Un sistema de votación basado en Bitcoin, completamente distribuido

El proyecto Agora Voting ya ha implementado un sistema de votación que se utilizó en el Congreso de España [0] y utiliza métodos criptográficos seguros basados en mixnets ElGamal: las claves de cifrado están distribuidas en un conjunto de autoridades de forma que mientras una de ellas permanezca sin manipular, el secreto de la votación estará protegido, incluso si todas las autoridades están comprometidas, no se puede falsificar el recuento porque es universalmente verificable mediante métodos matemáticos. Este es un método estandarizado y se ha utilizado ya por ejemplo en las elecciones noruegas.

Sin embargo, creemos que debemos continuar la búsqueda de un sistema de votación electrónica seguro. Incluso si se mantiene el secreto de voto gracias al conjunto de autoridades y los recuentos se pueden verificar matemáticamente, la emisión del voto sigue realizándose en un servidor web, y éste es el único punto débil, susceptible a ataques DDoS. Queremos anunciar nuestro compromiso con el desarrollo de un sistema de votación funcional basado en Bitcoin y que proporcione tanto el secreto de voto como la verificación del recuento.

El principio es muy sencillo: utilizar la red bitcoin como un servicio online y distribuido de notaría y sellado para registrar los votos. Ya existen los servicios de notaría basados en bitcoin, por ejemplo proof-of-existence, bitnotar o chronobit. Esto demuestra que el sistema puede funcionar: necesitamos adaptarlo y hacerlo práctico debemos permitir muchos votos en un periodo de tiempo reducido, proporcionar medios para verificar la validez de los votos registrados y detectar qué transferencias reflejan el hash del voto. También tenemos que documentarlo y desarrollar una solución funcional.

Esto solo es el principio, tenemos muchos más planes para distribuir la confianza en las votaciones online. En el futuro queremos utilizar namecoin para que no tengas que fiarte del cartel de autoridades certificadoras SSL, simplemente la red y el hashtag de la votación, que será público. Otra idea ambiciosa y prometedora es utilizar blockchain para anonimizar los votos mediante zerocoin, de forma que podemos eliminar por completo el conjunto de autoridades fiables. Solo tienes que confiar en el nombre y la red. Permite que el proceso sea seguro y muy distribuido.

Para desarrollar estas funciones necesitamos tiempo y recursos y pedimos a la comunidad de bitcoin y a los simpatizantes que nos ayuden: puedes unirte al debate en nuestra lista de correo [1], pero también puedes realizar donaciones en la cuenta bitcoin 1EwqtN6GwHmkfYEfxGhuVcjrNBdQwvXMd3. Si alcanzamos una recaudación de 100BTC, publicaremos y desarrollaremos el plan completo para utilizar la bitcoin blockchain para distribuir la confianza en una red. El borrador inicial del plan ya está escrito, le hemos colocado un hash para que su existencia pueda ser verificada a posteriori, el hash sha256 es:

9251615dfc780e353b5d2c2946ca999d225d91c4e565e7e0330a7bd1800dc43c.

Podemos eliminar autoridades intermedias en los procesos de votación electrónico, podemos confiar solo en el voto.

[0] http://www.theguardian.com/world/2013/sep/11/joan-baldovi-spain-transparency-bill?CMP=twt_gu
[1] https://groups.google.com/forum/#!forum/agora-ciudadana-devel

A bitcoin based, completely distributed voting system

The Agora Voting project has already implemented a voting system that has been used in spanish congress [0] and uses secure cryptographic methods based on ElGamal mixnets: encryption keys are distributed on a set of authorities where if at least one of them remains honest, the secrecy of the vote is preserved, and even if all authorities are compromised, the tally cannot be forged because it’s universally verifiable via mathematical proofs. This is a standard method and has been used in Norwegian general elections, for example.

We believe that the quest for secure electronic voting must continue. Even if vote secrecy is maintained by a set of authorities and the tally proofs are mathematically verifiable, vote casting is still done by one web server and this is a single point of failure, prone to DDoS attacks. We now announce our commitment to develop a working Bitcoin-based voting system that provides both secrecy of the vote and verifiability of the tally.

The basic idea is very simple: to use the bitcoin network as an online, distributed notary and timestamping service to register votes. Notary services based on bitcoin already exist, for example proof-of-existence, bitnotar or chronobit. This proves that the system can work: we need to adapt and make it practical: we must allow many votes in a short period of time, provide ways to check the validity of the registered votes and detect which transfers reflect the hash of a vote. We also have to document all this and develop a working solution.

Please note that this is only the beginning, we have many more plans towards distributing trust in online voting. In the future, we plan to use namecoin so that you don’t have to trust the SSL certificate authorities cartel, just the network and the hashtag of an election, which is public. Another ambitious and promising idea is to use the blockchain to anonymize the votes altogether using zerocoin so we can remove the need for a trusted set of authorities altogether. Just trust the name and the network. Make the whole process secure but deeply distributed.

To develop all this we need time and resources and we ask the bitcoin community and enthusiasts for your help: please join the discussion at our mailing list [1], but also please donate to 1EwqtN6GwHmkfYEfxGhuVcjrNBdQwvXMd3. If we reach 100BTC, we will release and develop the complete plan to use the bitcoin blockchain to distribute trust onto the network. The initial draft of the plan is already written, we have hashed it so that its existence can be verified a posteriori, the sha256 hash is:

9251615dfc780e353b5d2c2946ca999d225d91c4e565e7e0330a7bd1800dc43c.

Let’s make remove unneeded third parties from electronic voting processes; just trust the vote.


[0] http://www.theguardian.com/world/2013/sep/11/joan-baldovi-spain-transparency-bill?CMP=twt_gu
[1] https://groups.google.com/forum/#!forum/agora-ciudadana-devel

Cryptographically secure voting

Last week marked an important milestone for us here at AgoraVoting. We conducted our second excercise in direct democracy via a spanish congressman. Not only that, this was the first time we carried out an election using our recently completed support for secure voting. All votes were private and encrypted, and the election process and tally was publically verifiable.

This is something we have been working towards for a long time, as described in our design overview published here (english version). This design is not yet finalised, as we still need to add a crucial element, support for secure liquid democracy. But we are well on our way to achieving this.

Many different components work together to achieve the end goal of cryptographically secure voting[1]:

The heart of the voting system, including a web frontend as well as rest API.

Agora’s tallying component, uses openstv

A standalone election verifier, making Agora elections publically verifiable.

An orchestration component built over frestq that coordinates election authorities

A vagrant-puppet project to streamline election authority set up

A rest federated task queue to distribute jobs over https (or http)

A javascript cryptography library we use to encrypt votes, uses SJCL

A collection of tallying implementations for ranked voting

The cryptographic backend, the heart of the secure voting technology.

As you can see, realizing our initial vision is no mean feat, but we feel that we have made an important step in this direction. We’d like to thank everyone who has participated and helped along the way. Keep up the good work!

– The AgoraVoting Team

 


[1] Note that we do not claim here that Agora is literally secure, no system is 100% secure in this sense. What we mean by this term is that Agora employs cryptographic techniques from the field of secure voting as defined in the research literature. See for example

http://lefkimi.ionio.gr/~emagos/overview_voting_2002.pdf

http://www.ee.washington.edu/research/nsl/papers/JCS-05.pdf

for an overview.