The new MIT document rejects blockchain-based voting systems

As the media waited to announce a winner until the Saturday following the US presidential election, inquiries arose as to how blockchains would make this process easier. more evidently possibly by Changpeng Zhao, CEO of Binance, as well as Vitalik Buterin, who added that while there are technical challenges, the demand for a blockchain-based mobile voting app “is 100% directionally correct.”

A new report from MIT, however, firmly opposes the idea of ​​blockchain-based e-voting, largely on the basis that it will increase existing cybersecurity vulnerabilities, fails to meet the unique needs of voting in general elections. and adds more problems than it solves.

The authors of the report are Ron Rivest, professor at the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) and one of the creators of the RSA cryptography; Michael Specter; Sunoo Park; and director of MIT’s Digital Currency Initiative (DCI) Neha Narula. The paper was posted on the research team’s website this week and is under review by a major cybersecurity magazine for publication this winter.

“I haven’t yet seen a blockchain system that I would trust with a county jellybean count, much less a presidential election,” Rivest said in a blog post accompanying the report.

The report acknowledges the desire that people want the voting process to be faster and more efficient, but rejects the idea that just because we do things like shop or bank online, that means elections should be done the same way.

One reason is that these systems have “higher tolerances for failure”. For example, if a problem occurs, such as credit card fraud, you could block your card and a bank might even refund you. But when it comes to elections, there is little remedy if a vote is changed or not delivered, particularly as online voting systems may not always recognize when one of these actions has occurred.

Read more: Overstock Touts Voatz ReBlockchain Voting App as a solution for US elections

Another is that anonymity, or at least the detachment of how you voted from your identity, is an important part of any electoral process. Although a bank or shop may offer you a receipt, proving that you have done something to detect or prevent fraud, with voting, it is important that no such receipt exists so that votes cannot be forced or sold.

“For the elections, there is no insurance or recourse against a failure of democracy,” says Rivest. “There is no way to ‘make the voters whole again’ after a compromised election.”

And cybersecurity problems are numerous.

One problem with online voting is that it opens up to scalable and undetectable attacks.

In terms of scale, the acquisition of a zero-day Android vulnerability cost only $ 60,000 in 2012. A zero-day vulnerability is a known security flaw, but for which a patch is not yet available.

The authors estimate that testing and weaponizing such a vulnerability would increase the associated costs by two orders of magnitude, meaning an election exploit could cost $ 6 million. While it may seem like a large sum, it is little for an opponent of a nation state, especially compared to the roughly $ 768 million spent on the 2016 U.S. presidential election. This makes a scalable attack on an electoral system attractive, in terms of get a bang for your money.

Such an attack may well be undetectable, resulting in a large number of votes being exploited. This is, in part, due to the number of vendors and devices that should be involved.

“Defects in the voting system could be introduced by the voting software vendor, hardware vendor, manufacturer, or any third party that maintains or provides the code for these organizations,” the report reads.

“A voter who uses a phone to vote depends not only on the supplier of the phone, but on the hardware companies that provide the drivers for the device, the baseband processor, the third-party code authors in the voting software, the manufacturer physical device and the network or any other system on which the voting device relies. “

Even important tools like encryption do not offer a concrete solution. While encryption offers some protections, it doesn’t prevent system bugs. Furthermore, implementing it is difficult, not to mention that there are numerous examples of flaws in a system that allow compromising cryptographic protocols.

These concerns are not just hypothetical. The report notes that purely electronic voting devices in polling stations used in Georgia and Maryland, for example, have previously proved vulnerable and found that internet voting systems in cities like Washington, DC and countries like the Estonia and Switzerland vulnerable to major breakdowns.

Read more: Downvoted: Security Researchers Slam Voatz Over Stance on White-Hat Hackers

For comparison, proven methods such as ballot papers in the mail make a large-scale attack incredibly difficult to conduct with ease due to substantial friction points, such as the need to physically access the ballots.

