by David Jefferson, Verified Voting[1]
In the last couple of years several startup companies have begun to promote Internet voting systems, this time with a new twist – using a blockchain as the container for voted ballots transmitted from voters’ private devices. Blockchains are a relatively new system category somewhat akin to a distributed database. Proponents promote them as a revolutionary innovation providing strong security guarantees that can render online elections safe from cyberattack.
Unfortunately, such claims are false. Although the subject of considerable hype, blockchains do not offer any real security from cyberattacks. Like other online elections architectures, a blockchain election is vulnerable to a long list of threats that would leave it exposed to hacking and manipulation by anyone on the Internet, and the attack might never be detected or corrected.
In its recent report[2], “Securing the Vote – Protecting American Democracy” the National Academy of Sciences summarized its findings:
Conducting secure and credible Internet elections will require substantial scientific advances.
The use of blockchains in an election scenario would do little to address the major security requirements of voting, such as voter verifiability. The security contributions offered by blockchains are better obtained by other means. In the particular case of Internet voting, blockchain methods do not redress the security issues associated with Internet voting.
In this short paper we attempt to explain why blockchains cannot deliver the security guarantees required for safe online elections. But the summary is simple: Most of the serious vulnerabilities threaten the integrity and secrecy of voting before the ballots ever reach the blockchain.