Unitimes 2021-06-15 19:33:03 阅读数:868
writing ：Vitalik Buterin
edit ： The south wind
Special thanks Karl Floersch,Albert Ni,Mr Silly Feedback and discussion with others .
Voting is a very necessary Process integrity The process of . The result of the vote has to be right , And there has to be a transparent process to ensure that , So everyone can believe that the result is right . There should be no possibility of successfully interfering with anyone's will to vote or preventing their votes from being counted .
Blockchain is a technology that guarantees process integrity . If a process runs on a blockchain , To ensure that the process will run according to some pre agreed code , And provide the right output . No one can stop it from executing , No one can tamper with this execution , No one can censor and prevent any user's input from being processed .
So at first glance , Blockchain seems to provide exactly what you need to vote . I'm not the only one with this idea ; A large number of major potential users are interested in this . But it turns out , Some people have very different opinions on this ....
Although the need for voting and the technical benefits offered by blockchain seem to match perfectly , But we often see frightening articles against the combination of the two . And it's not just an article ：《 Scientific American 》(Scientific American, Popular science magazines ) It's published in An article against blockchain voting ;CNet The website also published an article like this article ; also ArsTechnica The website also published an article article . And it's not just technology journalists ：Bruce Schneier ( Well known computer security expert ) I'm also against Blockchain voting ; MIT researchers have written an entire article The paper , I think it's a bad idea . So what happened ？
Critics of blockchain voting protocols often argue that Two key criticisms ：
In this paper, we will discuss in turn Discuss These two views ( use “ refute ” The word is too strong , But I absolutely disagree with these two views ). First , I'll talk about the security of existing attempts to vote using blockchain , as well as The right solution is not to abandon blockchain , It's about combining it with other encryption technologies . secondly , I'm going to talk about software ( And hardware ) The question of credibility . My answer is ： Computer security is actually getting better , We can try to continue this trend .
In the long run , Always stick to paper ( To vote ) It's going to be our way to improve voting huge obstacle . Every time N Voting once a year is a way of having 250 It's a form of democracy with a history of 20 years , If voting can be more convenient 、 It's simpler , We can have better democracy , So we can Vote more often .
without doubt , This paper is based on good block chain scalability technology ( such as Fragmentation ) Can be used as a prerequisite . Of course , If blockchain can't scale , None of this is going to happen . But so far , This technology is developing very rapidly , There's no reason to think it won't happen .
Blockchain voting protocols are always under attack . Two years ago. , Blockchain voting technology company Voatz Become fashionable for a time , A lot of people are very excited about it . But last year , Some MIT researchers have found a series of key... On their platform Security vulnerabilities . meanwhile , In Moscow , A blockchain voting system that will soon be used for election has been The hacker attacks , Fortunately, , The attack took place a month before the election began .
These hacking attacks are quite serious . Here's the analysis Voatz The attack power table that researchers have successfully discovered ：
This is not in itself a reason to vote against the use of blockchain . But blockchain voting software should More careful design , And over time Gradually expand the scale .
But even blockchain voting protocols that are not technically broken are usually bad . To understand why , We need to study more deeply Blockchain provides What specific security attributes , as well as What specific security attributes are required for voting -- When we go deep into it , We're going to see a mismatch between the two .
Blockchain provides two key attributes ： The right to perform (correct execution) and Anti censorship (censorship resistance). Correct execution only means that blocklinks are subject to user input (" transaction "), Handle them correctly according to some predefined rules , And return the correct output ( Or adjust the structure of the blockchain in the right way " state "); Anti censorship is also easy to understand ： Anyone who wants to send a transaction and is willing to pay high enough , Can send transactions , And expect the deal to be packaged up the chain soon .
