“On-chain voting fundamentally degrades to plutocracy” 
That’s the whole idea of cryptocurrency, isn’t it?
This summer, a group of researchers at Cornell look at “on chain” voting and find many fundamental flaws . Aside from the “one dollar, one vote” fundamentals, voting via “smart contracts” is vulnerable to, wait for it, vote buying. *Gasp* Who saw that coming?
Look, voting is all about trust. Any voting beyond a group of people you know personally involves protocols for assuring trust in the votes. So why would a “trustless” blockchain be a good way to accomplish that?
It’s not exactly that simple, of course. If you can establish adequate protocols to create trust where you need it, then a blockchain might be a useful tool for reliably broadcasting and archiving the results and other important data. But a blockchain per se doesn’t make a voting scheme “fair” or “free” or anything else without good protocols on top.
And a blockchain is only a useful tool to the degree that it can be “trusted” to not screw up the intentions of the protocols.
The point of the article is that the very design of blockchains is inherently susceptible to several kinds of mischief and cheating. Worse, the cheating would be invisible and, in that unique blockchain-way, irreversible.
Electronic voting has been studied for decades, and the research shows that it is extremely difficult to get right. Academic research also shows that they require trusted third parties. Blockchain voting schemes generally ignore this research, and, in any case, permissionless blockchains cannot implement coercion-free voting.
“The blockchain space today, with predictable results, continues its tradition of ignoring decades of study and instead opts to implement the most naive possible form of voting: directly counting coin-weighted votes in a plutocratic fashion, stored in plain text on-chain.”
(Predictably, the Coindesk report cites a number of such dismissive comments about this report itself .)
One of the obvious attacks is vote buying. This is particularly easy if the voters are weakly authenticated as in many blockchain polls. The speed and flexibility of blockchains also means that vote buying (perhaps in the form of splitting the payout from the result) are easy to do, and potentially hard to document.
“Vote buying marketplaces can be run efficiently and effectively using the same powerful tool for administering elections: smart contracts.”
It is also interesting to see that trusted hardware is an excellent tool for manipulating blockchain voting. This is ironic, but actually makes sense. The purpose of trusted hardware is to constrain and coerce the user to use only certain software and certain behaviors. A system that say, enforces digital rights, can also enforce an illicit vote buying scheme. The trusted hardware makes it easier to collude.
The paper describes the design of “hidden” DAOs which autonomously suborn voters, collecting and paying for votes. This a “dark” DAO, in that the participants and operations can be hidden from everyone. Thus, these attacks both manipulate the election and serve to deligitimize the process, due to the influence of unknown and undetectable attackers.
The paper discusses a fascinating attack, using blockchains to attack voting, including the consensus process itself (mining), in other blockchains. This basically amounts to bigger fish-eating littler ones. It’s actually a pretty important point:
“in a world with only one smart contract system, Ethereum, internal incentives may lead to stable equilibria. With two players, and the underdog incentivized to launch a bribery attack to destroy their competitors, such equilibria can be disrupted, changed, and destroyed.”
In general, the researchres find that blockchain voting degenerates to plutocracy—one dollar one vote. Specifically, “all on-chain voting schemes where users can generate their own keys outside of a trusted environment inherently degrade to plutocracy”. This is scarcely surprising, since the creators and implementers of blockchains generally subscribe to this aspect of “libertarian” politics, and thus do not see any problem with excluding practically all of the world from decision making, nor with letting founders, scammers, and criminals have vast voting power.
The paper summarizes the core findings in six points:
- Permissionless e-voting *requires* trusted hardware.
- The space of voting and coordination mechanisms is massive and extremely poorly understood.
- The same class of vote buying attacks works for any identity system.
- On-chain voting fundamentally degrades to plutocracy.
- Hard fork-based governance provides users the only exit from such plutocracy.
- Multiple blockchains interacting can break the incentive compatibility of all chains.
And, as noted, they call attention to the important question of the (real) world of multiple blockchains.
“A critical and surprisingly underexplored open area of research is modelling the macroeconomics of competition between blockchains, gaining insight into how exactly such internal equilibria can fail.”
I’ll point out that at the very foundation, voting requires trust: trust in the process and trust in the results. Conventional voting systems expend great efforts authenticating voters, assuring fair access to the process (e.g., setting questions), and validating the results. Proper voting authorities work hard to create trust in the process. Critically, voting authorities take responsibility for the process. Responsibility is really important for creating a trusted system, don’t you think?
Blockchains are “trustless”, which means that they not only don’t help with the central problem of voting, but are actually the wrong technology. To hold trustworthy votes with blockchain, the process will generally replicate many features of non-blockchain systems (authentication of voters, certification of results), but the blockchain isn’t useful for these processes. And, by the way, the trust in the whole system depends on the whole, end-to-end, process, of which blockchain is a tiny part.
These problems matter quite a bit because the governance of these blockchains is based on these forms of voting. As we have seen, Nakamotoan consensus doesn’t necessarily work very well when big money is on the line. This paper suggests that these failures may be partly due to the flawed, non-democratic nature of blockchain voting. And the paper suggests that the very core consensus process is vulnerable to deliberate manipulation. Yoiks.
These problems also matter because many people look to blockchains as a mechanism for creating a fairer, more democratic economy and society (e.g., here, here, here, here, to mention only a few). Sometimes this sentiment is driven by a deep distrust of conventional authorities, often well earned. But even so, replacing a corrupt political process with a technical system that is susceptible to corrupt manipulation is not actually a solution.
A blockchain is a trustless system. Noone should trust trustless elections.
It’s just that simple.
- Philip Daian, Tyler Kell, Ian Miers, and Ari Juels, On-Chain Vote Buying and the Rise of Dark DAOs, in Hacking Distributed Blog. 2018. http://hackingdistributed.com/2018/07/02/on-chain-vote-buying/
- Rachel Rose O’Leary (2018) The ‘Dark DAO’ Threat: Vote Vulnerability Could Undermine Crypto Elections. Coindesk, http://hackingdistributed.com/2018/07/02/on-chain-vote-buying/