Q&A with FollowMyVote

1. Q: In addition to the blockchain, is there a central database where the votes are stored (that would serve as an additional safeguard/place to doublecheck)?
2.  
3. The short answer: Yes
4.  
5. The long answer:
6. In practice, a blockchain database is replicated across hundreds or thousands of central databases, each of which stores a cryptographically tamper-evident audit trail alongside the current state of the database. Anyone can set up a central database which joins the network and stores a copy of the blockchain, which contributes to the network security by storing yet another redundant record of history. The audit trail cannot be tampered with once created because it requires blockchain consensus to create. The current state can be tampered with, but tampering is easily detectable and repairable by validating the audit trail. In practice, there's little incentive to tamper with the current state because it's infeasible to tamper with all copies of the current state simultaneously, and the tampering will quickly be detected and removed anyways.
7.  
8. Q: Since the blockchain expects a unit of work to be time-consuming and the work done has to be performed by client computers, does this mean it is a must to have as many client computers running the software throughout the e-voting period as possible?
9.  
10. The short answer: Not with our system
11.  
12. The long answer:
13. Many blockchains, including Bitcoin, use a mechanism called Proof of Work to secure the blockchain. In short, it requires work (which in turn requires computing resources) to create the blockchain, and to tamper with the chain would require redoing all of the work since the point of tampering faster than the network as a whole is doing new work. As you have observed, this means that new blockchains which use Proof of Work may be susceptible to attack because the network has not grown to the point that new work is being done rapidly. For this reason, among others, Follow My Vote is launching their platform on BitShares first, which is a blockchain using a form of Proof of Stake rather than Proof of Work. BitShares develops blockchain consensus around reputational, trusted nodes rather than anonymous workers. These nodes are held accountable for the changes they approve and can be replaced as necessary. This eliminates the risk that a malicious anonymous worker could sabotage the network by centralizing consensus. It also means that we can create dedicated blockchains for certain elections, tuned for customer needs, rather than requiring customers to utilize a high-participation blockchain like Bitcoin.
14.  
15. Q: Would a low-participation give enough nodes on the network to protect against sybil attacks?
16.  
17. The short answer: Yes
18.  
19. The long answer:
20. As described in the previous question, Follow My Vote prefers blockchains with reputational consensus, which eliminates the potential for a sybil attack on block production and network consensus. Moreover, our voter registration protocol establishes a certified but anonymous voting account, required for votes to be counted, thus it is infeasible to sybil attack the votes (ballot stuffing) as well.
21.  
22. Q: The blind signature approach is better than the double-envelope approach because it doesn't require procedural security when splitting the votes and counting them. But does it allow revoting on paper after you have voted online? Our premise is that people should not be denied to override their online vote with a paper ballot.
23.  
24. The short answer: Yes, our protocol allows voters to rescind their online votes in favor of a paper ballot.
25.  
26. The long answer:
27. Voters who have completed our registration process have an anonymous voting account which casts votes on the blockchain. They can cast a special kind of "vote" which declares their online vote revoked in favor of an offline vote, at which point our voting application will provide them with a receipt. They must present this receipt at the central polling place. The worker at the polling place checks that the receipt is valid and marks the anonymous voting account as having received a paper ballot, to prevent the same voter from receiving multiple paper ballots at different times, and gives the voter their paper ballot.
28.  
29. Q: How does the system protect voters from coercers asking them "show me how you voted". If everyone can verify their vote in the blockchain after it's cast, a vote-buyer can go to them and require proof that they have voted the right way. Is there a mechanism to check that your vote is stored as intended, but which does not reveal the vote itself?
30.  
31. The short answer: Our software will not give voters a way to prove to someone else how they voted.
32.  
33. The long answer:
34. The voting application will verify the votes were recorded and counted correctly, and show this to the voter. It will not give the voter any way of generating proof of how they voted, however. The voter could take a screenshot of the app, but this is trivial to fake. The voter could provide the coercer with their public key (which they use to check their own vote) but they could just as easily provide the coercer with any other voter's public key, so again, this is trivial to fake. It is possible that the coercer could force the voter to vote in front of them, but then the voter could (if the election allows this) later publish a replacement vote which changes the coerced vote when it is safe to do so, or simply revoke their online vote altogether and vote on paper at a central polling location.
35.  
36.  
37. Q: are _all_ parts open source? Somewhere I noticed "all relevant parts", so just doublechecking :-)
38.  
39. All of the one-person-one-vote system which would be used for political elections will be open source. The section of the website you're citing is referring to other use cases we'll be targeting which will be more of a social media experience. For example, the code that determines what polls to show to what users may be closed source.
40.  
41.  
42. Q: what is the procedure to join as a trusted node? Can NGO's, for example, or even individuals supply these nodes, after some formal procedure?
43.  
44. This depends on individual client needs. Some clients may prefer to use an existing blockchain and network, in which case that blockchain has defined the rules for trust beforehand. Other clients may prefer to use a new blockchain and network so that they can define their own rules and procedures for becoming a trusted node, or simply enumerate the trusted nodes.
45.  
46.  
47. Q: have there been scientific papers that assess your system, or it's too early for that?
48.  
49. It's too early for that right now, but we will have plans to undergo a formal security review when the system is more complete.
50.  
51. Q: are there options for coercion-detection, e.g. a 'panic pin', where a coerced voter can secretly indicate to the election authorities that he is being coerced while at the same time not getting the vote recorded?
52.  
53. Since our protocol allows voters to replace an old vote, if a voter is coerced to cast a vote he doesn't wish to keep, he can simply replace it later on, until the end of the election. The voter also has the option to revoke his online vote and vote offline at the central polling place. These options should be more powerful than a panic pin, since they allow voters to not only avoid casting an undesired vote, but also to vote as they originally intended.
54.  
55. Q: is the blockchain public at any time, or it can be kept private until the end of the election day?
56.  
57. All of our designs to date have the blockchain as a public record. The security model becomes much weaker if the blockchain is kept private, as most of the advantages of decentralization are lost at that point. Censorship resistance becomes much more difficult, rewriting blockchain history begins to look like a viable attack, voter confidence in the system is weakened, etc. We will offer consulting services for setting up such an election, but we will not formally approve of the security of an election which uses a private blockchain.
58.  
59.  
60. Q: what is the mechanism for election committee members to confirm the start of the "counting" process, e.g. with qualified digital signatures?
61.  
62. I'm not certain I understand this question. The counting process can be undertaken by anyone, which is critical if the system is to be transparent and end-to-end verifiable. The time of the final count will be defined beforehand, so that everyone knows exactly which votes should be counted.
63.  
64. Q: are there virtual ballot boxes per voting station where votes go, i.e. can the anonymous token be bound to a particular voting station? (e.g. for local elections it's important to know in which section should the vote be counted. Or if not section, then region at least)
65.  
66. Yes. I think you're referring to the fact that any given voter is only authorized to vote on a certain subset of the contests, and their anonymous vote must still be tied to that set of contests. Our protocol takes this into account, and the registrar server preserves this information by signing the blinded token with a key publicly associated with the particular subset of contests the voter may vote on.