First of all, blockchains are a third party ledger, which is maintained by many independent nodes are the large ones are infeasible to corrupt by a nation-state. The attack could only happen at the point where you sign transactions for the smart contracts.
Voters are required to use at least 2 devices, such as scanning a QR code on their laptop (which runs Chrome) with their phone (which runs Safari).
The QR code contains (or points to) a vote that is cryptographically signed by one gateway. The website or app on the phone checks this QR code and displays the same result back to you, and you confirm it on eg your phone’s screen.
On both gateways (call them Services A and B) you indicated your preference, and digitally signed it, not just with your own key, but there is attestation by the device’s own private key, which is derived from the vendor’s key, meaning the vendor stands behind what their device or app does.
Let’s assume absolutely every signature service cannot be trusted, including all your crypto wallets, incouding Apple’s secure enclave, everything is designed to be sleeper agent to mislead you on the day of the election. They just really want to change everyone’s vote. You can still prove which services were corrupted!
Let’s say that you got signature Service A and Service B to sign two different candidates during the same chain of QR code confirmations. The proof is there that at least one of the services was corrupt. Even if it happened only once, with one voter. The indelible proof is on a blockchain and replicated so nation states can’t hide it. So no Service would agree to volunteer such a blatant proof of its own corruption, given the cost to its vendor. It would only happen if the Service would be hacked by an employee of the vendor, and that would only hurt the vendor, not the election. The vendor would try to eliminate this possibility as much as possible.
However, if service A one lied to you, and you found out after scanning the QR code with Service B, then you wouldn’t want to submit your faulty vote with service B when it revealed that to you. But the service B would already would have provable dirt on service A. Not conclusive, since the voter could after all be someone who would rather complain about a non-faulty system than vote. I won’t speculate on chances of many registered voters not wanting to vote but simply make up fake complaints about the system, but I don’t think regular users should face penalties for lying, so I’ll just accept this as a serious possibility. All I will say is, these people are similar to those who stay out and don’t vote now. It’s an issue of “turnout”.
But even in this scenario (of a malicious voter rather than malicious service), Service B would then be required to do the reverse — process your other vote, and sign the transaction, then anonymously submit it to Service A to be signed. Service A would have to either refuse to cooperate with Service B, or sign it. After that, you’d be given a QR code presented by Service B, and verify it with Service A.
Of course there could be far more than just a of Services A and B. There could be 100 services (eg web-based) and voters could be required to go through a chain of 3 of them, as determined from a random oracle (ie they don’t get to pick who to collude with). You’d get the list of 3, and an honest service would simply redirect you to the next one as you bounce between two devices via QR codes.
Service A on Laptop
Service B on Phone
Service C on Laptop - done
Everything that’s signed goes into a third-party gossipped / replicated log (doesn’t have to be a blockchain, there doesn’t have to be a total order). This log / heap is what contains the indelible proofs that can be found out anytime after the fact, which is why every service must be careful to mess up even once.
You see, there is a huge difference between actors/nodes simply voting between some arbitrary choices A and B, and nodes voting while also following cryptographic constraints amd creating a trail where cheating at any step can be caught and proven later. The latter is much harder to pull off and, given costly enough consequences, creates chilling effects and strong incentives to be honest. This is what many BFT algorithms get wrong and why they fail in the presence of over 33% malicious nodes.
We're still chasing around the same issue. Say the following happens:
1. I open my laptop, and I say I want to vote for Alice. It presents a QR code.
2. I open my phone and scan the QR code. It says I'm voting for Bob.
I repeat this five times and the same happens. What do I do next? Assume I'm also afraid of publicly admitting I'm voting for Alice. Assume this only happens for a small part of the electorate, say 1-2%.
Here is another scenario: I have a sophisticated malware on both my phone and laptop.
1. I open my laptop, and say I want to vote for Alice. The malware connects to a voting server and asks it for a vote for Bob. The voting server replies with a QR code that proves I voted for Bob. The malware on my laptop then prints a QR code that says "hey, phone malware! this person thinks they voted for Alice, and here is the validation for their vote for Bob".
2. I open my phone and scan this QR code. The malware on my phone tells me "Yup, this is a vote for Alice". I press "Vote", and it sends the information from the Bob vote to the validation server. I'm happy that I voted for Alice, but the system has recorded that I voted for Bob, with all necessary signatures.
3. Even if the system includes the ability to check your vote, I can't prove to anyone else that I was trying to vote for Alice.
Now, if this happens to a huge number of people, the election may be contested and re-done (in a functioning democracy; in a dictatorship, it was the whole point). But what if it happens to a small minority, enough to only steal 1-2% of the vote? What if it's additionally well targeted to people that aren't generally trusted by their peers, so that they will be easily written off as cranks?
Also, what if I come out claiming this is what happened to me, but this didn't actually happen? What if I'm a celebrity, or a well-known scientist? What if I'm actually Alice herself, shamelessly lying to my voters that the election was stolen?
Another scenario that defeats this scheme, that I haven't even touched on before:
I am coerced, defrauded, or payed to share my private key with a third party. They vote in my name from the comfort of their own home, with every single system you described attesting that my vote was cast legally.
