undefined | Better HN

0 pointsMaxBarraclough8y ago0 comments

> If I understand your scheme, tampering is still possible, we can just detect that it happened

True, the voter can prove that tampering happened, as the signature receipt they are given is specific to their voting choice (as well as to their secret hash).

How would a blockchain fare against a 51% attack? What secret/proof does the voter have that an imposter doesn't have? Is each person issued a 'votecoin'? How could we maintain voter anonymity?

0 comments

3 comments · 1 top-level

scott_s8y ago· 2 in thread

To your questions, I don't know. I would think we would try to avoid 51% attacks by construction because the blockchain would not be easily accessible by non-voting machines. Voting currently doesn't do much to prevent imposters, so I wouldn't even try to addres that. It's also possible that voters would not even receive a transactions receipt (votecoin). They may not even be aware blockchain is going on behind the scenes: they may just see a normal voting machine at their precinct, beep-boop the screen and go home. The value would be in being able to audit the entire vote chain, which we currently don't do. Currently we spot-check the paper ballots against machine output for auditing. Re-doing the whole thing is a recount, and rare.

My complaint about bitcoin itself is that rather than creating a virtual currency, we really created a virtual commodity; that is, it's the closest we've come to creating a virtual item that has the properties of scarcity and non-transferability of physical items. I think that's bad for a currency, but good for auditing votes.

MaxBarracloughOP8y ago

> I would think we would try to avoid 51% attacks by construction because the blockchain would not be easily accessible by non-voting machines.

So we're trusting the voting machines? Doesn't that defeat the point? Surely they should be able to run on public networks while honouring Kerckhoffs's principle: A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.

That's the whole mission here, no?

> they may just see a normal voting machine at their precinct, beep-boop the screen and go home. The value would be in being able to audit the entire vote chain, which we currently don't do.

But if there's no 'voter identity' in the system at all, what's stopping a malicious government from just synthesising the whole blockchain?

scott_s8y ago

> So we're trusting the voting machines?

Maybe. I'm not married to much - I'm just defending that voting is one of the rare cases where I think blockchain has value. We currently trust the voting machines, so even if we do it with the voting machines, it's still an improvement on what we're currently doing.

> But if there's no 'voter identity' in the system at all, what's stopping a malicious government from just synthesising the whole blockchain?

Not much! So we either have to allow individuals voters to get a receipt and verify their votes (which can introduce problems), or we have to print paper receipts which are kept on site. Yes, those can be printed out as a bad actor synthesizes a new blockchain, but paper ballots can be faked, too.

To me, the mission is creating an easily auditable voting record, which we do not have now.

1 more reply

j / k navigate · click thread line to collapse