When asked if there were any lessons the US could take from other countries when it comes to voting online, a spokesperson for the MIT CSAIL said, “None that are positive. Online voting systems will suffer from serious vulnerabilities for the foreseeable future, given the state of cybersecurity and the high stakes in political elections. “

The report exposes a number of arguments that have been supported by blockchain advocates. These include using coins as votes, using an authorized blockchain, and using zero-knowledge proofs for secret votes.

Coins as votes is a model that the report identifies as problematic. In it, a registered voter has a public / private key pair created by the voting authority, with each voter submitting their public key to the voting register.

“So, the register of voters spends a coin for each public key. To vote, each user spends their coin on the candidate of their choice. After a period, everyone can look at the blockchain, total each candidate’s coins and select the one with the most coins as the winner, “the report reads.

Read more: Trump’s post-election purge reaches the US cybersecurity agency

The problem here is that it doesn’t provide a secret vote – all votes are on a public blockchain. It also relies on users being able to get their votes on the blockchain over a certain period of time, something that could be compromised through a distributed denial-of-service attack, making the network unavailable to users.

An opponent could raise transaction fees on a public blockchain, further hindering “voting”. Or the blockchain could be compromised if the majority of miners or validators collude, creating multiple versions of the blockchain.

Finally, it relies on private key management, something that is user-dependent and, as cryptocurrencies have shown, something that people often fail to implement.

Another proposal that the report challenges is the use of an authorized blockchain. An authorized blockchain is one in which a central actor approves who can be part of it. There is usually also a level of control that governs the actions that participants are allowed to perform.

Like coin voting, using this strategy would still suffer from key management vulnerabilities. Furthermore, the authorization parameters would prevent users from reading the blockchain to verify that their votes were counted in order to preserve the secrecy of people’s votes.

A licensed blockchain would also likely run on fewer servers, with most of them running the same operating system, meaning it would be easier to compromise.

A final proposal that MIT examines is the use of zero-knowledge evidence (ZKP). ZKPs are a cryptographic technique that allows two parties on the internet, such as an app and a user, to verify information with each other without sharing the underlying data related to this information. This would apparently help ease the tension between secrecy and making a vote publicly verifiable.

But the report notes that, aside from potential bugs in ZKPs and demanding cryptographic processes, it doesn’t prevent physical tracking by “coercers or vote takers” either.

Furthermore, the report argues that “zero-knowledge evidence is designed for an environment where the party with secret information wants to keep it secret (that’s why they’re using zero-knowledge evidence) – they generally don’t prevent that party from disclosing information voluntarily.”

Read more: ‘Snake Oil and Overpriced Junk’: Why Blockchain Doesn’t Solve Online Voting

A final and fundamental concern with any digital process like this, however, is that they rely on various vendors, hardware and software, which add further complexity and likely vulnerabilities to the voting process.

“The biggest problem is that blockchain-based approaches require voters to use software where a single bug could undetect what they see, for example, by showing them that their vote was cast for a certain candidate. when it really wasn’t, ”a spokesperson for the MIT CSAIL said. “Blockchain is ripe for situations where election results could be changed in ways that aren’t detectable or, even if detected, would be irreparable without running a whole new election.”

The report also argues that elections have a stake beyond simply losing money, as would be the case if these online voting tools were compromised when it comes to cryptocurrencies.

The report notes that it is not addressing voting within a blockchain, like EOS holders who vote for validators in consensus networks, or Augur users who use REP to vote on contract results. These may satisfy some aspects of voting, but they don’t fit well into the political election system and leave many vulnerabilities that cannot be explained.

The report also acknowledges that it is focusing on voting, not on areas like voter registration management or auditing.

In conclusion, the report notes that blockchain and online voting do not address fundamental security issues; instead, they introduce more vulnerabilities than those present in current in-person and mail-order voting systems.

“If the vote is entirely software-based, a malicious system could deceive the voter as to how the vote was actually recorded,” Rivest said in an accompanying blog. “Democracy – and the consent of the governed – cannot be subordinated to the fact that some software correctly records the choices of the voters”.