These two attributes are very important for voting ： The vote you want is to add up the votes of each candidate , The result of choosing the candidate with the most votes , And you want anyone who is eligible to vote to vote , Even if some powerful people try to stop them . But voting also requires some blockchain ** Does not provide Key attributes of **：
The first of these requirements ( namely privacy ) The need for this is obvious ： You want people to vote according to their personal feelings , Without thinking about the people around them 、 Their employers 、 How police or random mobs on the street feel about their voting choices .
The second requirement ( namely Resistance to stress ) Need to be used to prevent “ Peddling votes ”(vote selling) The problem of ： If you can prove how you voted ( That's to prove who you voted for ), So it's very easy to sell your vote . The provability of the vote also makes it possible for coercion to take the form of , That is, the intimidator demands to see ( The coerced , The voters ) Some kind of proof of voting for a candidate . Most people , Even those who know the first requirement , And we won't consider the second requirement . But the second requirement is also necessary , It's important to provide that technically . Beyond all doubt , What you see outside is average “ Blockchain voting system ” You don't even try to provide a second property , And it's not always possible to provide the first property .
With encryption The concept of social mechanism for secure execution was not invented by blockchain geeks , In fact, it existed long before us . Beyond blockchain , Devoted to the study of Secure electronic voting Cryptographers with problems already have 20 The tradition of the year , The good news is already With the solution .Juels,Catalano and Jakobsson stay 2002 The paper is entitled 《 E-voting against coercion 》(Coercion-Resistant Electronic Elections) In the past 20 It has been cited by many literatures in recent years ：
Since then , This concept has gone through many iterations ;Civitas It's a striking example , Although there are many other examples . These protocols use a similar set of core technologies ： There is a set of agreed “ Scrutineer ”(talliers, Or the teller ), And a trust Hypothesis , That is, most of the scrutineers are honest . Each ticket supervisor has a private key “ Part of the ”, The corresponding public key is published . The voter encrypts the vote by using the supervisor's public key , And publish the encrypted vote , The scrutineer uses a secure multi-party computation (MPC) agreement To decrypt and verify the votes , And count the votes . The vote count is “ stay MPC Inside ” Accomplished ： The scrutineer will not know their private key from beginning to end , And in calculating the final result , I don't know anything about individual voting , In addition to what information can be seen from the final result itself .
Encrypting the vote provides privacy , And you can add some extra infrastructure ( Like hybrid networks ) Make it more private . meanwhile , To provide Resistance to stress , You can use one of two techniques ：
The first option is in the registration phase ( At this stage, the scrutineer learns the public key of each registered voter ), Voters will generate or receive a key . The corresponding public key is shared among the supervisors , And the supervisor's MPC A vote is calculated only if it is signed by the key . Voters can't prove to a third party what their key is , So if they are bribed or coerced , They can simply show a wrong key and use the wrong key to sign a vote . perhaps , Voters can send messages to change Their keys , Voters cannot prove to a third party that they No, Send a message like this , So the vote is still the same .
The second option is such a technology , That is, voters can vote many times , The latter vote can overturn the previous one . If a voter is bribed or coerced , He can start with the briber / The duress's demand to vote for a candidate , But then you can send another vote to overturn the previous one .
Give voters the ability to overturn the previous vote by voting later , This is the picture above 2015 The key to the anti stress mechanism of the agreement is .
Now? , Let's look at an important nuance of all these agreements . They all rely on an external primitive to guarantee their security ： Electronic bulletin ** bar (bulletin board, In the picture above “BB”). A bulletin board is a place where any voter can send a message , And guarantee that ：(1) Anyone can read the bulletin board ,(2) Anyone can send a message to the accepted bulletin board . Most of the duress resistant voting documents you can find mention the existence of bulletin boards at will , But very few papers discuss how this bulletin board can actually be Realization . In this paper , You can see my intention ： The safest way to implement bulletin boards is to use an existing blockchain ！**
Of course , Before blockchain , There have been a lot of people trying to make an electronic bulletin board . This article 2008 Year of The paper That's what it's about , Its trust model is a standard requirement , namely “n One server must have k One is honest ”( Common is k = n/2). such as , This article 2021 Year of Literature review It covers some notice board implementation attempts before blockchain , Also explore the use of blockchain in it , And the previous solutions of these blockchains also rely on k-of-n Trust model .
