Hacker News new | past | comments | ask | show | jobs | submit login

“In paper based systems, you and other volunteers”

No, 99.99% of “you” go home and “trust the system” to some poll workers, many with major bias and incentives. Many of “you” don’t turn out to vote or are disenfranchised by simply living too far from the polling place or not being able to take time off work, when you could have just voted from your app.

Certain parties even rely on suppressing turnout. (Can you guess which party does that in USA? Hint: it’s the one that closed 1600 polling stations right after the Voting Rights Act got neutered, and then got mad about mail-in ballots ruining their carefully laid disenfranchisement plans during the pandemic.).

In fact, if you want the election to be “secured by multiple distrusting parties”, that is exactly what byzantine-fault-tolerant cryptographic protocols (which power many blockchains) are designed to do.

(how do you fix an error in the Merkle tree, even if everyone agrees it happened?). Even if you have an extremely corrupt county, that doesn't generally matter in the grand scheme of things; and its extremely unlikely, as any citizen in that county can stop the corruption by simply participating in the process themselves.

You are literally arguing from a double standard. In a paper election, somehow “any citizen” by themselves can stop the corruption… by simply participating in the process.” Yeah sure one guy exposes the entire corrupt county, with no ability to prove how anyone voted, why didn’t a single Belarussian and Venezuelan think of that? LOL” And on the other hand, when you have tons of anonymous irrefutable proofs by participants submitted publicly, you throw up your hands and say “what can we do to fix the merkle tree, even if we all knew it was corrupt?” The point of the trre is to catch errors, prove them and publish the proofs widely. As a society, you then have the proof nexessary to fix errors the same way you’d normally do it — by identifying the corrupt districts, and having a recount or revote just there. And bringing those responsible for tampering to justice.

If you stop conflating all the things and unpack them, you’ll see that adding cryptography makes things strictly better:

1. You have more chances to catch if there have been extra votes cast because the private keys are coming from tokens handed out at registration. In a paper election you might have corruption at registration AND all manner of ballot stuffing later too.

2. Everyone can check their vote and report a discrepancy. Not just the volunteers at the polling places. And all because they can prove how they voted and do it anonymously!

3. Everyone can see exactly which districts are corrupt in giving out fake voter registrations, and where there’s smoke, there’s fire. They can do an audit and guess what, the cryptographic signatures are helpful for creating a PROVABLE trail that implicates the system.

4. The attack surface reduces to pretty much just the voter registration sybil attacks. Eliminating a whole class of problems on actual election day.

5. The results are reported to everyone reliably and quickly, or even in real-time (though the latter is “too good” because it might affect how later voters vote).

There’s practically not a single problem that adding cryptography creates, which wasn’t already present in the paper system. And you know all this because if you honestly asked yourself whether dictators, who want sham elections, would want to do their next election with cryptographic signatures and merkle trees or not — what would be your answer? Be honest. And think about what that means for your argument.




I'm pretty sure there are more than 20,000 polling workers in the USA, so no, it's not 99.9% who go home and trust. And most importantly, for every republican there is a democrat and vice versa, in every polling place, auditing the process in real time.

And the reason you can fix this at the polling station level is simple: as long as the entire state is not captured by a single party (in which case no real elections are happening), the rest of the state can come in and fix the bad locations.

Related to your points:

1. If there are more ballots than registered voters, this is easy to check. It's even better than a private key system, as extra registrations can also be caught on the day of polling, if people actually come in and vote again, whereas extra private keys being handed out will not see an election official again.

2. There is no way to actually "prove anonymously how you voted". To move the needle in any way, you have to come out personally and say "I know I voted like this, but the system shows me as voting like that, here is what it shows when I present my private key". And either way, this is actually a weakness of the system, as it allows trustworthy vote selling.

3. I don't understand how this is supposed to be any easier than in the current system. You still won't know how many people were legally allowed to be registered in that district, so what are you comparing against?

4. No, the threat surface is the entire electronic system. Someone can attack the system and prevent voters from getting private keys, issue corrupted keys, allow more keys than were registered, present the results differently from what is stored in the merkle tree, use side channels to decrypt private keys, exfiltrate data about individual voters, and who knows how many other ways. Plus, if you can vote from anywhere, you can be coerced, especially by family or caretakers, to vote in their presence, or disclose your private key so they can vote in your name themselves.

And all this assumes the system is an actually secure Merkle tree. In reality, it would just be a computer program that takes your vote and shows you some data. What is actually running on the server is impossible for you to know unless you are given access to the hardware and software.

5. Sure, this is a clear advantage.

You are severely underestimating the risks of an electronic system, and only looking at the purely theoretical logical core. All of the systems around it, through which you interact with the core system, and all of the human factors around using the systems, are a huge attack surface. For example, would you trust this system and issue your vote from a phone or PC which you know is infested with malware? If not, then you have to agree that every device is part of the attack surface of this system.

Finally, in relation to your challenge, elections held by dictators are only meant to look like elections in more legitimate countries. So, if most countries hold paper elections (which is by far the majority), then the dictators will put on a show like that. If the majority of countries used electronic voting, dictators would also get electronic voting machines. Still, I don't know of any dictator that bothers to make a show of how free and correct are their elections.


Thank you for engaging point by point. Let’s look:

1) Easy to check by whom? With paper, it’s a bunch of people yelling to the news they saw discrepancies. In USA, we have probably the most expensive election in the world and we heard it all in 2020 from sour Republicans. To this day many people believe the election wasn’t secure and was “stolen”, including with physical ballots being shipped in, etc. On the one hand you have people yelling and on the other side you have people saying it’s all fine. Just like after a Venezuela or Belorussia election or the Crimea referendum. None of that would be the case if the elections could just have a standard way to be run, same as we now have electronic standards for DNSSEC or certificate PKI the EVM or IEEE standards. We can do things at scale because of standards. We could remove most of the uncertainty.

