's a topic we're quite interested in and actually i'll see if i can convince agalos to actually write up some things about challenges in e-voting in general and some of the state-of-the-art research and we think about this a lot because we actually do online voting for cardano and if this paper was accurate basically the conclusion of the paper would be that catalyst cannot work and at any time a foreign adversary can come in and compromise the entire system and if this paper was accurate i guess proof of stake wouldn't work either because at any time people could compromise the system and so forth you know there's there's one that does not necessarily follow the the other but overall i think it's a great piece of work you know anything coming out of mit at this level always is and again it shows the profound complexity in actually building these systems in practice and so when people tell you blockchain-based voting or e-voting that's a very high bar and do understand that the voting systems we have today well they are imperfect they didn't get that way by accident they got that way through years of trial and error and lessons and accepting some harsh realities about how technology works in general but i think it's essential that we move towards e-voting because we need to be able to have much more ballot diversity much more types of voting systems and election systems we need to be able to poll our population uh frequently especially for referenda or constitutional changes or these types of things and also i think that it's not acceptable to have your leaders get elected with less than 50 percent of the population uh giving them that mandate that means the minority actually decided how life is going to be for the majority and that's not how a democratic society should operate so a lot to think about thank you so much twitter for sending it my way and you know niha she's a she's great she's part of mit's digital currency initiative uh and i've met her many times throughout the years and i really enjoyed having great conversations with her and she's truly a blockchain expert one of the top people around for that and also ron is a living legend in the cryptography circles and uh you can really tell when people know what they're doing by how skeptical they are of the shiny new things because they understand how hard it is to actually make these things work in practice and how much suffering they had to get the old stuff to actually be reasonably secure so i appreciate the skepticism and hopefully we'll be able to offer a lot of interesting solutions and so forth and a big shout out to our jewel and the rest of the gang of people who have worked in this space and have been thinking about this space for a long time and have made meaningful progress and the drum beats continue cheers everybody
