I would have applauded this as an interesting idea until I heard of yet another bitcoin theft today. Sounds to me like the whole bitcoin verification is not terribly secure.

Also, SS# is not proof of citizenship.

@zenvelo I’m not entirely certain of the details, but it’s possible that bitcoin thefts have nothing to do with the legitimacy of the mathematical verification process, and instead have to do with breaching security at the exchange and stealing the data. Those are potentially unrelated issues, but I don’t know enough about the details to say one way or the other.

As for the SS#, I’m not sure what number would make sense for that. The point is, you wouldn’t be able to enter the same number multiple times, because the system would detect that. So it is possible to have voting rights and no SS#? I wasn’t sure if you’re given one when you become a citizen.

Bitcoin has potential problems because it is run on publicly accessible networks. I assume voting tabulation is done on a closed government run network.

There is work being done to try to replace passwords, using such methods as fingerprints or optical scanning. If any of these systems become at least as reliable as passwords then they could be incorporated into current voting machines, eliminating any talk of voter ID.

Regarding bitcoin thefts, there’s actually two perpendicular issues. To use an analogy, I can prove that I own a locked box because only I can open it, but that doesn’t prevent someone from stealing the key from me. “Bitcoin’s verification system” simply means that it’s impossible to create counterfeit boxes/keys. In bitcoin, there’s the concept of “cold storage” which is when a user physically prints out the key on a piece of paper and deletes all digital copies of it, so that nobody can steal it by hacking their computer. Back on the subject on voting, this means that the central server’s security has to be airtight, but it also means that using a “bitcoin-based” vote verification system isn’t a security vulnerability (the weaknesses lie elsewhere).

Regarding the details of bitcoin, it relies on “security through brute force” since the only way to create counterfeit money is to control a sizable percentage of all computing power that’s hooked up to the bitcoin network. This approach isn’t really applicable to voting, but there’s plenty of other ways to use cryptography to make open-source voting software. Two organizations that are working on it are Helios and OSET.

Voting verification is rather complex because there’s several (at first glance contradictory) requirements that should ideally be fulfilled:

- It should be possible to verify that every vote came from a single eligible person, but impossible to reverse-calculate which vote came from which person.
– It should be possible for me to verify that my vote was counted properly, but impossible for me to prove to other people which way I voted. This is important because it prevents vote buying / vote extortion: I should be able to be personally confident that my vote goes to the candidate I truly desire, but I should be able to lie to other people about which way I voted in case a family member / employer wants me to vote in a particular way. (related wiki article)

The actual details on how these procedures work are beyond my level of education.

Here in Europe, we have an id system where we can sign sensitive documents ‘virtually’ and gain access to personal tax and corporate records. I could imagine a voting system similar to this, but the US has far too many loop holes and ability to steal personal information and steal identity to have anything reliable. Because Americans are so paranoid, they haven’t been able to put a decent identity security system in place. Colour me ironic.

@PhiNotPi So if the system is required to have a Zero Knowledge Proof, in the event that your vote was altered, you’d be unable to prove to others (e.g. journalists) that there was potentially foul play. It seems like that requirement might be counterproductive, unless I’m missing something?

Yes. But it would be prone to a denial of service attack. The server could crash If everyone voted at once.

@gorillapaws I don’t think you need to be able to identify any particular individual whose vote was altered in order to prove that a vote was altered.

Using some advanced encryption techniques, it’s possible to encrypt each vote individually, add up the encrypted votes, then decrypt the total number. Also, I’m not sure if the systems in development actually use true zero-knowledge proofs, but the concept is similar. voters receive a “tracking number” that’s derived from their vote (Helios describes it as a “fingerprint”) with which they can verify that their vote was added into the total. If I understand it correctly, this tracking number alone doesn’t contain the information of who I am / which way I voted.

I haven’t read this article through yet, but it looks relevant.

What is the blockchain, and is it really about to change the world?