The tradeoff between security and participation on Electeez, the Tezos-based voting solution
At Electis, we are building Electeez, the voting solution powered by Tezos that works for everyone and for all possible election scenarios, whether they be quadratic voting, fluid voting, simple majority voting, and more. Using Electeez, anyone setting up an election (the election authority) is able to pick the best format for their vote. But Electeez goes one step further, giving the election authority, and even the voter, the chance to choose between different levels of security.
While some users may be tempted to always choose the most secure option, there is usually a tradeoff between security and user-friendliness when it comes to voting solutions. For example, elections are held in a context where there is more or less trust between the election authority and the voters. If there is a high level of trust, why not go for a faster, more user-friendly way of voting? If there is less trust, an election authority could choose for a more secure way. This decision also depends on the stakes of an election. While a high-stakes sovereign election requires the highest level of security, a student association election may choose to incentivize user-friendliness and participation over security. In this article, we will explore some of the tradeoffs between security and participation we’ve considered in building Electeez.
How are the different ways of tallying more or less secure?
Depending on the answer to the trust-question, you might want to choose a more or less secure option of tallying.
There is a wide spectrum of e-voting solutions ranging from fully centralized to decentralized solutions. Centralized systems are typically vulnerable to so-called wholesale attacks. If the authority that holds all the voters’ information is hacked (or the authority itself is malevolent) the whole system is compromised. On the other side of the spectrum, we find the decentralized schemes. Distributed-ledger technology (Blockchain) can provide tamper resistance and transparency in voting and also decentralize the tallying in an e-voting scheme. This means that the voters themselves are the tallying authority, rather than a centralized authority.
This self-tallying ensures that there is no need for an authority that has to be trusted. But what makes self-tallying a very secure way of counting votes can also make the voter experience inconvenient, as it adds complications like having to stay online while tallying. Any user-facing complexity in a voting scheme, no matter how small, increases the likelihood that some voters will choose not to participate.
Lessons from the first trial of Electeez: the benefits of optionality in voting
The first small trial of Electeez took place on August 22nd with the student blockchain association of the École Polytechnique fédérale Lausanne (EPFL) in Switzerland. The results have been sobering. In the end, only 40% of all participants ended up having their votes count. Many votes were discounted because Electeez is based on a self-tallying protocol, meaning it requires the voters to identificate and vote in a specific time-frame. Afterwards, voters need to stay online until the votes are tallied in a decentralized way on the Tezos blockchain. Given that voters couldn’t just log-in and send in their votes beforehand, many failed to stay online for the specific time-frame and thus had their votes discounted.
Fortunately, the students of the EPFL kindly offered to use their election for the purpose of testing Electeez and the vote was specifically organised for this purpose. If this had not been a test vote, the EPFL student blockchain association likely would have picked a less secure but more convenient voting solution.
For the EPFL student blockchain association, the election authority has the trust of voters and the stakes of the election are not very high. In this case, if the association had opted for a more user-friendly but less secure voting method, it likely would have improved the participation rate, leading to more accurate election results.
Electeez: high security in a low-trust environment
There are different reasons to choose different kinds of voting solutions. And before choosing a voting solution for an election such as a student election, shareholder vote, local government election etc. the question about trust needs to be answered. Who is the voting authority and how much trust exists between them and the voter? This can help an election authority decide whether to use a solution that provides the voters with a certain amount of security and, on the other hand, a better or worse voter experience.
One innovative solution to this dilemma that Electeez is implementing is a voting protocol, E-cclesia, developed by researchers of the University of Edinburgh, that uses blockchain technology to tally the votes in a decentralized way. As the voters all tally their votes themself and put the information on the blockchain, the difficulty in the self-tallying scheme is to ensure fairness. If fairness is defined in the sense that every voter has access to the same information, it is crucial to not release any intermediate results so as not to provide upcoming voters with an advantage over those who have already voted.
This problem is solved by adding time-lock encryption to the e-voting protocol — voters can only see the votes after every single vote is tallied. These two properties — self-tallying and time-lock encryption — make the tallying process of Electeez very secure and suitable for higher stake election or elections with a low-trust environment.
While Electeez is still a work in progress, we are excited to implement this new solution to ensure secure tallying. As we move forward we want to further develop the technology so that users can opt-in or opt-out of these security features. The vision is to create a voting solution where the voters can adapt the technology to their needs — a true custom-tailored way to support grassroots democracy and ensure election integrity.