Try to prove that I shared my key, while still preserving the anonymity of private key <-> individual person association.
And this doesn't even get into how the private keys are given to every single person in a country without revealing them to a third party in the first place, but also without generating valid private keys for people who aren't entitled to vote.
In reality, instead of 2 distrusting parties (democrats and republicans) in each polling place, there would be 100 mutually competing / distrusting services that would like nothing better than to expose the other services as frauds with indelible cryptographic proofs. That's the basis of Byzantine Fault Tolerant consensus protocols.
In the first scenario, to answer your question, if service 1 kept being faulty (saying you vote for Bob when you voted for Alice) then you'd simply increment your nonce and try another VoteChain that starts with service 52. The VoteChain determines which 3-4 services out of the 100 are consulted, and in what order. You have a few nonces, up to 10. If you claim ALL random services you've tried are faulty, then yeah, go ahead and sit out the vote, you're probably just a liar and complainer. They don't know who you are, so the chances of them being good for 100 other people and specifically not good for you, 10 times in a row, are very small. And even if it was true, that's 1 vote out of many. Now if this happens more frequently, then these services could be dropped from the 100, pending investigation -- which is easy since the services don't know who is voting, could be the police. So why would the services risk being on the hook for this?
In all your examples, you're begging the question.
In 1 and 2 in the second scenario, you assume that your own phone AND your own laptop AND all the servers all have malware and are undetectably malicious. In that case, you have much bigger problems -- they can, for example, steal money from many people, send messages to ruin relationships and reputations, and much more. In your example, large swaths of people can't trust any of your devices. In that case, society as a whole is cooked. It's not quite as paranoid as "not trusting the cryptographic algorithms and math", but it's close.
Let's assume that the Trusted Computing Base isn't compromised. Because if it is, then you may as well also distrust all the poll workers as being corrupt, and the media as reporting the wrong result, etc. After all, this system is being added ON TOP of the existing system, so it can only ADD security.
Regarding giving out private keys without revealing them to a third party, I have already said that's a strawman. They'd be giving out tokens that are used to prove that you have 1 vote, and they are put through a mixer by the people, like pulling numbers out of a hat. On the other hand, the public/private key pairs are generated by the person on their own devices (e.g. in the secure enclave). You can't steal these keys so easily, unless you steal the person's phone AND coerce them to enter biometrics when voting. But then you could just make them do a wire transfer or anything else.
Look, about this constant refrain about "coersion, defrauding, etc" this happens already. Voter intimidation can happen already, preventing you from going to a polling place, or simply disenfranchising you making it too inconvenient or far to go. It's a much BIGGER problem now, that would be REDUCED if you could vote from your phone, and on net you'd have an improvement.
Also, since in the USA you don't need to present ID while voting, a person could tie you up in your basement and go vote as you. Since in your hypopthetical world, illegal coersion and force and defrauding has no consequences apparently, then that would mean in CURRENT voting schemes, people could just vote as others.
Heck, in Australia, I could even get someone in trouble by voting AS THEM. Their name would appear twice. In Australia, they fine you if you didn't show up to vote. So without IDs, you can get in trouble either way (if you don't show up, or if you supposedly voted twice).
I'm telling you, the same people who claim IDs are totally unnecessary for voting, are the same people trying to find attacks on cryptographically secure voting. But many of these "rubber hose attacks" are already doubly possible in today's "physical" voting schemes, along with all the other downsides (the cost, the speed, the scandals, as you can see with uncertainty in elections around the world).
30% of the USA thinks that the 2020 election results were illegitimate. You can't wave that away as "well, our paper elections are great, they're just partisan hacks/deluded". I bet you with cryptographic elections, that 30% would be far less, and elections / referendums would also be cheaper and easier to do all the time. You wouldn't need to do it once every 4 years and spend billions AND it would be more reliable.
As for Byzantine fault tolerance, I'm not sure I understand how you'd reach a lot of competing services. Who is paying for all of this? The voters definitely aren't. The state can choose to only pay for nodes friendly to the current government if it wants. So who else?
In 2, I explicitly said that it is only my devices that are infected, not the servers. My devices communicate to the servers exactly as if I had voted for Bob, but they show me that I'm voting for Alice.
In scenario 1, it could be either one. If it's my own devices that are compromised and refusing to let me vote for who I want is to add, then it doesn't matter which of the many vote services I connect to, the result will be the same. It's just a simpler variant of 2, in this case.
Also, this is all not "added on top of" the existing system, because poll workers today only need to know how to count votes. To handle this enormously complex system, they have to know a HELL of a lot more, even to help voters. So, you need entirely new people in all of this, replacing the dead simple system that even an illiterate person can successfully volunteer for, with a system that requires IT people and others.
And if you'll say "but you can always fall back to the paper polling system", that means we're adding a bunch of cost, so it makes the bar even higher to prove so much extra effectiveness for this. Plus all the insecurity now compounds - the security of a system is equal to the security of its weakest component, so adding a strong security component on a weak system has no effect. And if I'm right and the e-voting system is more easily attackable, then we've actively worsened the security of the whole vote by adding it on top of the old system.
