the volt project: voting on ledger technology · 2019-11-11 · project volt: voting on ledger...
TRANSCRIPT
![Page 1: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/1.jpg)
The VOLT Project: Voting On Ledger Technology
Professor Steve Schneider
Surrey Centre for Cyber Security
University of Surrey
Newton Institute
November 6th 2019
1 University of Surrey DLT Testbed
Surrey Blockchain
![Page 2: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/2.jpg)
Project VOLT: Voting on Ledger Technologies
Verifiable online elections for organisations - using DLT for verifiability - vote secrecy - verifiable integrity of the ballot
Corporate governance: managing voting rights - equity crowdfunding - smart contracts and DLT - management of shares and associated voting rights (which can be complex) - integrity and trust
A mix of technical and sociological questions
- Team includes Computer Scientists and Political Economists
2
September 2017 – May 2020
![Page 3: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/3.jpg)
Requirements on (e)-voting systems
Secrecy of the ballot: vote privacy, fairness
(this is not always a requirement…)
Integrity of the result
(this is always a requirement)
Coercion-resistance
Security?
Verifiability?
Auditability?
![Page 4: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/4.jpg)
Where might e-voting be used?
Political/Statutory ballots
[Not within the scope of VOLT, though longer term…]
Shareholders
Industrial action ballots
Professional societies
Building societies
Student unions
Political organisations
![Page 5: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/5.jpg)
Proposed benefits of electronic voting
Convenience
Accessibility for visually and mobility impaired voters
Prevent or reduce accidental invalid votes (e.g. in preferential voting)
Easier for remote and inaccessible voters
Managing complexity and dynamics of elections (e.g. voting rights)
Reduces costs (perhaps…)
Increases turnout (perhaps…)
It’s the 21st Century! Who uses pencils these days?
We do everything else online (banking, dating…)
![Page 6: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/6.jpg)
Electronic voting – what’s the problem?
11/11/2019 7
![Page 7: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/7.jpg)
Electronic voting – what’s the problem?
11/11/2019 8
Trust in the integrity of the election is critical
How do we know the result is correct?
How can we persuade others that the result is correct?
![Page 8: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/8.jpg)
Electronic voting – what’s the problem? Cyber security
11/11/2019 9
Malware or bugs on voter devices or the election servers might tamper with votes
![Page 9: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/9.jpg)
Electronic voting – what’s the problem? Cyber Security
11/11/2019 10
Adversaries or insiders interfering with votes in transit or on the server
Attacks at scale easier than for physical paper-based systems
Possibility of powerful and well-resourced hostile actors
![Page 10: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/10.jpg)
“We bank online, so why not vote online?”
If we did online banking like we do online voting:
– No receipts or records of transactions
– Transaction secret from bank, but bank still needs to manage accounts
– No bank statements
– Hard to detect, and no way of challenging mistakes (or fraud)
– You would pay the cost of any fraud on your account
– No way to change your bank if you don’t trust it (honesty or competence)
Converse: we don’t vote online so why bank online?
– Trust mechanisms; verifiability; auditability; liabilities on the bank for when things go wrong.
– Financial institutions lose money but accept it as the cost of doing business – what’s the equivalent for voting systems?
![Page 11: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/11.jpg)
Verifiability
End to end verifiability
– Individual verifiability – the voter confirms their vote is correctly in the system
• The voter can check the record and see that their vote is correctly recorded
– Universal verifiability – the processing and tally of the votes can be independently checked
• The votes that have been recorded are correctly counted
– Needs an independent trusted tamper-proof election record – DLT
Individual verifiability Universal
verifiability
![Page 12: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/12.jpg)
VOLT project objectives
Using DLT to put end-to-end verifiability into practice
A trusted foundation for evidence to underpin election integrity
Management of voting rights and shareholding rights more generally
New voting systems and corporate governance possibilities
Understand positives and negatives in state of the art online/blockchain voting
Working with Electoral Reform Services Ltd to include verifiability in online voting systems
Initial prototype system April 2019 based on the Selene design - now trailled in two pilot votes and two real elections
11/11/2019 13
![Page 13: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/13.jpg)
Voter experience (for the “Verify My Vote” VMV project demonstrator)
1. Voter receives login credentials, and also a commitment
2. Voter logs into the ballot system and votes in the normal way
3. After polling has closed, voter receives information to open the commitment to check their vote
4. On opening the commitment, the voter can confirm correctness of the vote that the system has recorded for them
![Page 14: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/14.jpg)
Verifiability
The system uses cryptographic mechanisms to provide the end-to-end verifiability while preserving ballot secrecy
All verifiability evidence is posted on the DLT. This means that it can be independently checked
The design of the system rests on cryptographic commitments
![Page 15: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/15.jpg)
Current status of VOLT project
2018: Design of VMV, for adding to ERS system April 2019: User testing of VMV, with ERS May – November 2019: Voter trials (in real ballots) and voter feedback
16
![Page 16: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/16.jpg)
How it looks in VMV: commitments on the DLT (https://vmv.surrey.ac.uk)
17 Encrypted
Tracker Commitment Credentials
![Page 17: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/17.jpg)
Checking the vote in VMV
18
![Page 18: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/18.jpg)
Complete list of votes on the DLT (result can also be checked)
19
![Page 19: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/19.jpg)
The Distributed Ledger is a crucial component in VMV (The voting literature calls this a Web Bulletin Board)
DLT solves a real problem in verifiable voting: how to make trusted commitments and how to publish verifiability evidence DLT holds verifiability evidence for independent checking DLT enables commitments ahead of the election. Voters checking need to know commitments to trackers were unchanged from the beginning Consensus: everyone knows that they all see the same information including decrypted votes (i.e. different voters can’t be given different views)
20
![Page 20: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/20.jpg)
How does DLT help?
