*removed externally hosted image*

Using blockchain for voting could be risky, as the technology could introduce “new vulnerabilities” to elections, according to a new Government Accountability Office report.

While some organizations have argued that blockchain-based systems would make elections more secure and easier to audit, “there might be added points of attack that could compromise elections,” the report said.

“We talked to a number of experts who all indicated that they did not believe blockchain was the magic bullet answer for making voting systems more secure,” Karen Howard, the GAO’s director of Science, Technology Assessment and Analytics, told Protocol.

The GAO report, titled “Blockchain: Emerging Technology Offers Benefits for Some Applications but Faces Challenges,” examined the potential of the technology, including in the public sector. Overall, the report “found that blockchain is useful for some applications but limited or even problematic for others.”

“For example, because of its tamper resistance, it may be useful for applications involving many participants who do not necessarily trust each other,” the report said. “But it may be overly complex for a few trusted users, where traditional spreadsheets and databases may be more helpful.”

One area where blockchain shows some promise is in supply chain management, Howard said.

“The federal government is a major purchaser and supply chain tracking is a major function,” she said. The GAO found that blockchain technology could potentially be used “to replace or make more efficient” certain processes such as supply chain tracking and recording contracts, Howard said.


I disagree with this tiny little article, of course. But, I wanted to play devil's advocate for a moment on this idea.


Top Teddit comment by /u/denverpilot:

"Summary of article:

Tracking things with a cryptographically solid chain of custody might be hard… because… hand wave… we like spreadsheets better and our admin level people are dumb.

And we’ll distract and talk about supply chains instead because… that sounds more interesting… even though we were tasked with looking at voting.

I don’t think the bureaucrat understood the assignment."

    • AGTMADCAT@infosec.pub
      ·
      1 year ago

      How do you figure? If the ledger isn't readable then it wouldn't be auditable, and if it's readable then you can sell votes.

      Honestly I'm not even sure what problem a blockchain would be solving here, what's the design goal?

      • cyph3rPunk@infosec.pub
        hexagon
        ·
        edit-2
        1 year ago

        You bring up some valid points about readability and auditability, and I can see where the confusion might come from. Let's break it down a bit.

        1. Readability vs. Auditability: With homomorphic encryption, you can perform calculations on encrypted data without needing to decrypt it first. So, yes, the data can be audited without being fully readable. Think of it like checking a locked treasure chest's contents without actually opening it!

        2. Selling Votes and Security Concerns: Zero-knowledge proofs are like saying, "I know the secret, but I won't tell you what it is." They allow the system to verify information without exposing the details. It's a cool concept that's been researched for decades, and it has applications in keeping things like medical records secure.

        3. Why Blockchain? Imagine a public ledger that no one person controls and can't be easily tampered with. That's what blockchain brings to the table. It creates a system where we can trust the process because the data is transparent and immutable.

        Here's a real-world example: ElectionGuard uses this technology to ensure that electronic records match physical ballots. They encrypt the records in a way that can be verified without exposing individual votes.

        If you're interested in diving deeper, check out these resources:

        what’s the design goal?

        To create the capabilities for a direct democracy that is far more secure and auditable than the current system.

        I hope this helps make things clearer! Feel free to hit me back with any more questions. It's a complex subject, but it's super interesting once you start to get the hang of it.

        Best, cy

        Reworded by AI, acting as my anger translator at your "how do you figure?":

        • coffeeClean@infosec.pub
          ·
          1 year ago

          A paper on Secure E-voting Using Homomorphic Technology.

          I just have to say that must be the shittiest font I’ve ever seen used for academic research. I might still read it since it’s only a few pages!