> Because there is no digital equivalent to the one-way hash of dropping a ballot into a ballot box.
This is equivalent to preventing double-spending in the blockchain analogy - a solved problem. There are already companies trying to exploit this to develop electronic-voting systems: https://followmyvote.com/.
I imagine it working like this:
1. Government announces an election. Registered voters are asked to submit the public addresses of their 'vote wallets'. The public addresses of the wallets are derived from the registered voter's public information (e.g. their name). This information need not be secret. The public blockchain would ensure that everyone who is registered received their votes to cast: the equivalent of receiving an empty ballot paper.
2. A Monero-like system (confession: I don't fully understand it yet) acting as a blackbox or Bitcoin-tumbler system then distributes empty-ballots from the public wallets into new private wallets that each registered-voter will have created in an anonymous fashion.
3. Registered voters then cast their votes by 'spending' their ballots (coins) by sending them to the public wallets of electoral candidates. These transactions may be cryptographically signed by a private key derived from the registered-voter's public wallet. This allows a voter to verify that their vote was correctly cast, without allowing others to see whom they actually voted for.
4. There is a problem in that the results of the election cannot be kept secret until the election is over, as the blockchain must be distributed publicly, so observers will see the votes going towards a particular candidate as-they-happen, which will necessarily change voters' votes in cases of tactical-voting; though possible solutions exist, such as having blockchain network nodes agree to only allow final vote transactions during a tiny time window of only a few seconds - or a Proof-of-Work system that will necessarily take more computation time to verify a vote was for a particular candidate the more in-advance of the polls-closing deadline the vote was made.
Because votes cannot be 'mined', and all originate from a single 'government wallet' it means that votes cannot be manufactured - as far as I can tell the only weakness is that false voter-registrations could exist and be used to cast votes, but then we have that situation with postal-voting now any way. If a tumbler approach is used to distribute ballots from public wallets to private wallets it's possible for participants to create more than one private wallet, and claim more ballots for themselves - but this can be detected by:
1. As part of step 1 above, voters create a private secret K.
2. Each voter then creates a hash of K, known as K'.
3. The blockchain would also contain a Bloom-filter, or equivalent implementation of a "Set contains a member" test that does not reveal the actual set contents. Then a strictly sequential process begins, where the Bloom-filter is publicly modified by each registered voter to add their own K' values - this necessarily means that the K' values of the first voters will be publicly known entirely, but as the table becomes more populated it will be impossible to fully know what the entire values of each K' value is. This can be mitigated by having the system create known 'sacrificial' / dummy voters to provide some initial protection for the first actual voters.
4. When the private wallets are created by each voter (in step 2 above) they must be tagged with the K values each voter created as Kp. A private wallet will only be able to participate in the ballot distribution process if the hash of its Kp value (Kp') appears in the Bloom filter populated in the previous step) - thus restricting each voter to only 1 private ballot wallet.
This has been solved, and it's really simple actually.
I wrote about it in another comment, but I'll quickly go over the technology here as well.
When a citizen votes, the vote is encrypted with the government public key. The vote is then put into a container and is signed with the citizens private key.
The vote gets sent to the voting-system servers and is then stored until counting day.
Once the voting period has ended the encrypted votes are pulled out of the signed containers and the signed containers themselves are destroyed, this anonymizes the votes. Only then are the encrypted votes decrypted with the government private key.
We keep the signed containers around the encrypted vote to make sure no-one can be forced to e-vote.
Every citizen can vote as many times as they want during the e-voting period and only the last vote counts.
So if someone is standing behind you and telling you to vote somehow, you can do as they say and just vote again afterwards.
As an extra backup, if you do cast your vote on paper as well, then the paper vote is counted and the e-vote is discarded.
The system has a prerequisite though, each citizen must have a private key. We do, as it's stored on our id-cards(equivalent to passports within the EU).
Procedures are in place to protect the Government private key during the voting period and just like with paper-voting observers are involved in every step of the process.
Their whole analysis is based on this claim: "claiming they could be able to breach the system, change votes and vote totals, and erase any evidence of their actions if they could install malware on the election servers."
That is true for all server based software.
Procedures have been set up to mitigate this risk. All software, servers and anything else running in the network is audited before, during and after the election. The whole process is public and anyone can become an observer, just like with paper ballots. There really are many eyeballs making sure the election servers are running the software they are supposed to.