2) You don’t have to come out and reveal your PII, in order to publish a complaint as a voter. You’d just have to reveal that you know the private key, here is your receipt signed by the vendors in the system, and here is the actual result the UX vendors reported. The reputation of the vendor would be PROVABLY destroyed, all those receipts would be entered as evidence and they’d have to pay reparations in lawsuits. All because people were forced to double-check from 2 devices. The UX vendor would face chilling effects far larger than currently, for tampering with an election. None of this requires PII of the claimants.

3 and 4. You say it’s the whole system but proceed to list only things related to registration. Which, I already said, remains an issue, but the actual voting can be done on a phone. All your concerns could be also done with a banking app etc. where far more money is at stake than a single vote, yet people use them all the time.

I am not sure how you are supposed to impersonate a person unless you steal their phone, and then force them to open the voting app and enter their biometrics, just for a lousy vote — and you’d have to do this all across town at scale? Nan.

If you’re saying that a bank can “roll back a transaction” if you report losing your app, and somehow the election reaching finality (like a blockchain transaction) is a negative, then you’re saying that

As for people losing their private keys or phones or maybe so poor they can’t afford to have a computer or whatever, they can register to vote in person. If they failed to update their registration, though, before the election, and they can’t vote from their phone, it’s the same issue as if they didnt register at all. So they didn’t vote. But on net there is a much bigger turnout.

5. Okay we agree here. And this isnt an academic point — Al Gore would have been president if they could have counted the votes faster, we could have probably avoided the entire Middle East being on fire, the rollback of US civil liberties, maybe even prevented 9/11 with NORAD, and finally could have avoided the current disastrous wars in Ukraine etc. since Bush was the one to push them into NATO back in 2008 when the Ukrainian public strongly opposed NATO membership until 2014, but he worked with Yuschenko to do it anyway (https://www.pewresearch.org/global/2010/03/29/ukraine-says-n... and https://en.wikipedia.org/wiki/Referendums_in_Ukraine)

I think we both know that a corrupt government would not want to secure elections with merkle trees and publish them online. Too much chance of being caught, and they’d have no way to fudge the results reliably. By making decision-making cheap, the public in every country would be welcomed to hold regular referendums on topics (like California Proposition XYZ) and the governments would be MORE accountable to the people. (Personally, I think provably random polling is superior to voting, due to turnout issues, but that’s another story).

You can say whatever you like but when the rubber meets the road, corrupt officials and their detractors overseas (the war hawks looking to cast doubt on any way to figure out what, say, the actual people of Crimea or Donetsk want) both prefer paper ballots and the effective inability to cast absentee ballots when you fled the country or were internally displaced. While cryptocurrency allows you to take your money with you while fleeing a war zone, the crypto-voting would let you vote from anywhere as long as you had registered as a citizen back before being displaced etc.

It’s literally technology you can add to secure things and corrupt governments avoid it, war hawks across the world hipe they don’t use it, and you are arguing that even adding it makes things less secure and less reliable.


Since Bush was the one to push them into NATO back in 2008 when the Ukrainian public strongly opposed NATO membership until 2014, but he worked with Yuschenko to do it anyway.

Except he did not "push them into NATO in 2008". 2008 was the year that Ukraine's membership application was formally rejected by NATO, and there it has sat, in the doghouse, ever since. But Putin invaded anyway, because the NATO noise was never the reason he invaded in the first place.

The most significant consequence of the Bush presidency was probably the criminally insane invasion of Iraq -- which arguably did encourage Putin to go into Ukraine, on equally vacuous and fraudulent pretexts. "If they can get away with it, then why can't I?" was apparently his thinking.


NATO member countries didn’t really want Ukraine, Ukrainian citizens really didn’t want NATO, but in 2008 Bush vowed to press for both Ukraine and Georgia to join NATO.

https://www.reuters.com/article/world/bush-to-press-for-ukra...

Saakashvili of Georgia (who is now in jail for corruption) also had two breakaway republics at the time — Ossetia and Abhazia — and he engaged in a war with them and kept hoping NATO would come. Back then Putin wasn’t even president, it was Medvedev. Anyway, the same exact war started happening back then, with Russia invading Georgia with tanks moving slowly to the capitol, Tbilisi. Their goal was to intimidate them into agreeing to stop shelling the two breakaway republics and leave them alone. (Georgia and Armenia, in turn, had been protected by Russia from Ottomans, much the same way).

The difference in that war was that it ended in a week, because Nicolas Sarkozy (the French president) negotiated a peace agreement successfully. Since then Russia hasn’t invaded Georgia further, simply protected Abhazia and Ossetia, in fact Georgia has been normalizing relations with Russia and opened up direct flights and tourism last year etc. A great outcome for all civilians, compared to what could have been a senseless war. I was in Georgia last year and saw it firsthand.

Meanwhile, after the regime change revolution in Ukraine in 2014, the CIA had 8 years to build up weapons and paramilitaries etc. Same exact playbooj that ravaged Afghanistan w the mujahideen (Arabic for “jihadists”) and Afghan Arabs, masterminded by Zbignew Brezhinski. This time it was CIA in Ukraine: https://news.yahoo.com/cia-trained-ukrainian-paramilitaries-...

So in 2022 when Russians tried the same playbook (intimidate Kyiv into not shelling the two breakway republics) they didn’t expect the Ukrainians to walk away from the negotiating table. They waited for them in Belarus under Lukashenko (where they had signed the Minsk accords years earlier, endorsed unanimously by the UN security council) but the Ukrainian negotiators kept delaying and venue shopping, and the SBU (Ukrainian KGB) even killed one of them as “a traitor” for being too eager to negotiate, a man appointed by the President himsdlf and who the Ukrainian state department called “a hero”.

