In recent years, contested elections have motivated political pundits, think tanks and technology experts to propose blockchain as a means to secure our elections. Given the political mess that followed the presidential elections in 2000, 2016 and 2020, finding a way to make elections immune to hacking and other forms of manipulation—both real and perceived—is crucial to national security and the maintenance of our republican system. Could blockchain be used to secure elections?
What is Blockchain?
According to IBM, a blockchain is “a shared, immutable ledger that facilitates the process of recording transactions and tracking assets in a business network.”i At its core, a blockchain is primarily a digital ledger, which is a document recording information, usually but not only financial. Bitcoin uses blockchain to track all transactions on the Bitcoin network.
Blockchain could be used to track contracts and scientific discoveries.
“Immutable” means that blockchain is unchanging, in that once a transaction, such as with Bitcoin, is processed, it is added to the blockchain and can never be removed.
“Shared” means that all users on that blockchain network can see every element on the ledger, meaning there is no hidden information. Regarding Bitcoin, anyone can download the ledger and see every transaction that has ever been processed.
If anyone can download the Bitcoin ledger, how can it remain private? This is because the ledger only contains account numbers, balances and public keys. There is no information about the actual users.
The last and most interesting feature of a blockchain is that it consists of blocks of data that are linked, one to the next, through a cryptographic process. This means a previous block cannot be faked except by faking all past blocks to the present. So, if something is in the blockchain a long time ago, it is nearly impossible to fake the age of the item.
Hash Functions
Part of what makes blockchain useful is that it can store an image of data, compressed into a smaller format that is completely dependent on the original. The most common method for this is a hash function, which takes an input object (document, picture, etc.) and produces a string of 0s and 1s, usually 256 digits (1s and 0s) in length.
[M]any proponents claim that blockchain can secure our elections. I was in this camp when I began to write this article. But after considerable research, I changed my mind. Blockchain cannot secure our elections.
The three main properties of hash functions are:
First, hashes must be fast to compute. For a hash to be effective, a computer must be able to compute the hash within a fraction of a second. Bitcoin blocks in the blockchain are created by hashing in a particular way (see below), and the computers capable doing this run up to one quadrillion (1,000,000,000,000,000) hashes per second, which is extremely fast.
Second, hashes need to have pre-image resistance, which means that no one can meaningfully control the output—that is, make the output be whatever one wants. Hashes are designed such that changing one character in a document or a pixel in an image gives a 50/50 chance that each of the 256 bits (0,1) in the output can change. So, a tiny change in a document results in a drastic change in a hash, since the odds that all 256 bits would not reflect a change in output is 1 in 2256 (on par with finding one particular atom in the universe).
Third, hashes need to be collision resistant, which means that it is very difficult to find two meaningful documents that have the same hash value.
How Can Blockchain Be Used?
Blockchain solves the problem where people want to secure some piece of information or validate ownership. An ag tech inventor named Pete, for example, has created new technology but is not ready to go public.
He wants to prove he had the discovery first, so that no one can steal his work. To do so, he needs to show that he developed the technology on a particular date in the past.
To prove this, Pete can perform a hash of the document and submit it to the blockchain. Then he can prove to anyone that he had this document in his possession at the time it was submitted to the blockchain, since it is impossible (as discussed above) to fake a hash because any minor change will result in a different hash. As well, this hash was stored in the blockchain and is now fixed in time. At any future date time, Pete can present the document and its hash in the blockchain proving that he had the document at that point in the past.
In another example, imagine that Rob and Jenny have a legal contract for business partnership they want to keep private for the next three months. However, they both want to be able to prove this contract was signed today. Rob and Jenny can create and digitally sign their contract. They can then encrypt and hash the contract and then submit the hash to the blockchain. Now, they are able to prove that the contract existed at a particular time even without a third party knowing the details.
Bitcoin Blockchain
In a third example, imagine Kevin wants to accept Bitcoin as payment but also wants to be sure that this is a valid transaction. Since Bitcoin transactions are kept in the blockchain, Kevin can check the Bitcoin blockchain to see that his transaction has been validated and is now part of the blockchain. This shows that the payment was received, and the currency is securely in his possession.
The Bitcoin blockchain was the first blockchain to exist. It was invented by an unknown person using the pseudonym Satashi Nakamoto. The Bitcoin blockchain makes blocks and then links them one to the next. All Bitcoin transactions since the last block was formed are collected and verified cryptographically (see my article in the Fall-Winter 2022-23 issue of Dakota Digital Review, “The Unencrypted History of Cryptography”). The transactions are then plugged into a hash with the hash of the previous block.
Then a search is done for a number so that when it is included in the hash, it results in a hash output with a specific number of leading zeroes, (76 at the time this article was written, but this changes every few months) There are 2256 hash values, and we are looking for one out of 2180, so the probability of finding one on the first try is 2(-76) (that is, 2180 divided by 2256), which approximates 0.000000000000000000000013. To put this in perspective, your chances of winning the Powerball are 0.0000000034, which is ten quadrillion times better.