Blockchain is also k-of-n Trust model , It requires at least half of the miners or PoS The verifier follows the protocol , If that assumption fails , It usually leads to “51% attack ”. that , Why is blockchain better than a special-purpose bulletin board ？ The answer is ： Build a truly credible k-of-n The system is difficult , Blockchain is the only system that has solved this problem on a large scale . Suppose a government announces that it is building a voting system , And provide 15 A list of local organizations and Universities , These organizations and universities will run a special purpose bulletin board . As an outside observer , How do you know the government from 1000 This is one of the three organizations 15 An organization is not based on its desire to collude with an intelligence agency ？
On the other hand , The public chain has an economic consensus mechanism that anyone can participate in without permission (PoW perhaps PoS), And the existing block browser 、 A diverse and highly motivated infrastructure of exchanges and other monitoring nodes , To constantly verify in real time that nothing bad happens .
These more complex voting systems It's not just Use blockchain ; They also rely on cryptography such as zero knowledge proof to ensure correctness , And rely on multi-party calculation to ensure stress resistance . therefore , They avoid the more “ naive ” The weakness of our voting system , It's just “ Vote directly for blockchain ” And ignore the resulting privacy protection and anti coercion issues . But blockchain billboards are still a key part of the security model of the whole design ： If the committee is broken , But the blockchain has not been broken , The resistance to stress disappears , Although all the other guarantees surrounding the voting process still exist .
The Ethereum ecosystem is currently experimenting with a technology called MACI The system of , The system combines blockchain 、ZK-SNARKs And a central player to ensure stress resistance ( But in addition to ensuring stress resistance , No ability to destroy any features ).MACI It's not very difficult technically . Users can participate in the following ways ： Sign the message with your own private key , Then the public key issued by the central server is used to encrypt the signed message , And publish the encrypted signature message to the blockchain . The server downloads these messages from the blockchain , Decrypt and process it , And output a result and a ZK-SNARK prove , To make sure the calculation is done correctly .
Users can't prove how they're involved , Because they can send a “ Change key ” To cheat anyone who tries to audit them ： They can send a message to change the key first , Take their keys from A Change to B, Then send a message with A The signature of the “ False news ”. The server will reject this fake message , But no one else has any way to know that the message to change the key has been sent . There is a trust requirement on the server , Although it's just for privacy protection and anti coercion ; The server can't publish the wrong result by incorrect calculation or by reviewing the message , In the long run , Multiparty Computing It can be used to decentralize the server to some extent , And then strengthen the protection of privacy and the guarantee of anti coercion .
This program is in clr.fund There's a demo , The scheme is used for secondary financing (quadratic funding). By using Ethereum blockchain To ensure that the vote is censored , Ensuring a much higher degree of resistance to censorship than relying on a committee .
But now let's go back to the second electronic voting of any kind ( Whether blockchain is used or not ) A deeper criticism of ： The technology itself is too insecure , Should not be trusted .
MIT (MIT) The latest one The paper Criticized blockchain voting , It includes the table below , Describes that any form of paperless voting is fundamentally too difficult to secure ：
The key attribute that the authors of this paper focus on is Software independence (software-independence), They define it as “ A property , That is to say, the undetected changes or errors in the system software cannot cause imperceptible changes to the election results ”. Basically, it means , One of the codes bug You shouldn't accidentally let Prezzy McPresidentface To be the new president of a country ( Or more realistically , Something deliberately embedded bug It should not be possible to take a candidate's share of the vote from 42% Add to 52%).