I personally spoke to David Arakhamia (the guy w the hat) on Facebook Messenger in the first days of the war, he had many Ukrainians on his FB wall begging him to make a deal and avert the war. I tool screenshots and the pleading posts are still there. He privately told me he agreed w me. But when the negotiators entered the room they left after 2 hours. We don’t kmow what happens in closed rooms — whether Baker promised “not an inch” to Gorbachev, or whether the Ukrainian or Russian negotiators ever negotiated in good faith. But the civilians, the people deserve better representation. The war continued, and the tanks found themselves around Kyiv and major firefights in Bucha vs Azov and other armed groups with RPGs shooting at tanks. Kind of like the red triangle videos of Hamas vs Israeli tanks. It’s really unfortunate and was avoidable. Russia expected it to go like the last war, it didn’t.

Naftali Bennett was the Israeli PM and he could have played the role of Nicolas Sarkozy did with Medvedev (Russia) and Saakashvili (Georgia). He has a tell-all interview in Hebrew about how he had negotiated peace DIRECTLY between Putin and Zelensky, and had them both make major concessions — eg Ukraine wouldn’t join NATO, and Putin promised not to kill Zelensky. In his interview he said that Zelensky double-checked this and then came out to record his famous video “I am not afraid, I am here” and saying he needs ammunition, not a ride.

Why did Bennett not succeed? He said he “coordinated everything to the smallest detail” with the US and UK, he “doesn’t do as he pleases”, and they told him he MUST stop the peace deal. He said he “thought they were wrong” and still does. That peace is worth a shot. But he didn’t continue, and the war didnt stop 2 weeks into it.

https://www.youtube.com/watch?v=0yma0LxyVVs

Erdogan luckilh WAS able to negotiate a year-long grain export deal in the midst of a war, which likely saved millions of lives — Yemen had been very dependent on Ukrainian grain and had a famine from yet ANOTHER proxy war (this one between Iran and Saudis w US weapons, same kind of war but with roles reversed). But no one seemed to care about Yemenis, despite millions being in far more dire hunger conditions than Ukrainians ever were.

The world is complex, but Bush had started the stupid push into NATO, even as NATO members were slowwalking him. My guess is he was angry at Putin’s Munich speech in 2007 NATO, calling out USA for invading Iraq and violating international law. Back in 2001 Putin was the first president after 9/11 to call Bush and offer condolences and they made a joint anti-terrorism initiative. Putin wanted to join NATO back in 2001, he asked the NATO heads but was always rejected. Since 2002(!) Russia tried to stop the invasion of Iraq in the security council and every other way it could but Bush couldn’t be stopped. That is when I think Russia realized that after Kosovo and Iraq, that NATO isnt purely defensive and USA isnt going to be constrained by international law. Putin’s speech in 2007 made Bush want to flip Russia’s neighbors (about which every ambassador said it was a red line for anyone in Russia, “not just Putin”) so the result was predetermined:

https://theconversation.com/ukraine-war-follows-decades-of-w...

As for why Bush did it — I will let Bush say it in his own words: https://www.youtube.com/watch?v=MTX5uvZWu3Q


Right - Bush "pressed for" Ukraine's membership, but he wasn't successful. And in fact Putin had executed (what he should have seen as) a successful containment strategy by that date, via purely diplomatic means. Sanity prevailed, reason prevailed -- but Putin invaded anyway. That's the key takeaway here.

As to the other tangents, briefly:

(1) No, the Georgia conflict was not "the same exact war". It bears a certain surface similarity, but for what should be obvious reasons, the analogy stops there. In particular Putin's attitude toward (and obsession with) Ukraine is in an entirely different universe from his attitude toward Georgia (the former he sees as basically a part of Russia; the latter merely as a buffer territory).

The situation in Georgia's breakaway regions is also entirely different; the violent aspects of these conflicts there go pretty far back (to the early 20th century, with major flare-ups beginning immediately after the dissolution of the USSR, and major atrocities inflicted by both sides).

There is, simply put, no analogy to be made with the situation with the regions of Ukraine that Putin is attempting to annex - which never saw any violent separatist conflict prior to Putin's invasion via proxy forces in 2014.

In short, there are huge, categorical distinctions between the two conflicts -- describing them as "the same exact war" is really quite silly.

(2) Re: Arakhmiya - your spin here is that the Ukrainians could have just walked away by making basically symbolic concessions (like agreeing not to join NATO), and all would have been well; and that we just don't really know happened because it was all behind closed doors.

This is a false characterization. By now we do have a pretty good idea of what happened, because the proceedings were quite famous and have been thoroughly investigated (for example in the Foreign Affairs article linked to in the thread below). In a nutshell, the concessions the Russians were demanding were not purely symbolic; rather they were demanding not only those, but drastic reductions in force that would have effectively left Ukraine without viable security guarantees of any kind. Against this backdrop there were also the atrocities happening on the ground in Bucha, Irpin and Mariupol, which in addition to providing a certain chilling effect, persuaded the Ukrainians that relying on Russia's good word for their security would not be in their best interest.

https://news.ycombinator.com/item?id=41812302

(3) There's no analogy between the Ukraine's paramilitaries and jihadists of any kind; that's just scare rhetoric. Once Russia invaded in March 2014, all bets were off -- and any help provided to Ukraine after that date was purely defensive, by definition, end of story.


I am making that analogy, there are so many elements in common, and the analogy to other proxy wars like Yemen too.

You could argue Brzezinski and CIA arming the mujahideen was also “purely defensive”, or Soviets arming the PLO a decade earlier was “purely defensive”. Both are nonsense, of course!

https://washingtonmonthly.com/2021/09/01/how-jimmy-carter-st...

https://www.counterpunch.org/1998/01/15/how-jimmy-carter-and...

And of course, after Yugoslavia and Libya we know that NATO isn’t a “purely defensive” organization, and its member states like USA sometimes form coalitions to go invade other countries, like Iraq or Afghanistan, and occupy them for years just like the Soviets.

You must not know the history of cold war proxy wars very well to ignore all the parallels and the patterns that repeat and repeat.

Isn’t it a bit silly to just say “period, end of story” and just deny it? This is how people solve problems — by looking at similar situations around the world. You don’t fix a refrigerator by refusing to look at every other refrigerator and treating it as a special snowflake. Same here.


