The contentious U.S. presidential election elevated a number of critical security issues to the forefront, perhaps none more important for the long-term than questions of voter fraud and electronic voting security.
If voting is ever to move away from paper ballots, the integrity of the process must be intact first. A team of engineering and policy students at New York University took a stab at a solution that applies blockchain to the problem. The students, Kevin Kirby, Anthony Masi and Fernando Maymi, architected what they call a permissioned blockchain system, dubbed Votebook, that hinges on a central authority such as a state or Federal Election Commission overseeing the distribution of cryptographic keys to the nodes—or voting machines—in the network.
Their proposal earned them first place and a $10,000 prize in the Cybersecurity Case Study Competition sponsored by The Economist and Kaspersky Lab. The contest was open to collegiate students and it tasked them with using blockchain technology and applying it to the security of digital voting systems. The NYU team edged out teams from the University of Maryland and Newcastle University in the U.K.
“Part of our strategy early was to rule out fantastical ideas that were technically cool, but not practical in real life,” Kirby said. Their system avoids the burden of wholesale changes to the voting process; votes would still be cast on touchscreens and the process of securing it happens seamlessly in the background.
“The toughest thing about any voter system is the behavior change you would have to walk through with the electorate. Our architecture skirts that and avoids that burden,” Kirby said. “It sits nicely by virtue of the features of blockchain it can scale well and fit in with the way U.S. elections are set up.”
Unlike the Bitcoin implementation of blockchain which is trustless and open to anyone, using blockchain to secure an election requires trust and parameters limiting voting to local or national jurisdictions. To insert that trust into their system, the NYU team places that responsibility with a central authority and allows it to administer the blockchain in a permissions format, Kirby said.
“Essentially, you’re giving permission to the nodes of the blockchain so that not just anyone can participate. An election commission would say ‘Here’s your crytopgraphic key pair, and that’s what you’re going to use,'” Kirby said.
The NYU team describes Votebook in a paper how the nodes must have prior permission from the central authority to make changes to the blockchain ledger. The voting machines will generate a private and public key pair and send its public key to an election commission, which will compile the public keys into a table and redistribute that table to all voting machines. Once votes are collected, they are organized into a block and proposed to the network, the paper says.
“The proposed block will consist of the node’s unique identifier, a timestamp, and three validation segments: first, a set of rows, each row representing one voter and his vote; second, the block will contain a hash of the previous block in the database; finally, the block will contain a digital signature, which means the node will use its private key to encrypt a hash digest of the rest of the block. The proposing node will broadcast the block to the network, and every other node in the network will check the validity of the block’s components.”
The other nodes will use a public key to decrypt the hash of the block and verify it, along with verification of the previous block in the database. If those conditions are met, the NYU team wrote, the receiving node adds the new block to the database.
Kirby said that an auditing function was equally prioritized by the NYU team, one included paper results to back up the blockchain digital ledger.
“Everything we read during our research was that computer scientists came to almost a complete consensus that there needs to be a paper trail,” Kirby said.
Kirby said the application of blockchain makes sense when securing a critical system such as voting machines and the electoral process.
“Aspects of it such as the distributed ledger are really great because there’s not single point of failure. It does run autonomously and you can go back and prove everything,” Kirby said. “Validate the cryptographic hashes involved, that maintains the integrity of the whole system. It really is tamper-proof, or as close as you can possibly get.”
Eugene Kaspersky, chairman and CEO of Kaspersky Lab said the contest presented the next generation of experts with a challenge.
“There was a lot of good work there! The challenges of cybersecurity mean the next generation of experts face a changing frontier – there will be plenty of things to work on and securing digital voting systems for national elections is just one example,” Kaspersky said. “If cybercriminals exploited one small vulnerability, it could potentially change the course of a nation’s history, and these young scholars are bringing us one step closer to making secure digital voting a reality.”
The NYU team, in the meantime, said it was humbled that its idea could have a place in securing electronic voting going forward.
“It would be humbling to have an impact on that debate of how to prevent voter fraud and shore up public trust in the election system,” Kirby said. “Blockchain has a really powerful ability to enable trust. The proof is right there and it’s a lot tougher to question the integrity of a blockchain than any other system we have.”