Cornell University Researchers Formulates Bribery-Resistant Blockchain Voting Strategy
Bribery Resistant Blockchain Voting Strategy
Cornell University researchers recently published an exploratory blockchain post that describes the risks and promises of blockchain voting. The post identified blockchain and smart contracts, which are also known as ECDDs, as the technology that may be able to facilitate -voting. The trouble is, the technology isn’t perfect. The post identified one of the main issues, which is that
“Smart contracts aren’t just good for running elections. They’re also good for buying them.”
According to the post, there are three possible means by which voting could take place under the existing circumstances:
- Simple vote-buying contracts allows people to pay others for proving they voted a certain way. This method is the least worrisome because it is easy to determine the number of votes bought.
- Trusted hardware can be used by voters to force others into a certain vote. Intel is manufacturing this type of hardware and it is called SGX. Researchers predict that companies will be developing the technology at a larger scale. With this hardware, voters “can be bribed to put/generate their keys in an SGX enclave that allows them to vote in certain ways.” The vote buying situation would “simply allow users to prove they are running a vote buyer’s malicious wallet code in exchange for a payment, secured on both sides by [trusted hardware.]” This issue is one of the most troublesome and many refer to it as an “irresolvable attack.”
- Hidden trusted hardware cartels. These are also known as DAOs. It is a vote-buying attack that presents a high degree of risk and it comes the former attack with the idea of a DAO “spawning a trustless organization whose goal centers on manipulating cryptocurrency votes.” With this system, voters and vote buyers do not know how many users are participating in the system. It is an issue because “if small users believe their vote don’t matter, they are likely to take the payroll with no perceived marginal downside.”
Voter registration is done in an anonymous way using hardware (SGX). A voter registers by anonymously placing the equivalent of an encrypted password on chain along with an anonymous attestation that: (1) the voter is entitled to vote and (2) the registration is unique and thus the voter can’t vote twice. There should be no linkage visible even to the EA between passwords and user identities.
When a vote comes in, the EA matches the password proffered with the vote against those in the list. All of this is done blindly; but if the EAs private key leaks, then the passwords will be visible. Because votes are sent through an anonymous channel, however, the votes of individual users remain private to the EA even if the passwords themselves are visible tot eh EA.
The above threats are still unresolved. The researchers and authors of the study released an exploratory proposal for bribery-resistance in blockchain voting. However, there is a caveat – it relies on a trusted third party and researchers admit that it is a major assumption to do so. The major question that arises is whether the assumptions are acceptable for blockchain-based voting.
Researchers have determined a method that utilizes the technology to make bribery possible. Rather than allowing voters to generate their own keys, which they could sell to a vote buyer with an SGX enclave, all voters would be a part of the enclave that allows it to generate their keys. Authors can use the SGX enclave to register votes. The authors write,
“The protocol provides privacy and integrity, but not coercion resistance.”
After the trusted hardware generates a key and voter registration, users can sell the vote. To prevent this issue, the research team suggests that there is a known method that allows voters to submit unlimited votes, and only one would need to be genuine. The genuine vote can be determined by a trusted election authority (EA). This system allows voters to sell their vote, and the vote buyer would not know whether the voter voted in accordance with the buyer’s wishes. This ultimately makes blockchain voting bribery-proof akin to off-chain US government-style elections.
One of the researchers described the technology to ETHNews and what happens after the SGX enclave generates a password:
“When voters register, they can create an anonymous channel. Voting takes place by submission of a ciphertext, their preference, and a zero-knowledge proof.”
The researcher further added:
“User vote remain private to the EA. But, if the private key is leak, the vote buyer can ask a particular user to provide her vote for inspection non-anonymously before it is submitted. The vote-buyer can check whether this vote contains a valid password, i.e., is legitimate, and pay only if it is.”
At the end of the day, the strategy necessitates trust – it requires that voters trust the SGX enclave that generates their passwords and oversees registration and it requires voters to trust EAs and that they will protect their private key from vote buyers.