For the "tokens" that you're giving: those are either private keys (in which case, whoever gave you the token might be holding on to a copy), or they're not (in which case, they don't play a part in the cryptography). I can generate a private key all I want, but someone needs to take the corresponding public key if I am to participate in the system. With Bitcoin, this is not an issue as we're not trying to enforce one man - one wallet, quite the opposite.
In all the talk about the intimidation issues with the current system, you've ignored the core difference: in the current system, I may be able to dissuade you from voting, but I can't vote in your stead. Even if I try to, I am generating video evidence at every polling station that I do it. And it doesn't scale: the more places I go to, the bigger a chance that I'll end up being caught.
But with home voting, I can collect private keys (and tokens, whatever those are) from 100k people and vote through all of them however I like. I am not going anywhere official, so at worse I have to hide my IP so it's not like too many votes are coming from a single place.
I'll be fair and note that this is also a problem for mail-in voting. It's a big reason why I'm not a supporter of mail-in voting either, and am happy that my country doesn't do it. By the way, the fact that the USA doesn't require ID to vote also seems crazy to me. I understand the reasons for it, but the fixes are so simple (but take a lot of time) that it's amazing to me that they are not even discussing implementing them.
And related to distrust in the current voting system, particularly in regards to the 2020 and the 2000 elections: most of the distrust was actually focused on (a) voting machines [hanging chads in 2000, "Venezuelan" voting machines in 2020], or (b) voter registration issues. Moving to an entirely electronic system as you describe makes (a) MUCH worse, and doesn't improve (b)
in the slightest (as you still need to register just the same).
First of all, blockchains are a third party ledger, which is maintained by many independent nodes are the large ones are infeasible to corrupt by a nation-state. The attack could only happen at the point where you sign transactions for the smart contracts.
Voters are required to use at least 2 devices, such as scanning a QR code on their laptop (which runs Chrome) with their phone (which runs Safari).
The QR code contains (or points to) a vote that is cryptographically signed by one gateway. The website or app on the phone checks this QR code and displays the same result back to you, and you confirm it on eg your phone’s screen.
On both gateways (call them Services A and B) you indicated your preference, and digitally signed it, not just with your own key, but there is attestation by the device’s own private key, which is derived from the vendor’s key, meaning the vendor stands behind what their device or app does.
Let’s assume absolutely every signature service cannot be trusted, including all your crypto wallets, incouding Apple’s secure enclave, everything is designed to be sleeper agent to mislead you on the day of the election. They just really want to change everyone’s vote. You can still prove which services were corrupted!
Let’s say that you got signature Service A and Service B to sign two different candidates during the same chain of QR code confirmations. The proof is there that at least one of the services was corrupt. Even if it happened only once, with one voter. The indelible proof is on a blockchain and replicated so nation states can’t hide it. So no Service would agree to volunteer such a blatant proof of its own corruption, given the cost to its vendor. It would only happen if the Service would be hacked by an employee of the vendor, and that would only hurt the vendor, not the election. The vendor would try to eliminate this possibility as much as possible.
However, if service A one lied to you, and you found out after scanning the QR code with Service B, then you wouldn’t want to submit your faulty vote with service B when it revealed that to you. But the service B would already would have provable dirt on service A. Not conclusive, since the voter could after all be someone who would rather complain about a non-faulty system than vote. I won’t speculate on chances of many registered voters not wanting to vote but simply make up fake complaints about the system, but I don’t think regular users should face penalties for lying, so I’ll just accept this as a serious possibility. All I will say is, these people are similar to those who stay out and don’t vote now. It’s an issue of “turnout”.
But even in this scenario (of a malicious voter rather than malicious service), Service B would then be required to do the reverse — process your other vote, and sign the transaction, then anonymously submit it to Service A to be signed. Service A would have to either refuse to cooperate with Service B, or sign it. After that, you’d be given a QR code presented by Service B, and verify it with Service A.
Of course there could be far more than just a of Services A and B. There could be 100 services (eg web-based) and voters could be required to go through a chain of 3 of them, as determined from a random oracle (ie they don’t get to pick who to collude with). You’d get the list of 3, and an honest service would simply redirect you to the next one as you bounce between two devices via QR codes.
Everything that’s signed goes into a third-party gossipped / replicated log (doesn’t have to be a blockchain, there doesn’t have to be a total order). This log / heap is what contains the indelible proofs that can be found out anytime after the fact, which is why every service must be careful to mess up even once.You see, there is a huge difference between actors/nodes simply voting between some arbitrary choices A and B, and nodes voting while also following cryptographic constraints amd creating a trail where cheating at any step can be caught and proven later. The latter is much harder to pull off and, given costly enough consequences, creates chilling effects and strong incentives to be honest. This is what many BFT algorithms get wrong and why they fail in the presence of over 33% malicious nodes.
https://youtu.be/BYRTvoZ3Rho?si=AGbuwZlJ85G3KXPg