But there are other ways to deal with bug. for example , Any voting system based on blockchain using publicly verifiable zero knowledge proof can be independently verified . Someone can write their own implementation of proof verifier , And verify it yourself ZK-SNARK. He can even write his own voting software . Of course , The technical complexity of actually doing this exceeds 99.99% Any actual voter base for , But if thousands of independent experts have the ability to do that , And verify that the software can work , It's not so good in practice .
However , about MIT For the authors of , It is not enough ：
therefore , Any system that only uses electronics , Even end-to-end verifiable systems , It doesn't seem to apply to political elections in the foreseeable future . The American voting foundation has noticed E2E-V Methods to improve the security of online voting , But a detailed report has been released , It is recommended to avoid using it for online voting , Unless and until the technology is more mature , And fully tested in the vote .
Others have proposed extensions to these ideas . for example ,Juels The proposal put emphasis on the use of cryptography to provide various forms of “ Resistance to stress ”.Clarkson Etc. Civitas The proposal implements additional mechanisms for stress resistance ,Iovino Et al. Further incorporated and refined it into their Selene In the system . From our point of view , These proposals are innovative but unrealistic ： They're quite complicated , The most serious , Their security depends on Voters' equipment Not broken and running as expected , This is an unrealistic assumption .
these MIT The author's concern is not Hardware security of voting system ; This risk can be mitigated by using zero knowledge proof . contrary , They're focused on a different security issue ： Even in principle ,* User ** equipment * Is it safe? ？
Given the long history of exploits and hacking on consumer devices , There is good reason to think that the answer is “ unsafe ”. I quote myself below 2013 I wrote an article about the security of bitcoin wallet in ：
Last night, 9 P.m. , I click on an access CoinChat[.]freetzi[.]com Link to -- I was prompted to run java. I did ( I thought it was a legal chat room ), But nothing happened . I closed the window , Didn't take it to heart . Wait for me to open my bitcoin-qt The wallet is about 14 Minutes later , I saw a deal I didn't authorize , The deal took almost all the money in my wallet (2.07 BTC) Send it to this address ：
2011 year 6 month ,Bitcointalk member "allinvain" My computer was hacked directly by unknown intruders , lost 2.5 ten thousand BTC ( Value at that time 50 Thousands of dollars ). Attackers can access allinvain Of wallet.dat file , And quickly emptied the wallet -- Either through allinvain My computer sends the transaction , Or upload wallet.dat The file then empties the wallet on its own computer .
But these disasters hide a bigger fact ： In the past 20 years , Computer security has actually been improving slowly and steadily . Now it's harder to attack , Attackers are usually required to find vulnerabilities in multiple subsystems , Instead of looking for a single vulnerability in a large complex piece of code . The events that stand out now are bigger than ever , But it's not a sign that everything is becoming more insecure ; contrary , It's just a sign of our growing dependence on the Internet .
Trusted hardware (trusted hardware) It's a very important source of improvement recently . Some new “ Blockchain mobile ”( for example HTC A paragraph mobile phone ) It goes a long way in this technology , And a security focused minimalist operating system is installed on the trusted hardware chip , Allow high security applications ( For example, cryptocurrency wallet ) Keep separate from other applications . Samsung has already started making mobile phones that use similar technology . Even those never advertised as “ Blockchain devices ” The equipment ( such as iphone) There's always some kind of trusted hardware .
Cryptocurrency hardware wallets are actually the same thing , It's just that the trusted hardware module is physically outside the computer, not inside it . But trusted hardware ( You deserves it ！) Often in the safety circle , Especially in the blockchain community , Because it's always been Break through . You bet , You don't want to use it to replace Your security . But as a kind of Enhancement technology , It's a huge step forward .
Last , A single application , Like cryptocurrency wallets and voting systems , Much simpler than the entire consumer operating system , There's less room for error -- Even if you have to integrate voting to the second party 、 draw 、 The support of quadratic selection and so on . The advantage of tools like trusted hardware is , They can take the simple things out of the complex and the things that can be broken Isolation come out , And these tools are having some success .
