stonecoldpat
commented
7 years ago Hey,
What you are describing is an important distinction between end to end verifiable elections (E2E) and publicly verifiable elections.
One assumption in an E2E election is that the voting machine cannot trusted and voters should be able to challenge the voting machine to ensure it is not acting maliciously. One approach for doing this called a Benaloh challenge which follows commit and prove paradigm.
For example, a voter casts their vote on the voting machine (online or at a polling station). The voting machine commits to this vote and broadcasts the commitment to the public bulletin board. Then the voter can either cast the vote or audit the vote. If the voter challenges the voting machine, then that ballot is spoiled and the machine opens the ballot. If there is discrepancy, then the voter has cryptographic evidence of it.
Many systems (notably Helios) follow the above approach. It is also worth mentioning that two other system (DRE-i and DRE-ip) that rely on the same underlying cryptographic technique as the Open Vote Network can support Benaloh challenges.
The Open Vote Network is a decentralised and publicly verifiable election protocol. It permits anyone with a copy of the protocol execution transcript to verify that the election was run correctly, and at the same time to also independently compute the final tally. As such - it does not rely on any central authority to provide the infrastructure to participate in the election. (Although in this implementation - we have an election admin to support co-ordination / authenticate voters). This is worth mentioning as it also assumes that each voter must trust their personal device in order to cast their vote which is why it cannot be called an E2E voting protocol.
To answer the verification mechanism question - the voter can use independent devices to verify that their vote was cast as intended. This is possible as the voter's private voting key is able to re-open their ballot and reveal their vote.
justinmchase
Suppose this was implemented for official government elections and I'm a very skeptical person when it comes to trusting elections.
What I would really like is to be able to vote from one machine (e.g. my phone, my pc, a voting machine in my local high school, etc.) and receive a receipt which has some sort of code I can use in combination with my private password to then go to a 2nd machine and verify that the code was recorded correctly. Totally separate machine, with separate software not under physical control from the same people.
Meaning, I may be afraid that the machine I'm actually voting on is compromised and thus altering my vote as a man-in-the-middle attack but I would feel better if I could verify on a second machine or at any point in time down the road that my vote was actually tallied correctly.
Does this dapp have any sort of verification mechanism for an individual to independently confirm that their vote was indeed cast correctly?
Or in other words, how can I trust that the software I am using to cast votes is doing so faithfully?