Share this page!

Sarah Jamie Lewis Profile picture
Twitter logo
5 Nov, 43 tweets, 9 min read
Oh can I do a thread on Blockchain voting? I have *opinions*!

Let me burn your dreams with whimsical abandon, and then offer you a better future from the ashes...
First, let me zoom all the way out and state that under the right conditions, using a blockchain as part of the voting process isn't an absurd idea - there are actually a few schemes that have some nice properties, and we will get to them...but all those words are important.
Let me take you all the way back to 2018, when I bright eyed technocratic clusterfuck of a project called Voatz was awarded a contract to pilot "blockchain" voting for overseas military.

Was the solution that Voatz provided better than the existing use of Fax or Email? No.

But was it cheaper? No.

Did people use the pilot to put out some ridiculous press releases heralding Blockchain e-voting as the saviour of democracy? Of course they did.
This isn't a thread about Voatz because this is a thread about Blockchain e-voting, and what Voatz did/is doing is...not that

But you need to understand Voatz to understand the core issue at the heart of (blockchain) e-voting - decentralizing and distributing power and trust.
In functioning democratic societies the operation of elections is a symphony, orchestrated by the many different centres of power, kept in check by a strong civic society and a free press. Every piece fundamentally both independent and cohesive.
Advocates of blockchain voting often mistake this jumbled, amorphous process for inefficiency = something that can be streamlined with technology - and if there is anything you take away from this thread let it be that you understand this core belief betrays their ultimate vision
For you see, dear tweet reader, if there is a place for blockchain e-voting in this future then it is one that requires, even demands, the existence of that hydratic orchestra.
The thing about blockchains is that they require a mechanism of power distribution that the participants recognize as beyond corruption - for now there is a contingent of people that are happy entrusting money to proof-of-work, that ain't gonna fly for, you know, democracy.
Proof-of-stake is also a dubious proposition (both generally, and in this particular semi-diatribe), and so we are left the one mechanism that pretty much all "real-world" "blockchain" experiments have arrived at proof-of-authority.
This is where I would insert a rant about how all current Blockchain e-voting experiments basically collapse into the same abyss as non-blockchain e-voting experimens - cluster fucks of proprietary centralization - but I've done that rant too many times:

That' all the bad ideas, we've set the stage, I've already annoyed a few people with my terse rhetoric, so with all that out of the way, let me tell you how one might construct a blockchain-based e-voting system that actually does-a-democracy.
To make this at home you will need:

* A cryptography textbook written sometime since the 1970s
* a functioning civic society (if you don't have this you can use an historical federation as a substitute)
The recipe is pretty easy, first, agree on set of entities that have the power to issue voting credentials to voters - sometimes this will have been done for you! These organizations know who voters are, and can issue them a "ballot" or in cryptographical terms "magic numbers"
Set up your proof-of-authority blockchain by distributing the consensus power among independent members of civic society (or states in your federation) - any anyone else you think would be cool (except the voting credential peeps)
OK, there are some constraints - you need enough entities that any significant subset of voters believes that some of your "authorities" won't be corrupted by the others. There is an upper bound too because you actually want to use the system to decide something.
The job of these "authorities" is simple. They will run a node, that will accept encrypted ballots from voters, they will then conduct some kind of anonymization protocol (I'll come back to this), and then include the ballot in a block.

Until the polls close...
Once the polls have closed they work together to construct the decryption key (i'll get to this too) and publish it. Anyone who wants to check the results grabs this key and runs it over the ballots in the blockchain *poof* election results! No need for 2am press conferences.
You don't even need much fancy crypto to make this work, you need an asymmetric encryption scheme where the public key can be generated from a set of independently held private keys (you will find this in your old textbook), a public signature scheme (for the consensus) and...
some form of anonymous communication protocol - the good news is that you can bootstrap any system from your consensus members - they are sufficiently independent and decentralized - you can even just* onion route the ballot through a few of them

*disclaimer can't fit in tweet.
The point is that the actual cryptographical primitives needed to make a system like that work have received pretty intense scrutiny over the last 20 years - and you can better avoid doing the thing that Scytl did in Switzerland and Australia...

Anyway, the point of that very high level, ridiculously over-simplified cryptographic description was to try and convince you that the actual math doesn't really matter - as fun as bleeding edge zero knowledge proofs are.
The actual bit that makes blockchain voting desirable; the feature that should sell the vision; is the magic of the decentralized collection of entities who act as consensus authorities.

It's also the really, really hard bit.
Very few societies have a set of entities that are

1) (seen as) mutually independent and distrusting
2) able to cooperate towards a common goal
At this point I'd be remiss if I didn't shout out this paper (zora.uzh.ch/id/eprint/1867… ) by @killerdesign_ch et al which I had the opportunity to provide feedback on, and which inspired me to dive deeper into this whole zone.
The events that led to that opportunity are too long for this thread, but the short version is that in 2019 I got to learn a lot about Swiss politics...

Anyway, Switzerland is a very weird country that I recommend visiting (after you know..the pandemic), the people there are very passionate about their democratic institutions and this is reflected in the fierce decentralization of their federation.
The paper I referenced, suggests using Swiss Cantons (the member states of the Swiss Confederation) as the voting authorities - and it is probably one of the few sets of entities that could actually satisfy the criteria.
But then why, I hear you ask, can't the same be said for US States or Canadian provinces or <insert geographic partition nomenclature here>?
Because Switzerland is a directorial republic relying on direct democracy, proportional representation and primus inter pares. Cantons have a high degree of independence, to the point of being mini-countries in their own right.

Not unique in the world, but rare.
It is only in a society like that that you can begin to talk about infrastructure projects (like e-voting) that aren't theatre.