But what are the benefits ？
These security improvements suggest that consumer hardware may be more trusted in the future than it is now . Investment in this area over the past few years is likely to continue to pay off in the next decade , We can look forward to further significant improvements . But make voting electronic ( Based on blockchain or other ways ) What are the benefits , So it's worth exploring the whole field ？
My answer is very simple ： Voting will become more efficient , So that we can vote more often . at present , To the organization ( Government or business ) Formal democratic input is often limited to every 1-6 Vote once a year . Maybe it's for this reason in large part , Decentralized decision making in our society is seriously polarized into two extremes ： Pure democracy and pure market . Democracy is either very inefficient ( Businesses and governments vote ), Or very unsafe ( Like it on social media / forward ). Markets are much more technically efficient than social media , And much safer , But its basic economic logic makes it not applicable to many types of decision-making problems , Especially the decision-making problems related to public goods .
Yes , I know it's another triangle , I'm really, really sorry to have to use it . But please forgive me this time ....( ok , I'm sure I'll make more triangles in the future ; Bear it )
If we can build more systems between democracy and market , The egalitarianism of the former 、 The latter benefits from the technical efficiency and the economic attributes between the two , We can do a lot of things . Second party financing (Quadratic funding) This is a good example ; Mobile democracy (liquid democracy) It's another good example . Even if we don't introduce a novel delegation mechanism or quadratic Mathematics , We can also do a lot of things , By voting more on a smaller scale , Make voting more appropriate to the information available to each voter . The challenge of all these ideas is , In order to have a sustainable solution whatever A degree of democracy , You need some form of resistance to witch attacks and reduced vote buying ： That's exactly what's expected ZK-SNARK + MPC + Blockchain ** The voting plan for ** Try to solve the problem .
One of the underrated benefits of cryptocurrency is , It's an excellent “ Virtual special economic zones ”, You can test economics and encryption ideas in a highly hostile environment . Whatever you build and publish , Once the economic power it controls exceeds a certain scale , A large number of participants ( Sometimes altruistic participants , Sometimes it's profit driven participants , And sometimes malicious participants , Many of them are completely anonymous ) Will suddenly come to this system and try to twist its economic power into their own goals .
The attacker's motives are high ： If an attacker steals from your encryption economics tool 100 dollar , They usually get the whole 100 Dollar reward , And they usually get away with it . But the defenders are also highly motivated ： If you develop a tool that helps users avoid losing money , You can ( At least sometimes ) Turn it into a tool and make millions of dollars . Cryptocurrency is the ultimate training zone ： If you can build something that can survive on a large scale in this environment , Then it could also survive in the larger world .
This applies to Second party financing , Apply to multisig ( Multiple signatures ) and Social recovery wallet (social recovery wallets), Can also be applied to Voting system . The area of blockchain has helped drive the rise of important security technologies ：
In all these cases , A version of the technology existed before blockchain . But it's hard to deny that , Blockchain has had a significant impact in driving these efforts , The inherent incentive mechanism in the field of blockchain has played a key role in promoting the real realization of technological development .
In the short term , Any form of blockchain voting should be limited to small experiments , Whether it's for more mainstream applications or small experiments in the blockchain field itself . The current security is obviously not good enough , You can't rely on computers for everything . But it's improving , And if I'm wrong , Security has not been improved , So it's not just blockchain voting , And the whole cryptocurrency will be very difficult to succeed . therefore , There's a lot of momentum for this technology to continue to improve .
We should all continue to focus on this technology , And efforts around the world to improve security , And slowly use technology more freely in very important social processes . technology already It's the key to our financial markets , Encrypting a large part of the economy will leave a larger part of the economy to our encryption algorithm and The hardware that runs these algorithms . We should carefully observe and support this process , And take advantage of it over time , Bring our governance technology to 21 century .
Link to the original text ：
. . .
This article was first published in Unitimes App