You could argue Brzezinski and CIA arming the mujahideen was also “purely defensive”, or Soviets arming the PLO a decade earlier was “purely defensive”.

One could, but it'd be silly as you already know, and no one is doing that.

Hence, no analogy here.


Well, they shouldn't do it here either then. The analogy is quite deep since history repeats itself:

  CIA training paramilitaries against Russia/USSR
  Increasing the chances of Russia invading
  Giving ever more weapons to the "freedom fighters"
  Country ravaged and destroyed by war
  Lots of dead combatants & civilians (needlessly)


Of course the war in Ukraine is like other proxy wars (in Yemen, Afghanistan etc) and can be analyzed by comparing them. For example, Iran did the same with Houthis in Yemen, as US CIA did with far-right paramilitaries in Ukraine. If you call Putin an unelected dictator who bombs a neighboring country to maintain their influence and hegemony rather than let a rival take it over, then what do you call the Saudi monarchy doing that in Yemen? And now that country is ravaged by a decade of needless fighting in a proxy war. In any case, the Ukraine war is not a special snowflake, at all. It's very similar to many other proxy wars.

It's also a war in which Russia invades a country in an attept to bring it to the negotiating table to agree to permanently stop shelling two breakaway republics, very much like with Georgia, so we can see what happened in Georgia (i.e. Russia didn't continue to take over the country, at all) rather than invent fantasy scenarios that Russian orcs want to genocide all Ukrainians, or will go and take over the rest of Europe if they succeed in Ukraine, etc. It is quite reasonable to look at similar situations to infer what the motivations were. And it's NOT reasonable to say "it's all Putin" when every US ambassador said every Russian leader (including Medevedev with Georgia) would react the same way to the "red lines". 73% of the Russian public supports the Ukraine war just like 73% of the US public supported the Iraq war. Public support wars. Similarities matter, and they matter most of all because they help us understand how to prevent and end wars.

https://en.wikipedia.org/wiki/Russo-Georgian_War

For example with Georgia, despite all the similar motivations, and nearly the same actors in similar circumstances, the motivation to say "there is no analogy AT ALL, period, end of story" is that you can then claim Russia will be emboldened and continue its rampage further, if a peace agreement was reached. Most civilians want peace, and don't want carnage, so to justify continued carnage (resulting in 2 million dead civilians in Afghanistan, for instance), you need a narrative that is even worse than sending people to die in wars. So people bring up all kinds of claims (Russia will invade Europe if not stopped here etc.) So if a counterexample is brought up (e.g. Russia didn't continue past 1 week in Georgia) you have to shut it down very quickly. But the analogies are there, and the public's reactions on both sides is similar too:

https://www.reddit.com/r/toronto/comments/szfl96/when_the_so...


[delayed]


CIA training paramilitaries against Russia/USSR

In the case of Ukraine -- OSS training of partisan forces against the Wehrmacht would be an infinitely closer analogy.

The thing is, you seem to assume axiomatically that the CIA's training of stay-behind forces (a.k.a. "paramilitaries") in Ukraine after 2014 was intrinsically offensive, i.e. was done just to get up Russia's backside, for whatever nefarious purpose.

Well, I don't buy that axiom, the simple reason that after 2014 Ukraine had every right to defend itself, and creating stay-behind forces is just a standard way of doing that. Just as France, Italy, Poland, Yugoslavia, Greece and all the other countries in Europe had a perfect right to resist occupation by Nazi Germany via whatever means necessary and available to them, including the development of partisan forces.

as US CIA did with far-right paramilitaries in Ukraine.

Which "far-right paramilitaries" are you referring to? You seem to be confusing the stay-behind forces described in the article with quasi-independent militias like Azov. The two are entirely different, sharing nothing in common other than the slightly scary-sounding keyword "paramilitary" you keep latching onto.

Yet in your mind, they've fused into one and the same entity. Why is that?

It's also a war in which Russia invades a country in an attempt to bring it to the negotiating table to agree to permanently stop shelling two breakaway republics

Again, the Ukrainian regions on Putin's smash-and-grab list were never "breakaway republics" in the mold of Ossetia and Abkhazia, as has already been pointed out. There was no violent "conflict" of any kind in those regions until Putin's little green men began arriving in March 2014. There's just no analogy here. Doesn't matter how often you attempt to simply repeat it.

Nor did the 2022 invasion have anything to do with "stopping the shelling" in those regions -- that's just another talking point that people read somewhere and keep repeating and repeating, with no idea of what they're talking about, because there's simply no substance to it. In any case, it's definitely not why Putin launched the full-scale invasion.

Rather than invent fantasy scenarios that Russian orcs want to genocide all Ukrainians,

It's a fantasy scenario in your own head, because no one has ever suggested that Russia intends to "genocide all Ukrainians". That's just a straw man, with simply no substance behind it.

With that, I'm going to have to bow out, and let you figure this stuff out on your own. It's one thing to have different viewpoints about what these big awful governments and their respective agencies are up to. But we're nowhere near that kind of discussion. I just have the sense that you're extremely careless in your research, or are reading from very propagandized sources, or just not pausing to think critically about whatever stuff it is that you do read.


Ultimately none of these details matter given the elephant in the room: you're voting on some app using your private key, and using some app to check with your private key if the vote has been correctly registered. But you have 0 way of knowing if the system is using this data in the way it was presented. For all the info you have access to, the system can just as well work like this:

1. You cast your vote using the private key

2. This gets registered on a server, it remembers "this person voted for X"

3. When you ask the system "who is my vote registered for?" the system tells you "X"

4. When computing the totals used to decide the election, the system returns 90% Y, 10% X, regardless of the actual votes cast.

Now, this very simplistic scheme would be easily defeated by asking them to publish the whole database of votes. But that would just break the anonymity guarantee of the election, so it is a no-go. And if they destroy the relationship between your vote and your private key, then again you can't confirm anything.