The amazing part now is that the computers on the network adjust values until a satisfactory number has been found. There is no method to this; the computers simply try values until they find one that works. From this, the bitcoin network takes significant computational power. The network parameters are adjusted so that this search takes about 10 minutes on average.
Why Blockchain Cannot Secure Elections
Because of the above, many proponents claim that blockchain can secure our elections. I was in this camp when I began to write this article. But after considerable research, I changed my mind. Blockchain, cannot secure our elections.
The following ideas are based on a paper by four MIT professors, entitled “Going from Bad to Worse: From Internet Voting to Blockchain Voting.”ii
Advocates for blockchain voting claim we can use modern cryptography, electronics and blockchain to secure elections. They argue that voters can use either an electronic voting machine or cell phone with modern cryptography to vote and tally votes securely.
To assess this argument, we must consider the five properties that a secure election system needs to possess:
1. Evidence-based: To be secure, election systems need to be evidence-based, meaning that “election officials should find the true winner(s) but also provide the electorate convincing evidence that they did.”iii As we see every day in the news, all electronic systems can be hacked. Obviously, American elections would be high-value targets for malicious attackers. Thus, security concerns are vastly greater than a simple shopping website. Online shopping and banking can tolerate a certain amount of fraud. Credit card companies use their money from interest to absorb some of this fraud, and if the fraud is large enough, the government might step in for recourse. Elections try to maintain zero fraud, since a single vote can determine the outcome. So, the security needs of a digital election could easily be too cumbersome (too time-consuming and complicated to use very secure passwords and a very secure voting device, both of which are orders of magnitudes more secure than what’s currently in use, such as a cell phone or home computer) for the average person.
2. Secret ballots: Elections in democratic countries must guarantee that all voter ballots are secret. However, to create a computer-based cryptographic system in which we know exactly who voted but not who they voted for is a large task. Again, the security concerns are huge compared to modern computing infrastructure.
3. Voter-verifiable votes: The above security concerns are compounded by the fact that votes must be voter verifiable. Voters must be able to verify, before votes are cast, that their ballots reflect their true intentions. This would require secret keys for every individual voter, which are simple enough to cast and verify a ballot but secure against all outside influences.
4. Contestability: If a voter or an election official recognizes an error, he or she must be able to convince others that an error has occurred. Then election officials must be able to correct that error.
5. Auditable: Is there an evidence trail that can be checked to verify that the system is indeed functioning correctly? Without auditability, there is no surety that the vote tally is correct or that the correct people voted. Nor would recounts be possible. When the system is audited, we have evidence that the election was correctly done.
The best cryptographers in the world have worked to address these issues. We know from the hacking we see daily in the news that insecure passwords and insufficient security abound. With this in mind, the security needed for an election to satisfy the above properties would be so cumbersome that, in the opinion of many experts, voting participation would drop dramatically. Just imagine that online shopping was made significantly more difficult to improve security. There would be a large number of people who would give up shopping online. To make elections secure would require much more difficulty than this for the average user, thus discouraging many from doing it.
Paper to the Rescue
So, what can be done? Paper ballots with electronic counting satisfy all of the above criteria:
1. Evidence-based: There is a physical object that exists showing the individual’s vote. In North Dakota, these ballots are also marked by an election official, so that falsifying a large group of ballots is infeasible. Also, the individual’s ID is checked against a database, thus verifying that he or she is eligible to vote.
2. Secret ballots: The voter is given a ballot and then goes to a voting booth where his or her vote cannot be seen by another voter or official.
3. Voter-verifiable votes: The voter sees exactly how he or she marked the ballot, and thus is able to verify for whom and what he or she voted.
4. Contestability: If the counting machine is believed to be in error, a recount with a different verified machine can be conducted.
5. Auditability: The voter list can be verified against other data, thus ensuring only eligible voters voted. Further, the physical paper ballots allow for a variety of recount methods. Lastly, as the ballots are marked by an official, false ballots are difficult to introduce into the system. North Dakota does all of these and does them well. Thus the North Dakota paper ballot system is very secure, well designed, easy to use and satisfies the properties of a good voting system. The author would encourage all states to copy the North Dakota paper ballot system. ◉
REFERENCES
i https://www.ibm.com/topics/blockchain ii Sunoo Park, Michael Specter, Neha Narula, Ronald L Rivest, “Going from Bad to Worse: From Internet Voting to blockchain Voting,” Journal of Cybersecurity, Volume 7, Issue 1, 2021, tyaa025, https://doi.org/10.1093/cybsec/tyaa025 iii Ibid.
Marcus Fries, Assistant Dean of Cybersecurity, Bismarck State College
Marcus Fries, PhD, is an Associate Professor and Chair of the Department of Mathematics and Computer Science at Dickinson State University. Prof. Fries earned a BS in Mathematics at NDSU and then an MS and PhD, with an emphasis on representation theory and algebraic geometry, at Northeastern University. He served as Associate Professor at Eastern Nazarene College for 12 years and as Chair of Mathematics, Physics and Computer Science.
