The inspiration for EthVote is rooted in the essence of blockchain technology, which aims to provide a transparent and secure way to store and transact with data online. Our team members come from Italy and Brazil, and have witnessed how corruption can impact the political system. Hence, we decided to use DLT, integrating blockchain to an election platform to allow for:
- A simpler voting process, possibly encouraging people to vote;
- Transparency in the vote counting and validation process;
- Faster vote computation;
- Secure voting;
What it does
EthVote allows the government of a country to run a transparent, secure and simplified election. For this first implementation, we focused on a Nigerian presidential election.
Problems we intend to solve
- Limitations of the current voter ID and bank accredited biometry systems
- Limit voter fraud
- Prevent tampering with results
- Increasing transparency of the election process
- Speeding up the vote-counting process
- Allowing voters abroad to vote
- Allowing for live monitoring of results and election stats
However, a solution for the challenges above would need to fulfil the following three conditions:
- INEC (Independent National Electoral Commission) must maintain regulatory power and oversight over the process
- Voters must be able to vote anonymously, despite using a transparent network
- The mechanism cannot allow for a voter to vote twice
Initialising INEC will initialise (publish) the contract, becoming an address defined as "inec". This address has the power to:
- Start the election;
- Add regulators;
- Register voters;
- Register candidates;
- End the election;
Regulators have almost the same powers as the "inec" address, except they cannot start or end the election, or register candidates. These regulators are, for example, municipality and local governments, which will be taking care of voter registration in their communities.
Only the "inec" address is able to register a candidate for the election. Candidates will have an assigned number and political party that are visible to all.
A voter will personally go to a licensed regulator location to register. The agent will verify their Identification and use their name and ID to initiate the registration process. The name and ID will be hashed on the client-side, using SHA-256, and the voter will then choose an Ethereum address, which will be hashed together with the previous hash, to create a voter "log-in".
Hash 1 = H(name + ID) Hash 2 = H(Hash 1 + Selected address)
*H = SHA-256 hashing algorithm
The user will use their name and ID to log-in from the designated address. This verification will be done by the smart contract, as opposed to the client. They will then input a PIN code which will be hashed, added to the previous hashes, and hashed again. This unique hash will define in the smart contract the voting rights for one user. With this, the voter will then be able to use any Ethereum address to vote in an anonymous manner.
Hash 3 = H(n) Hash 4 = H(Hash 2 + Hash 3) *n = PIN number
After the "inec" address calls a function to start the election, time will start counting down towards its end. Voters will not be able to register during this period and voting will be opened to the public. Each voter can only vote once, for one candidate only.
The "inec" address can end the election after the stipulated time has passed. At this point, a loop will check through the total votes of each candidate, and declare a winner.
-Anyone can easily verify the status of the election at no cost. Functions of the type 'view' are implemented to allow for an easy checking of the total vote count and the votes each candidate has received. -The 'vote' function will always return the message "Your vote has been counted. Thank you for voting", and the client will alert that message, even when the vote has not actually been counted. This is a mechanism to prevent people from forcing others to vote for a certain candidate, so that voters under those circumstances can intentionally misspell their name, ID, PIN or address and the vote will not be counted, but for the person forcing them to vote, it will show as if it did.
How we built it
The back-end of the application was built using Solidity, and it consists of a smart contract, published on Ethereum's Ropsten network, where the information is published.
The front-end was built using HTML5, CSS3 and jQuery.
The integration between the smart contract and the front-end was done using the web3js library.
We suggest using the MetaMask extension to interact with the dApp.
Challenges we ran into
How can we use distributed ledger technology while maintaining real-life governance aspects?
While DLT initiatives are coming up with solutions that do not need the input of governments or other regulators, country-wide elections still need to maintain some sort of authority protocol, such that the election process can be properly monitored and executed.
To do this, we created a hierarchy system, through which the government can assign trusted parties to take part in the registration process of candidates and voters, while maintaining some form of control over the running of the election, although unable to tamper with the results.
This way, citizens benefit from the simplicity of the new platform, while being able to verify that the voting process is being executed as it should, due to the transparency of the Ethereum network. However, the government still retains the necessary power.
How can we provide transparency and security in the voting process while preserving voter privacy?
The simplest possible implementation of an election smart contract would involve allowing one vote per address. However, the problem with that implementation is that people could simply use other addresses and vote more than once.
The problem then becomes: how do we link an address to an actual person? Well, the answer to this question requires a centralising agent, a regulator, who will physically verify the identity of the person, and assign them one vote on the smart contract. This implementation solves the double-vote issue, but not the privacy issue. If the assigned agent is the one who inputs the data and assigns the vote, he/she could:
a) Steal the vote, depending on how the contract implements the vote assignment b) See the vote, which breaches personal privacy
Hence, we created an implementation which combines off-chain and in-chain hashing, together with a two-step voter registration process, which ultimately allows a voter to vote from any address of their choice, given that they can provide all the necessary information used in the registration process.
This way, we can guarantee that no voter votes twice, while allowing a voter to be sure that his vote is anonymous.
Accomplishments that we're proud of
- Using blockchain technology
- Creating a PoC for anonymous smart contract voting
- Creating a functional MVP in under 12 hours
- Solving the privacy concerns while maintaining transparency on the smart contract
What we learned
- How to combine diverse sets of skills to develop an impactful solution
- How blockchain technology can be harnessed to solve real-world problems
- Improved our understanding of how the Ethereum blockchain works, especially in terms of privacy
- How to direct efforts to create a functional application, rather than focus on details (MVP-building skills)
- Improved coding efficiency
In addition, our Solidity developer learned more about web development and website hosting, while our front-end developer became more familiar with Solidity, web3js and Ethereum.
What's next for EthVote - Blockchain Voting Platform
- Fallback mechanism for ties within the contract
- Fallback mechanism for lost pins within the contract
- Optimising gas usage
- Safety mechanism for vote-forcing
- Smoother UI/UX
Challenges to be addressed
- Minimising the costs of interaction with the blockchain (Possible solutions: Wait for Ethereum development updates, use another blockchain)
- Minimising the friction and learning curve for voters (Possible solution: INEC-licensed app)
- How to incentivise INEC to substitute the recently-implemented voter ID system for a blockchain-based one (Possible solution: Analysis of costs showing resource-saving from the use of blockchain, Step-by-step implementation process with a long-term vision)
We intend to continue developing the platform further, hoping that the concepts described here can be utilised in an actual real-life application.