Søg
Close this search box.

DIREC-projekt

Verified Voting protocols and blockchains

Resumé

Der er konstant interesse for internetafstemning fra valgkommissioner rundt om i verden. Samtidig er der behov for onlineafstemning i blockchain-styring. Dog er det ikke let at opbygge et internetafstemningssystem: Designet af nye kryptografiske protokoller er fejlbehæftet, og offentlig tillid til det valgte organ er let truet.

I samarbejde med en industriel partner har dette projekt til formål at forbedre sikkerheden og kvaliteten af internetafstemningssystemet og påvirke reguleringen af minimumskvalitetskrav for blockchains.

Projektperiode: 2023-2025
Budget: 7,5 millioner kr.

Our aim is to bring the security proofs about protocols much closer to their implementation.

Here are four considerations that explain the unmet needs of this project.

  1. Voting protocols, both in form of Blockchain Governance Protocols and Internet Voting Protocols have become increasingly popular and will be more widely deployed, as a result of an ongoing digitalization effort of democratic processes and also driven by the current pandemic.
  2. Elections are based on trust, which means that election systems ideally should be based on algorithms and data structures that are already trusted. Blockchains provide such a technology. They provide a trusted bulletin board, which can be used as part of voting.
  3. Voting crucially depends on establishing the identity of the voter to avoid fraud and to establish eligibility verifiability.
  4. Any implementation created by a programmer, be it a Blockchain Governance Protocol or an Internet Voting Protocol can have bugs that quickly erode public confidence.

This project aims to shed more light on the overall research question, how to design high assurance blockchain governance software, and can such protocols scale to Internet Voting Protocols.

(RO) To advance the state of the art of high assurance cryptographic software, especially for blockchain governance protocols and voting protocols.

(WP1) To achieve (RO), we start by working towards a high assurance implementation of a blockchain governance protocol (e.g. the one used by Concordium) and an existing blockchain voting protocol, such as the Open Vote Network, or Election Guard. If there is sufficient progress in the design of a software-independent protocol we will retarget our research to such a protocol. This will use existing software projects developed at AU: SSProve, ConCert and various libraries for high assurance cryptographic primitives. AU will take the lead for this WP.

(WP2) The Concordium blockchain provides a secure and private way to put credentials, such as passport information, on the internet. In this project we aim to integrate this with legacy ID infrastructure, such as MitID. We will investigate how to reuse such blockchain based identities for internet voting. We aim to address (4) above in this way. Concordium will take the lead for this WP.

(WP3) Implementation of the cryptographic protocol. Based on the results from (WP1), we propose to develop an open-source library that makes our high assurance blockchain voting technology available for use in third-party products. We envision to release a prototype similar to Election Guard (which is provided by Microsoft), but with a blockchain providing the ID infrastructure, as well as functioning as a public bulletin board. ALX will take the lead for this WP.

Scientific value
Internet voting provides a unique collection of challenges, such as, for example, vote privacy, software quality, receipt freeness, coercion resistance, and dispute resolution. Subsets of them can be solved separately, here we aim to guarantee vote privacy and software quality by the means of a privacy-preserving and accountable blockchain and formally verify substantial parts of the resulting voting protocol.

Capacity building
The proposed project pursues capacity building by training a PhD student. The Alexandra Institute will build capacity in rust, smart contracts and high assurance cryptographic software.

Business value
The project is highly interesting to and relevant for the industry. There are two reasons why it is interesting for Concordium. On the one hand, voting is an excellent application demonstrating the vision of the blockchain and, on the other hand, Concordium will as part of the project implement a voting scheme to be used for decentralized governance of the blockchain. More precisely, the Concordium blockchain is designed to support applications where users can act privately while maintaining accountability and meeting regulatory requirements.

Furthermore, it is an explicit goal of Concordium to support formally verified smart contracts. Obviously, all these goals fit nicely with the proposed project, and it will be important for Concordium to demonstrate that the blockchain actually supports the secure voting schemes developed in the project. With respect to governance, Concordium has a need to develop a strong voting scheme allowing members of our community to vote on proposed features and to elect members of the Governance Committee. The project is of great interest to the Alexandra Institute to apply and improve in-house capacity for implementing cryptographic algorithms. The involvement of Alexandra will guarantee that the theoretical findings of the proposed project will we translated into usable real world products.

Societal value
Internet voting was stalled for three years in Switzerland due to insecure protocols and implementations. We aim to develop technology to improve the security (audits) of such protocols and implementations. Around 5 billion dollars were lost since 2018 due to insecure blockchain implementations, often effecting retail investors. Our project aims to improve the state of the art of cryptographic software, and thus influence regulation on minimal quality requirements for blockchains, similar to existing Swiss regulation for e-voting.

Nyheder / omtale

Deltagere

Project Manager

Bas Spitters

Associate Professor

Aarhus University
Department of Computer Science

E: spitters@cs.au.dk

Gert Læssøe Mikkelsen

Head of Security Lab

The Alexandra Institute

Nibras Stiebar-Bang

Chief Technology Officer

Concordium ApS

Bernardo David

Associate Professor

IT University of Copenhagen

Diego Aranha

Associate Professor

Aarhus University
Department of Computer Science

Lasse Letager Hansen

PhD Student

Aarhus University
Department of Computer Science

Eske Hoy Nielsen

PhD Student

Aarhus University
Department of Computer Science

Partnere