Cryptocurrencies

Blockchain and Voting, a False Good Idea? – Cryptocurrencies

Recently, on Cryptocurrencies, we told you about a citizen consultation in France that was happening … on the Tezos blockchain (XTZ)! The initiative seems noble: to use a decentralized system to legitimize electronic voting which could lead to suspicions of cheating (easier when it is 100% electronic). Very quickly, I thought to myself that this was a bad idea. A very bad idea. And the chain of events that led to the end of this online voting confirmed what I thought. Let’s go back to a fiasco where the “Blockchain” in its purest state of buzzword was the scene of a democratic disaster.


The Dangerous Hacker Takes on the Blockchain Princess

Before talking about this subject in a “theoretical” way, I suggest a scenario with the events that took place ten days ago at the time of writing this article (i.e. early October 2020).

In the city of Verneuil-Sur-Seine, a citizen consultation is done online, using the Avosvotes application. The peculiarity of the latter is thatit uses the Tezos public blockchain.

Fx Thoorens (originally the cryptocurrency ARK) decided to look into the Avosvotes app and do a live Twitter transcript of his research.

And there … this is the drama. Fx Thoorens took great pleasure in dissecting this system, and show the smallest flaws ! And you can imagine, there have been flaws!

Okay, here I’m not going to talk about the flaws concerning:

  • passwords transmitted in clear;
  • the KYC window that can be bypassed with a right click ;
  • visualize a city named “VilleTest” with 4 votes ?! ;
  • a “sql injection” vulnerability.

For that, I let you read Fx Thoorens’ thread to have all the crisp details !

We go instead focus on the “blockchain” part and see the advantages (or not!) of having taken this course. And Fx Thoorens sums up the biggest concern when it comes to electronic and blockchain voting: the anonymity that must be preserved.

For this part, Fx Thoorens looked at the smart contract governing voting. And the first point that hurts, it is the existence of functions allowing to modify the value of a vote ?!

Well, after some research, it turns out that these functions are the basic functions to learn how to carry out a smart contract. We would therefore be dealing with a developer who would have copied and pasted a smart contract ready to go faster. But hey, it’s not very clean …

Pub

Cryptoassets are highly volatile unregulated investment products. No EU investor protection. Your capital is at risk.

But where it starts to get seriously worrying is when Fx Thoorens manages to… participate in the vote! Yes, yes, you read that right.

He took part in a vote that absolutely does not concern him, since he is not a resident of Verneuil-Sur-Seine. But like Tezos does not allow a filter on smart contract calls, anyone with a bit of XTZ can vote. And vote several times… What seriously impact a vote.

I think we’ve seen enough around here …

Online voting, a real use for a blockchain?

The different public blockchains (this article will not describe my love for private blockchains, but we will come back to it one day, we promise!) are used to restore confidence where it is gone.

But this trust is not without a price : that of accepting a total transparency. And I feel like we tend to forget it too often.

Voting is a right and a duty (I’m not remaking you in a civic education class, don’t worry!) that we have as citizens. And to protect this, the vote must be anonymous. If there are voting booths in the polling stations, these were not visionary anti-COVID measures! No, this is good for you to vote freely, without anyone being able at any time to know what you have voted.

And the trouble with a public blockchain is that it violates this principle. Today we are unable to realize 100% anonymous online electronic voting with such an infrastructure.

Research is underway, of course. This is notably what is called ZKP (Zero Knowledge Proof) which should make it possible to prove an action on the part of an individual, without knowing his identity.

But in the meantime, no, we cannot ensure a citizen consultation on a public blockchain.

Pub

Cryptoassets are highly volatile unregulated investment products. No EU investor protection. Your capital is at risk.

Here, a centralized and secure database would have done much better! Why did you want to go through the Tezos blockchain? For the buzz? Experimentation? Some will tell me that it is by being closed to innovation that we do not move forward. But I will retort then that innovating on the backs of citizens unaware of participating in an unstable POC (Proof of Concept), that is average. In any case, today, electronic voting is one of the use cases that keeps coming back when we talk about blockchain. And yet it is to show your incomprehension of the subject to defend this. Maybe it will be possible in a few years, but at the moment the protocols do not allow it. At least, not without sacrificing certain elements, such as privacy. In short, for me, that’s a no! Next !

Tags

Related Articles

Back to top button
Close
Close