By the way, because you were citing Estonia's e-voting, I read up on it a little: they have all of these problems, and more. For now, people choose to trust the government, I assume and hope rightfully. But their e-voting system relies entirely on secure client devices, it relies entirely on trust that the servers are running the published source code, it relies on the proprietary closed-source client app being trustworthy. And people have even hacked their own vote to show that it's possible, which their supreme court found is not a problem with the election, since it was still their own vote. They barely even have some form of verifiability, and even that is relatively new.

I have no doubt that if a pro-Russia party had a realistic chance at winning (such that the populace and the incombent government would accept the results of an election where they won), Russian state actors would hack their systems and seek to get their people elected (whether they would succeed is of course hard to say). As would the USA if, say, a Latin American state used electronic voting and had an election where the decision was important enough. Or China in Africa, or Israel in the Middle East, etc.

> I think we both know that a corrupt government would not want to secure elections with merkle trees and publish them online. Too much chance of being caught, and they’d have no way to fudge the results reliably.

I think you seriously don't understand what a sham election is, what people know about it, and why it is done. Sham elections don't use semi-sophisticated means of voter fraud that could be thwarted by a better voting scheme. They don't have corrupt officials surreptitiously changing or adding a few votes.

They are entirely ceremonial affairs, where both the people voting and all of the officials know what the results will show beforehand. Often there aren't even options on the ballot. Even if there are, people choosing the wrong option will be threatened, possibly arrested for political crimes, etc. Everyone in countries with sham elections is well aware their vote doesn't matter, or it only matters in so far as the wrong vote can be like wearing an "I hate Big Brother" hat out on the streets in 1984.

The purpose of a mock election is to have some semblance of a normal electoral process to have a minimum of plausible deniability to facetiously claim you are following a democratic process. If people overall believed that the right way to do elections is electronically and by publishing a Merkle tree of the results, corrupt governments would hold sham electronic elections and publish made up Merkle trees.

You'll then have stories from journalists going and asking for people to compare their votes against the public tree, and seeing their votes are different. Just like today you have journalists coming back with stories of entire villages voting for the dear leader when local villagers say they didn't even enter the polling station. And it will matter just as little: the ritual of the election is the only thing that matters.


Just to be clear - even though I say “Merkle Tree”, I am not saying the unhashed votes themselves would not be stored in it. The hashes are just to quickly verify integrity of the underlying data leaves (the actual votes people cast).

The anonymity is done between registration and voting. There is a cryptographic mixer like Tornado Cash that is responsible for the unlinkability, by “tumbling” the tokens to anonymize them while still making sure that each person voting legitimately had registered. (Never mind for a moment that the IP address of the voter can be tied to their address, that can be fixed too.)

So yes, ALL the votes are stored and published in the Merkle tree, and ANYONE can challenge the election, not by hearsay allegations but actual PROOF that anyone can verify. Because the public keys of the UX vendors are published along with the Merkle Tree and are caught red-handed signing conflicting votes. Either the corrupt districts or the UX vendors would have to risk literally ANYONE producing a smoking gun. It is that chilling effect that keeps them all honest, and why we have checksums for things in general. Having everyone in the world see proof of fraud is very different than a bunch of villagers claiming to a journalist locally that they hadn’t even voted.

So given this description, tell me directly — doesn’t it ADD a lot of security and reduce the attack surface and make elections standardized, cheaper and far more trustworthy - don’t you see the value in that?

Think about it — this scheme alone allows some great integrity features for elections. The “election Luddites” are essentially claiming that this has ZERO VALUE and shouldn’t even be tried, shouldn’t even be ADDED TO the existing paper systems even if you lost nothing, because it adds NO SECURITY. That is quite a claim given the properties I listed!

More generally, this is how Smart Contracts work and why they are valuable. Thousands of independently run nodes get to check the data and operations, which are public. The entire community benefits, and in fact the results of voting (eg how much UBI to give out) can be used on-chain. By lowering the cost of collective decision-making, blockchain technology enables a whole new level of efficiency (much like red lights enable better traffic flow), making things like elections or large marketplaces available to everyone without “offchain” corruption-peone mechanisms like surety bonds and reliability ratings (remember Lehman Brothers?)

Check out https://intercoin.org/applications — I would love to hear your thoughts on the other applications too.


> There is a cryptographic mixer like Tornado Cash that is responsible for the unlinkability, by “tumbling” the tokens to anonymize them while still making sure that each person voting legitimately had registered.

This is not anonymity, it is pseudonimity, if the system then records "person in control of key K voted for X". Sure, it may be impossible to tell who is that person, unless they come out. But that person can prove to anyone they want that they voted for X (assuming the system were trusted, see more on that below), so they can be forced to show someone who they voted for, either through direct coercion or as a condition for receiving money for their vote. In contrast, once you put a paper ballot in the urn, it is impossible for anyone to tell who you voted for.

> So given this description, tell me directly — doesn’t it ADD a lot of security and reduce the attack surface and make elections standardized, cheaper and far more trustworthy - don’t you see the value in that?

No, it only gives a false sense of security, which is worse. Everything you are describing relies on trust in the people that build these systems, trust in the people that invent the algorithms, trust in the people that invent the maths, trust in the chosen parameters of the cryptographic systems, and so on. Literally none of what you are describing works if you don't trust in all of these people to be (a) honest, and (b) really really good at what they're doing.

It's infamously easy to screw up an encryption implementation, even given a well known and accepted algorithm. It's even easier to screw up a market system and end up with perverse incentives which were not apparent when the system was put in place (like the infamous, though possibly apocryphal, cobra farms).

I asked you before as well: would you be happy to issue your vote from a PC that you know is infested with malware the CIA/FSB/etc controls? If not, then you must admit that the cryptographic guarantees are only a small part of the security of the process, and the whole thing, from client to network to server, needs to be perfectly secure or the election can be stolen.

And you are proposing to add this to a paper based ballot system that is (a) dead simple; (b) almost universally used; (c) proven secure enough in many thousands of elections.