AFAIK everything else they pointed out was purely procedural and the guidelines there have been updated. There really weren't any reproducible technical issues and some of the procedural ones are outright misrepresentations.
"""
Posted Wi-Fi credentials
— The official video
of the pre-election process reveals credentials for the election
officials’ Wi-Fi network, which are posted on the wall.
"""
The credentials were actually just for a separate public guest network, that has nothing to do with the "election officials network" or the network where the voting servers are.
or:
"""
Keystrokes reveal root passwords
— Videos
posted by officials during the election show operators typing,
inadvertently revealing root passwords for election servers.
"""
Although this was recognized as a possible attack vector and the procedures for filming have been updated, the "operator" typing a password was actually one of the observers typing a password in their own computer.
Obviously any hints to compromised processes are taken with 100% seriousness and if needed processes and guidelines are changed to protect the integrity of the system.
Any technical reports are also (publicly) analyzed and if an issue is indeed found, they're fixed. The thing is, "https://estoniaevoting.org" said everything is bad, and the system should not be used, but never published/provided any re-producible test-cases that could be verified.
OSCE has audited all of our elections, they've given some procedural pointers that have been implemented, but OSCE observers have not deemed our elections compromised.
We're having another parlamentary election in 2019 and again, the system will be improved for that(more verification methods are being implemented), but so far, all of our elections have been deemed acceptable and work is being done to keep the track record.
The Estonian method is too complex to be easily proved to be secure. You have to play a cat-and-mouse game ad infinitum to keep up its integrity. Simpler systems are less costly over the short and long term, and more secure by default.
This is equivalent to preventing double-spending in the blockchain analogy - a solved problem. There are already companies trying to exploit this to develop electronic-voting systems: https://followmyvote.com/.
I imagine it working like this:
1. Government announces an election. Registered voters are asked to submit the public addresses of their 'vote wallets'. The public addresses of the wallets are derived from the registered voter's public information (e.g. their name). This information need not be secret. The public blockchain would ensure that everyone who is registered received their votes to cast: the equivalent of receiving an empty ballot paper.
2. A Monero-like system (confession: I don't fully understand it yet) acting as a blackbox or Bitcoin-tumbler system then distributes empty-ballots from the public wallets into new private wallets that each registered-voter will have created in an anonymous fashion.
3. Registered voters then cast their votes by 'spending' their ballots (coins) by sending them to the public wallets of electoral candidates. These transactions may be cryptographically signed by a private key derived from the registered-voter's public wallet. This allows a voter to verify that their vote was correctly cast, without allowing others to see whom they actually voted for.
4. There is a problem in that the results of the election cannot be kept secret until the election is over, as the blockchain must be distributed publicly, so observers will see the votes going towards a particular candidate as-they-happen, which will necessarily change voters' votes in cases of tactical-voting; though possible solutions exist, such as having blockchain network nodes agree to only allow final vote transactions during a tiny time window of only a few seconds - or a Proof-of-Work system that will necessarily take more computation time to verify a vote was for a particular candidate the more in-advance of the polls-closing deadline the vote was made.
Because votes cannot be 'mined', and all originate from a single 'government wallet' it means that votes cannot be manufactured - as far as I can tell the only weakness is that false voter-registrations could exist and be used to cast votes, but then we have that situation with postal-voting now any way. If a tumbler approach is used to distribute ballots from public wallets to private wallets it's possible for participants to create more than one private wallet, and claim more ballots for themselves - but this can be detected by:
1. As part of step 1 above, voters create a private secret K.
2. Each voter then creates a hash of K, known as K'.
3. The blockchain would also contain a Bloom-filter, or equivalent implementation of a "Set contains a member" test that does not reveal the actual set contents. Then a strictly sequential process begins, where the Bloom-filter is publicly modified by each registered voter to add their own K' values - this necessarily means that the K' values of the first voters will be publicly known entirely, but as the table becomes more populated it will be impossible to fully know what the entire values of each K' value is. This can be mitigated by having the system create known 'sacrificial' / dummy voters to provide some initial protection for the first actual voters.
4. When the private wallets are created by each voter (in step 2 above) they must be tagged with the K values each voter created as Kp. A private wallet will only be able to participate in the ballot distribution process if the hash of its Kp value (Kp') appears in the Bloom filter populated in the previous step) - thus restricting each voter to only 1 private ballot wallet.