Strongly independent parts that aim to act together, occasionally, to reach a consensus on an issue that impacts them all.
Perhaps I should have begun, as I will finish: A blockchain is a protocol through which global consensus is determined.

You can do many cool things with votes on a blockchain...like count them quickly, and allow the public to count and verify the results at the same time,
The technical challenges are not insurmountable - blinded tokens for voter auth, onion routing for privacy, digital signatures and multi-party protocols for consensus and delayed decryption.

The parts are out there, have ample scrutiny and engineering behind them already...
The actual hard part is distributing the power...which is unfortunately the thing you were trying to do in the first place.
(Postscript: I see many of you have *questions* which I've been ignoring I'll do my best to find them and answer them below)
For a larger audiance: Yes! Some overseas military members do as they are often in places with no reliable postal service and so the only effective system is proxy voting via email or fax.

Proof of Authority means that the decision on whether to include a block in the chain (i.e. the consensus) is delegated to one or few entities by-definition, rather than allowing anyone to participate through e.g. hashing power (proof of work)

Proof of work doesn't work for democracy because you don't want a random entity *cough* <insert nationalistic boogey man here> *cough* selfish mining your chain on election day.

A couple of questions here:

1) "isn't constantly published merkle root sufficient" - I'd argue that if you also want public validators who construct/verify the data (but not add to it), then any solution approximates a blockchain.

2) "will onion routing (mixnets) allow you to replace a vote once you've cast it" - Yes, there are ways of doing this - the simplest would be that if multiple ballots with the same (blinded) token are on the chain then only count the one included in the most recent block.
I skipped over this when outlining, and then uttered the spell "blinded tokens" later on - but that is basically the answer - ballots can be verifiable but anonymous through a blinded token scheme whose issuer operates the electoral register.

(if I missed a question, or you have other questions, @ me and I'll get to them)

Ultimately I do think that if we have any hope of evolving society towards consensus, understanding and anarchy then that path leads through e-voting - doesn't mean it's a clear or easy path.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Sarah Jamie Lewis

Sarah Jamie Lewis Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @SarahJamieLewis

Sarah Jamie Lewis Profile picture
27 Jul
The core thesis of Das Kaptial is that labourers should share in the profits of their labour & in ownership over the means of production - it's effectively a more pointed version of Smith's scattered critique of landlords and economic rent in Wealth of Nations.

Read a damn book.
Had Adam Smith written Wealth of Nations 90 years later, in Marx's time, it would have probably echoed many of the criticisms of labour exploitation that were described in Das Kapital - the seeds were there in his disdain for those who profit without producing.
Marx and Smith would have likely disagreed on how best to structure such arrangements - Smith was big on rewarding risk, and Marx was more concerned about the material realities of an exploited class of workers - but those are not irreconcilable philosophies.
Read 4 tweets
Sarah Jamie Lewis Profile picture
15 Jul
One of the most powerful social influence capabilities in modern history and they are using it to scam some Bitcoin.
Can't wait until we all have to start cryptographically signing our tweets to prevent World War III.
Not entirely sure why Twitter hasn't hit the big red "shut down everything" button yet.
Read 18 tweets
Sarah Jamie Lewis Profile picture
7 Jun
The telecom system *is* a surveillance system, and governments and law enforcement have decades of experience in exploiting it at all points in the stack.

Burner phones are mostly a myth in 2020. Find a camera not hardwired to several transceivers.
There is so much bad security and privacy advice floating around that will do nothing other than make you stand out - there is a small segment of tech might mitigate some risk (like Signal/Wire et al) but honestly the space is behind where it should be.

I wish we had good metadata resistant communications but it's been a struggle funding it to the extent where it is usable, and we are still not there - I wouldn't trust anyone who tells you their centralized messaging system is infallible to law enforcement action.
Read 7 tweets
Sarah Jamie Lewis Profile picture
11 May
If you are building an app that is supposed to preserve privacy I want to tell you about (& how to fix) a vulnerability you probably have: Unintentional remote resource loading.

(I've found it in nearly every app I've ever audited under a privacy preserving risk model)
We find ourselves in a future where every goddamn app framework is actually a browser engine.

Browsers think auto-loading remote resources is a feature, and while there is some momentum to change that it isn't happening anytime soon.
Whether it's something that is obviously a browser engine, like electron, or something that is sneakily a browser engine (like Qt/QML) chances are that you definitely have some kind of widget in your app that will happily interpret and display (a subset of) HTML.
Read 18 tweets
Sarah Jamie Lewis Profile picture
1 Apr
Cloudflare, swearing it is not a joke, have launched a censored DNS product that out the gate blocks LGBTQ support and aid sites as well as sex education resources.

(They have unblocked some of these now in response to complaints, but many remain inaccessible via their filter)
Organizations that I've tested and found to be blocked: Stonewall, LGBT Foundation, Outright, Mermaids, Broken Rainbow, Transgender Law Center, Lambda Legal andn a dozen or so sex ed sites
But it really isn't about individual orgs, it's about blocking an entire category of resources as "adult content" purely to perpetuate the idea that anything not cis/het/dyadic is harmful.

@Cloudflare perpetuating censorship that literally kills thousands every year.
Read 17 tweets
Sarah Jamie Lewis Profile picture
23 Mar
I have absolutely no idea how you look at the sheer incompetence of many local and national governments over the last few years and, especially, months and come to the conclusion that what is really needed right now is a massive, invasive surveillance system.
Especially because what most people are arguing for (meter-level contact tracing and quarantine enforcement) already exists and is already accessible by governments in the form of tooling developed by telecoms that is already used for sporting events & police investigations.
Which is one of the many reasons I haven't regularly carried a cell phone in over a decade and neither should you.
Read 12 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get email notifications when new thread is out from this Author!

Check out other threads from this Author!

Read all threads by @SarahJamieLewis