In the previous blog post, we discussed different issues with current approaches to applying blockchain technology for electronic voting. The considerations of ballot secrecy, eligibility and consistency verification, transaction rate (and cost), and trust bring us to the design of TIVILEDGE.
TIVILEDGE is an experimental End-To-End Verifiable i-Voting system, with the main goal to increase trust and transparency by distributing a part of the system (an election bulletin board) among different organizations. To reach this goal, TIVILEDGE has been designed to address the drawbacks present in current proposed solutions:
- permissioned blockchain -- instead of using internal log technology, TIVILEDGE will employ Hyperledger Fabric blockchain for storing the data. The institutions wishing to use TIVILEDGE as an online voting platform could just set up their own nodes or use templates from AWS or GCP to join the consensus. Provider-independent nodes ensure that the bulletin board stays intact and available regardless of the provider.
- public audit -- as the TIVILEDGE has a bulletin board where different parts of election processes are published; it gives the possibility for auditors and observers to perform verifications over this data.
- information-theoretic security -- instead of storing the encrypted ballots on the bulletin board, a perfectly hiding commitment of the ballot is stored. This ensures that even if the attacker has an indefinite amount of computation power, it cannot break the ballot content.
- proofs of correctness -- the voter will construct a zero-knowledge proof of correctness of the ballot. Additionally, the ballot receiver constructs a perfectly hiding commitment and a corresponding zero-knowledge proof of commitment correctness, which are then stored on the bulletin board. This allows for both the voter and observers to verify that the ballot has indeed been formed correctly.
- eligibility verification -- to verify that the published commitments were constructed by an eligible voter, commitments are being signed by the voter’s private key before they are published on the bulletin board. This gives confidence to the voter that their commitments will not be altered (except only by the voter themselves) and any observer can verify that it was cast by a real person.
- homomorphic tally -- the ballot is defined in a way that allows for the homomorphic tally of the result. Homomorphic tallying is the process of summing the ballots without decrypting them previously. This ensures that no individual ballots are ever decrypted, preventing the leakage of voters' privacy.
- key management technology -- in TIVILEDGE we considered the need for a secure key management solution for decryption keys. Therefore, we opted for a threshold key generation process which divides the decryption key among different parties and to reconstruct or retrieve the divided key, parties must co-operate together by providing their share of the divided key.
Holding keys in a distributed manner allows for the elimination of the risk of early results tally or individual vote decryption in case decryption keys are held only by one party, as to perform the decryption more people have to be involved in the process.
- flexible consensus -- depending on the specific requirements of the elections, it may be necessary that some of the consensus nodes are hosted by parties external to the election organizers. In that case, the election organizers may not assume the same trust as for the internal nodes, but the current Hyperledger Fabric consensus definition does not allow this.
The expected outcome of the PRIViLEDGE project is implementing a flexible consensus. This provides endless opportunities for different consensus configurations. It is complicated and we refer to the Deliverable 4.1 for a complete description of the capabilities.
- receiptless verifiability -- current online voting protocols need to have an individual verifiability property to be competitive at any level. TIVILEDGE improves this property by providing the individual verifiability while still being receiptless. Being receiptless is the property of not allowing to construct a proof of voting for a particular choice and this ensures that the voter cannot prove to the coercer how they voted. This removes the possibility of coercion and increases trust in the election outcome.
- cryptocurrency freeness -- as the Hyperledger Fabric is not built around cryptocurrency, it removes the necessity of thinking about the transaction cost.
As for the election types, TIVILEDGE cryptographic protocol currently supports only one type of election where only one candidate can be selected out of N number of candidates, but different approaches are taken into consideration to bypass this limitation.
In the end, the TIVILEDGE system will be suitable for independent organizations such as universities, parties, unions, etc. as it provides an accessible, transparent, and cost-efficient means of online voting.
Of course, developing such a system is quite a challenging task, and we constantly review our decisions as to not lose the security and transparency properties of the system.
If you want to find out more about the current status of TIVILEDGE see Deliverable 4.2, which will be available in near future, as it contains more architectural and procedural details. Also, stay tuned with the PRIViLEDGE project to keep yourself up-to-date with the online voting and other use cases.
Written by Ivo Kubjas & Sergei Kuštšenko, Smartmatic-Cybernetica Centre of Excellence for Internet Voting.