I'll also note that, as always, the blockchain part is not adding anything to all of this. You can just as well have the encryption guarantees and an open protocol with government-run servers, WWW style; that would have all the same problems, but at least it wouldn't also require some bizarre proof-of-stake (what would even be the stake here???) or wasteful proof-of-work scheme to depend on for security.

Finally, I'll come back to this point:

> not by hearsay allegations but actual PROOF that anyone can verify

Nothing you are describing can prove anything. It all still relies on your claim that you were trying to vote X, but the system registered you as voting Y. It's your word against the system. You can be convinced yourself, but you can't 100% convince anyone else.

Edit: note, I am the same person as tsimiones, just posting from a different account from my work computer; not trying to make it seem like multiple people are taking my position or anything like that.


No, it only gives a false sense of security, which is worse. Everything you are describing relies on trust in the people that build these systems, trust in the people that invent the algorithms, trust in the people that invent the maths, trust in the chosen parameters of the cryptographic systems, and so on. Literally none of what you are describing works if you don't trust in all of these people to be (a) honest, and (b) really really good at what they're doing.

Now it's getting a bit silly. Imagine saying about all the technology infrastructure we use daily, such as electricity and computers, that since they require "trust in the people who built these systems, trust in the people who invent the algorithms, maths, and parameters of the curves etc" therefore they are giving a "false sense of security". No! The math isn't just arbitrary, the people aren't just cobbling together a computer I happen to buy. There are literally standards bodies, scientific literature, audits and much more. There are entire ecosystems for error-correction. Otherwise, throw away your technology, you're trusting phone and computer vendors, you're trusting mathematicians with math, and scientists with science... and that's actually worse than living in a world where you fetch water yourself from the river. What? No, it's not.

If you're down to those kind of arguments, I and people like me would conclude that you're out of good ones, and we have a good solution after all.

A paper ballot system isn't great at all -- it is far too slow and expensive and frustrating to run an election, and voter turnout is low for traveling and standing in line -- and certainly it is not "proven secure enough in many thousands of elections". Many elections around the world are disputed, contested, insecure, and the ones you think are secure, are also contested (e.g. the 2020 election, the 2000 election, the 2016 election). You dismiss it in cases you like (US elections) and are happy for your politicians dispute it in cases you don't like (Venezuela) etc. Even if the Supreme Court of Venezuela weighs in, you wouldn't trust it. It's a canvas on which everyone can paint their own outcome, and claim the other side "stole" the election (as if their side didn't engage in similar shenanigans to cancel it out).

If we switched to electronic systems, verification would be so cheap that anyone could do it (as it is for, say, verifying files you downloaded from the Internet with a checksum, which wasn't always the case with previous technology such as analog-to-digital MoDeMs without cryptographic security) -- not only that but it would enable so many more applications. Imagine using Git version control without a SHA1 checksum, and just "trusting the system" to never flip a bit. Imagine not being able to use Merkle Trees for downloading files, verifying their integrity, etc. These things not only improve security and reliability at almost no cost, but enable a whole class of things that would be impossible with pen and paper. Seriously you don't see a difference between, say, BitTorrenting movies and Roman scribes copying into a clay pad? Oh, but we're trusting people who discovered electricity, invented general-purpose computers and the hash algorithms, what if they're trying to trick us and will finally rugpull us all in 2025? Alan Turing and John Von Neumann will have the last laugh as we'll all download the RickRoll files instead of the ones we want.

Nothing you are describing can prove anything. It all still relies on your claim that you were trying to vote X, but the system registered you as voting Y. It's your word against the system. You can be convinced yourself, but you can't 100% convince anyone else.

Not at all. If someone was able to record a signature that their voting gateway signed vote for X as vote for X, but then later that same service claimed they voted for Y, they are caught red-handed cryptographically signing with the private key two conflicting votes. You're equating that to some villagers telling some journalist on camera that they never voted. Ugh. One can be verified by anyone, the other is just hearsay by some journalist.


There is a major difference between trusting regular infrastructure and trusting elections infrastructure. The threat model is completely different. For one, vote secrecy makes it impossible to prove that your vote was mis-registered. For another, in normal situations the cyber-adversaries I need to worry about are regular criminals, for which basic computer security practices are good enough. But votes in an election are improtant enough that nation-state actors are a real threat, and I am absolutely certain that my phone or laptop are not secure against hacking attempts by a nation, or even potentially my own government!

Not to mention, elections are the only situation where trust in my government is not fully possible: the current government has too much incentive to steal votes secretly. So, unlike the electrical grid, roads, financial infra and so on, I can't rely on implicit trust in the government to trust elections.

> If someone was able to record a signature that their voting gateway signed vote for X as vote for X, but then later that same service claimed they voted for Y, they are caught red-handed cryptographically signing with the private key two conflicting votes.

If. What if instead my voting app is showing me that my vote was correctly registered, and that key verification succeeded while the polls are still open, but once the polls close, it shows me that in reality the server registered the opposite vote? How do I prove to anyone else that I voted for X and the app was showing me I voted for X, but now the system shows I voted for Y, and that is what is recorded in the official counted results?

This doesn't even require anyone breaking the encryption: the app can just show me a lie, or some malware can intercept the display info and show a different result, etc. To not leave any trace, the malware even deletes itself from the system as soon as the election timeout expires. Or maybe I am just lying and nothing wrong happened: I voted for Y, the system recorded I voted for Y, and now I'm just trying to cast doubt. Same as a paper based election, anyone can claim anything, and it's exactly as impossible to prove one way or the other.

Plus, again, only a very very very small group of people can actually confirm for themselves that all of these complicated crypto algorithms actually do what they promise to do. Especially when looking at the end to end system. I for one am certain I couldn't verify for myself that all steps of such a system is secure. I would bet you can't either. If, say, Ron Rivest (of RSA fame) came out and said the cryptography used in the election is broken, while Adi Shamir (same) said it isn't, I would have no way to be certain which is right, and even if I tried to verify the math myself, I wouldn't trust myself as much as either of them.


You’re still misunderstanding how it works.