11/11/2019 21
• Verifiability on trusted information
DLT
Verifiability
![Page 21: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/21.jpg)
Summary
Verifiable voting - voters can check inclusion of their vote as cast, and can challenge the election if not. Verify the evidence, not the system Proofs of correct processing of the votes Integrity of the election can therefore be verified
Some outstanding issues: Voter comprehensibility Verifiability tools (verification in practice) Management of voter credentials Future-proofing privacy (cf everlasting privacy) – on chain vs off chain information
22
![Page 23: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/23.jpg)
Commitments
![Page 24: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/24.jpg)
Commitments for voters
Each voter has a secret key
The system creates a commitment to a tracker number for the voter. Think of this as the tracker number inside a box with a door that can only be opened with the secret key
The tracker number is not visible when the box is closed
64
Door image courtesy of www.clipart.email
![Page 25: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/25.jpg)
Commitments for voters
The tracker number is not visible until the box is opened
64
![Page 26: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/26.jpg)
Commitments for voters
The box and the door can be separated
The box without the door is completely sealed
![Page 27: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/27.jpg)
Making a commitment
The box is given to the voter before the election starts (and posted on the DLT)
So the system cannot change the tracker number: it is committed to use that tracker number for that voter.
But the door will not be provided until after the election
So the voter cannot find out the tracker number at the beginning
![Page 28: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/28.jpg)
Voting envelopes
![Page 29: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/29.jpg)
Voting envelope
A different voting envelope is prepared for each voter
It contains the tracker number for that voter
The tracker number is not visible externally
Only the election authorities have the key to open the envelope 64
![Page 30: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/30.jpg)
Running the election
![Page 31: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/31.jpg)
Before the election: Election setup
The following information is committed before the election begins: • The election public key
• List of tracker numbers (e.g. 1, 12, 37, 64, 85)
• And for each voter (but anonymously):
• Voter’s cryptographic credentials
• Voting envelope
• Commitment box given to the voter (door not given out yet)
• Proofs of correctness (e.g. that the envelope matches the commitment)
64
![Page 32: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/32.jpg)
DLT Contents on Setup
33
Voter Credentials Voting Envelope Commitment Vote
![Page 33: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/33.jpg)
How it looks in VMV: contents of the DLT (https://vmv.surrey.ac.uk)
34 Voting
Envelope Commitment Credentials
![Page 34: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/34.jpg)
Voting
When the voter casts their vote it is added to the contents of their envelope
The vote is not visible externally
Bob
64
![Page 35: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/35.jpg)
During the election
Votes are cast: included into the voting envelopes
12
64
85 37
1
Ann
Ann Ann
Bob
Bob
![Page 36: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/36.jpg)
DLT Contents after votes have been cast
37
Voter Credentials Voting Envelope Commitment Vote
1
1
1
1
1
![Page 37: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/37.jpg)
After the election: results published with trackers
The envelopes are shuffled, opened with the election key, and the votes and tracker numbers are obtained and published
Shuffling breaks the link between decrypted votes and the votes in the voting envelopes. This gives anonymity
Tracker Vote
1 Ann
12 Ann
37 Bob
64 Bob
85 Ann
![Page 38: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/38.jpg)
After the election
Voters are sent their doors to open their commitments
64
64
+
![Page 39: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/39.jpg)
Vote checking
The voter can check that the vote they cast matches the vote against their tracker number in the published table
64
Tracker Vote
1 Ann
12 Ann
37 Bob
64 Bob
85 Ann
![Page 40: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/40.jpg)
Checking the vote in VMV
41
![Page 41: The VOLT Project: Voting On Ledger Technology · 2019-11-11 · Project VOLT: Voting on Ledger Technologies Verifiable online elections for organisations - using DLT for verifiability](https://reader036.vdocuments.us/reader036/viewer/2022081607/5eda72a7b3745412b5715b9b/html5/thumbnails/41.jpg)
Complete list of votes on the DLT (result can also be checked)
42