First of all, blockchains are a third party ledger, which is maintained by many independent nodes are the large ones are infeasible to corrupt by a nation-state. The attack could only happen at the point where you sign transactions for the smart contracts.

Voters are required to use at least 2 devices, such as scanning a QR code on their laptop (which runs Chrome) with their phone (which runs Safari).

The QR code contains (or points to) a vote that is cryptographically signed by one gateway. The website or app on the phone checks this QR code and displays the same result back to you, and you confirm it on eg your phone’s screen.

On both gateways (call them Services A and B) you indicated your preference, and digitally signed it, not just with your own key, but there is attestation by the device’s own private key, which is derived from the vendor’s key, meaning the vendor stands behind what their device or app does.

Let’s assume absolutely every signature service cannot be trusted, including all your crypto wallets, incouding Apple’s secure enclave, everything is designed to be sleeper agent to mislead you on the day of the election. They just really want to change everyone’s vote. You can still prove which services were corrupted!

Let’s say that you got signature Service A and Service B to sign two different candidates during the same chain of QR code confirmations. The proof is there that at least one of the services was corrupt. Even if it happened only once, with one voter. The indelible proof is on a blockchain and replicated so nation states can’t hide it. So no Service would agree to volunteer such a blatant proof of its own corruption, given the cost to its vendor. It would only happen if the Service would be hacked by an employee of the vendor, and that would only hurt the vendor, not the election. The vendor would try to eliminate this possibility as much as possible.

However, if service A one lied to you, and you found out after scanning the QR code with Service B, then you wouldn’t want to submit your faulty vote with service B when it revealed that to you. But the service B would already would have provable dirt on service A. Not conclusive, since the voter could after all be someone who would rather complain about a non-faulty system than vote. I won’t speculate on chances of many registered voters not wanting to vote but simply make up fake complaints about the system, but I don’t think regular users should face penalties for lying, so I’ll just accept this as a serious possibility. All I will say is, these people are similar to those who stay out and don’t vote now. It’s an issue of “turnout”.

But even in this scenario (of a malicious voter rather than malicious service), Service B would then be required to do the reverse — process your other vote, and sign the transaction, then anonymously submit it to Service A to be signed. Service A would have to either refuse to cooperate with Service B, or sign it. After that, you’d be given a QR code presented by Service B, and verify it with Service A.

Of course there could be far more than just a of Services A and B. There could be 100 services (eg web-based) and voters could be required to go through a chain of 3 of them, as determined from a random oracle (ie they don’t get to pick who to collude with). You’d get the list of 3, and an honest service would simply redirect you to the next one as you bounce between two devices via QR codes.

  Service A on Laptop
  Service B on Phone
  Service C on Laptop - done
Everything that’s signed goes into a third-party gossipped / replicated log (doesn’t have to be a blockchain, there doesn’t have to be a total order). This log / heap is what contains the indelible proofs that can be found out anytime after the fact, which is why every service must be careful to mess up even once.

You see, there is a huge difference between actors/nodes simply voting between some arbitrary choices A and B, and nodes voting while also following cryptographic constraints amd creating a trail where cheating at any step can be caught and proven later. The latter is much harder to pull off and, given costly enough consequences, creates chilling effects and strong incentives to be honest. This is what many BFT algorithms get wrong and why they fail in the presence of over 33% malicious nodes.

https://youtu.be/BYRTvoZ3Rho?si=AGbuwZlJ85G3KXPg


We're still chasing around the same issue. Say the following happens:

1. I open my laptop, and I say I want to vote for Alice. It presents a QR code.

2. I open my phone and scan the QR code. It says I'm voting for Bob.

I repeat this five times and the same happens. What do I do next? Assume I'm also afraid of publicly admitting I'm voting for Alice. Assume this only happens for a small part of the electorate, say 1-2%.

Here is another scenario: I have a sophisticated malware on both my phone and laptop.

1. I open my laptop, and say I want to vote for Alice. The malware connects to a voting server and asks it for a vote for Bob. The voting server replies with a QR code that proves I voted for Bob. The malware on my laptop then prints a QR code that says "hey, phone malware! this person thinks they voted for Alice, and here is the validation for their vote for Bob".

2. I open my phone and scan this QR code. The malware on my phone tells me "Yup, this is a vote for Alice". I press "Vote", and it sends the information from the Bob vote to the validation server. I'm happy that I voted for Alice, but the system has recorded that I voted for Bob, with all necessary signatures.

3. Even if the system includes the ability to check your vote, I can't prove to anyone else that I was trying to vote for Alice.

Now, if this happens to a huge number of people, the election may be contested and re-done (in a functioning democracy; in a dictatorship, it was the whole point). But what if it happens to a small minority, enough to only steal 1-2% of the vote? What if it's additionally well targeted to people that aren't generally trusted by their peers, so that they will be easily written off as cranks?

Also, what if I come out claiming this is what happened to me, but this didn't actually happen? What if I'm a celebrity, or a well-known scientist? What if I'm actually Alice herself, shamelessly lying to my voters that the election was stolen?

Another scenario that defeats this scheme, that I haven't even touched on before:

I am coerced, defrauded, or payed to share my private key with a third party. They vote in my name from the comfort of their own home, with every single system you described attesting that my vote was cast legally.

Try to prove that I shared my key, while still preserving the anonymity of private key <-> individual person association.

And this doesn't even get into how the private keys are given to every single person in a country without revealing them to a third party in the first place, but also without generating valid private keys for people who aren't entitled to vote.


In reality, instead of 2 distrusting parties (democrats and republicans) in each polling place, there would be 100 mutually competing / distrusting services that would like nothing better than to expose the other services as frauds with indelible cryptographic proofs. That's the basis of Byzantine Fault Tolerant consensus protocols.

In the first scenario, to answer your question, if service 1 kept being faulty (saying you vote for Bob when you voted for Alice) then you'd simply increment your nonce and try another VoteChain that starts with service 52. The VoteChain determines which 3-4 services out of the 100 are consulted, and in what order. You have a few nonces, up to 10. If you claim ALL random services you've tried are faulty, then yeah, go ahead and sit out the vote, you're probably just a liar and complainer. They don't know who you are, so the chances of them being good for 100 other people and specifically not good for you, 10 times in a row, are very small. And even if it was true, that's 1 vote out of many. Now if this happens more frequently, then these services could be dropped from the 100, pending investigation -- which is easy since the services don't know who is voting, could be the police. So why would the services risk being on the hook for this?

In all your examples, you're begging the question.

In 1 and 2 in the second scenario, you assume that your own phone AND your own laptop AND all the servers all have malware and are undetectably malicious. In that case, you have much bigger problems -- they can, for example, steal money from many people, send messages to ruin relationships and reputations, and much more. In your example, large swaths of people can't trust any of your devices. In that case, society as a whole is cooked. It's not quite as paranoid as "not trusting the cryptographic algorithms and math", but it's close.

Let's assume that the Trusted Computing Base isn't compromised. Because if it is, then you may as well also distrust all the poll workers as being corrupt, and the media as reporting the wrong result, etc. After all, this system is being added ON TOP of the existing system, so it can only ADD security.

Regarding giving out private keys without revealing them to a third party, I have already said that's a strawman. They'd be giving out tokens that are used to prove that you have 1 vote, and they are put through a mixer by the people, like pulling numbers out of a hat. On the other hand, the public/private key pairs are generated by the person on their own devices (e.g. in the secure enclave). You can't steal these keys so easily, unless you steal the person's phone AND coerce them to enter biometrics when voting. But then you could just make them do a wire transfer or anything else.

Look, about this constant refrain about "coersion, defrauding, etc" this happens already. Voter intimidation can happen already, preventing you from going to a polling place, or simply disenfranchising you making it too inconvenient or far to go. It's a much BIGGER problem now, that would be REDUCED if you could vote from your phone, and on net you'd have an improvement.

Also, since in the USA you don't need to present ID while voting, a person could tie you up in your basement and go vote as you. Since in your hypopthetical world, illegal coersion and force and defrauding has no consequences apparently, then that would mean in CURRENT voting schemes, people could just vote as others.

Heck, in Australia, I could even get someone in trouble by voting AS THEM. Their name would appear twice. In Australia, they fine you if you didn't show up to vote. So without IDs, you can get in trouble either way (if you don't show up, or if you supposedly voted twice).

I'm telling you, the same people who claim IDs are totally unnecessary for voting, are the same people trying to find attacks on cryptographically secure voting. But many of these "rubber hose attacks" are already doubly possible in today's "physical" voting schemes, along with all the other downsides (the cost, the speed, the scandals, as you can see with uncertainty in elections around the world).

30% of the USA thinks that the 2020 election results were illegitimate. You can't wave that away as "well, our paper elections are great, they're just partisan hacks/deluded". I bet you with cryptographic elections, that 30% would be far less, and elections / referendums would also be cheaper and easier to do all the time. You wouldn't need to do it once every 4 years and spend billions AND it would be more reliable.

https://www.umass.edu/political-science/


As for Byzantine fault tolerance, I'm not sure I understand how you'd reach a lot of competing services. Who is paying for all of this? The voters definitely aren't. The state can choose to only pay for nodes friendly to the current government if it wants. So who else?

In 2, I explicitly said that it is only my devices that are infected, not the servers. My devices communicate to the servers exactly as if I had voted for Bob, but they show me that I'm voting for Alice.

In scenario 1, it could be either one. If it's my own devices that are compromised and refusing to let me vote for who I want is to add, then it doesn't matter which of the many vote services I connect to, the result will be the same. It's just a simpler variant of 2, in this case.

Also, this is all not "added on top of" the existing system, because poll workers today only need to know how to count votes. To handle this enormously complex system, they have to know a HELL of a lot more, even to help voters. So, you need entirely new people in all of this, replacing the dead simple system that even an illiterate person can successfully volunteer for, with a system that requires IT people and others.

And if you'll say "but you can always fall back to the paper polling system", that means we're adding a bunch of cost, so it makes the bar even higher to prove so much extra effectiveness for this. Plus all the insecurity now compounds - the security of a system is equal to the security of its weakest component, so adding a strong security component on a weak system has no effect. And if I'm right and the e-voting system is more easily attackable, then we've actively worsened the security of the whole vote by adding it on top of the old system.

For the "tokens" that you're giving: those are either private keys (in which case, whoever gave you the token might be holding on to a copy), or they're not (in which case, they don't play a part in the cryptography). I can generate a private key all I want, but someone needs to take the corresponding public key if I am to participate in the system. With Bitcoin, this is not an issue as we're not trying to enforce one man - one wallet, quite the opposite.

In all the talk about the intimidation issues with the current system, you've ignored the core difference: in the current system, I may be able to dissuade you from voting, but I can't vote in your stead. Even if I try to, I am generating video evidence at every polling station that I do it. And it doesn't scale: the more places I go to, the bigger a chance that I'll end up being caught.

But with home voting, I can collect private keys (and tokens, whatever those are) from 100k people and vote through all of them however I like. I am not going anywhere official, so at worse I have to hide my IP so it's not like too many votes are coming from a single place.

I'll be fair and note that this is also a problem for mail-in voting. It's a big reason why I'm not a supporter of mail-in voting either, and am happy that my country doesn't do it. By the way, the fact that the USA doesn't require ID to vote also seems crazy to me. I understand the reasons for it, but the fixes are so simple (but take a lot of time) that it's amazing to me that they are not even discussing implementing them.

And related to distrust in the current voting system, particularly in regards to the 2020 and the 2000 elections: most of the distrust was actually focused on (a) voting machines [hanging chads in 2000, "Venezuelan" voting machines in 2020], or (b) voter registration issues. Moving to an entirely electronic system as you describe makes (a) MUCH worse, and doesn't improve (b) in the slightest (as you still need to register just the same).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: