Zero-Knowledge Proofs in Blockchain Voting

In today's world, technology has made our lives easier, faster, and better. In a modern democracy, people naturally want the freedom to vote for their chosen candidates. They expect a voting system that is transparent, fast, and secure. Traditional paper-based voting systems have some problems, like being time-consuming, raising trust issues, requiring a lot of people, needing physical access to voting centers, and concerns about the security of ballot boxes.

To make voting easier, online e-voting was introduced. However, these systems had issues like relying on centralized servers that could lead to problems such as server malfunctions and virus attacks that could change election results.

Now, there's a new technology called Blockchain-enabled e-voting (BEV). Many elections have successfully used this technology. BEV has features that can reduce voter fraud. Since blockchain is a distributed ledger, BEV allows users to vote anonymously using a smartphone or PC. This article aims to explain the important features, mechanisms, potential benefits, and challenges of BEV. While there are constructive criticisms, especially from researchers at MIT( They published a paper "[1]Going from Bad to Worse: From Internet Voting to Blockchain Voting" ), this article will address those criticisms and propose solutions, particularly using Zero Knowledge Proof (ZKP).

Working Mechanism of Blockchain-Based Voting System

Blockchain technology, characterized by its secure and distributed ledger, acts as the backbone of BEV.

Each vote is contained in a block that includes essential information such as the voter's ID, vote, signature, timestamp, and the hash of the previous block.

Through the best encryption and hashing functions, the immutability of the distributed database is ensured. This transparency makes it challenging for malicious attackers/actors to manipulate or tamper with individual votes.

Understand Zero-Knowledge Proof (ZKP)

Zero-knowledge proof (ZKP) is a cryptographic concept that allows one party (the prover) to prove to another party (the verifier) that they know a specific piece of information without revealing the information itself. The key idea is to convince the verifier of the truth of a statement without disclosing any unnecessary details.

For example: In the Secret Coffee Shop Club, a friend proves their membership by performing a hidden secret handshake by demonstrating knowledge without revealing the precise movements — serves as a playful analogy to a zero-knowledge proof in cryptography.

The Zero Trust model mandates strict identity verification for both devices and users before accessing sensitive information and applications. Conversely, the Zero-Knowledge model utilizes data encryption techniques that limit access solely to authorized parties. First described in a 1985 MIT paper “[2]The Knowledge Complexity of Interactive Proof-Systems”, zero-knowledge proofs have three defining characteristics: completeness, soundness, and zero-knowledge. It ensures truthful statements without revealing additional information.

Here, as shown in the above flowchart, different types of ZKPs can be observed. Interactive ZK-proofs need ongoing communication between the prover and verifier to ensure an effective interaction. On the flip side, non-interactive ZK-proofs simplify the procedure to enable verification to occur in just a single step. For enhanced security with minimal error, statistical ZK-proofs offer computational soundness. Proof-of-Knowledge (PoK) denotes a subset indicating the prover's possession of specific information. Protocols like sigma protocols involve commitment, challenge, and response steps. Specifically designed for decentralized voting and privacy-preserving transactions are proofs of shuffle and range. For efficiency in handling extensive value sets, Bulletproofs stand out. When considering decentralized voting, proofs of shuffle and range are particularly relevant due to their privacy and integrity in electronic voting systems.

The Mandatory Components to Exercise a Secure Blockchain-Based Voting

To establish a secure blockchain-based voting system, several mandatory components need to be in place. These components contribute to the integrity, transparency, and privacy of the voting process. So, the entire voting system could be secure and trustworthy.

Here are the key components:

Essential components for a secure blockchain-based voting system are; voter privacy to protect identities, end-to-end verifiability to ensure vote accuracy, user-friendly accessibility, strong security measures against manipulation, scalable systems to handle increasing voter numbers, transparent operations for traceability, decentralized governance for distributed control, a hybrid consensus mechanism for improved efficiency and security, optimized scheduler generation for efficient planning, and customizable constraint registration to offer flexibility in configuring the blockchain to meet specific requirements.

Why Blockchain Voting?

Zero-knowledge proof (ZKP) enabled blockchain voting stands out as a superior choice for various reasons. Particularly during a pandemic like COVID-19, ZKP ensures secure and private voting. So, it can address health concerns by allowing voters to participate remotely. The combination of ZKP enhances security by enabling voters to prove the validity of their votes without revealing sensitive information. This privacy feature is crucial for maintaining the integrity of the electoral process. Moreover, ZKP reduces the risk of fraud and manipulation to result in a more trustworthy and resilient voting system. The efficiency of blockchain technology ( coupled with the privacy features of ZKP),  results in an effective, secure, and cost-effective solution for modernizing the electoral process.

Critical Questions Asked by Researchers in the First MIT Paper[1]

Researchers have asked genuine questions raising concerns about the security of BEV. The questions listed on the paper are systematically arranged to answer them one by one. Here we go.

1. Stakeholders and Adversaries:

• 📥MIT Paper: What guarantees does the system provide if any of these actors are malicious?

  
  

• ✅Response: In a ZKP-based Blockchain-Enabled Voting (BEV) system, the assurance against malicious actors is rooted in the cryptographic principles of ZKP. ZKP ensures that each actor (public candidates, voters, election officials, or system designers), can participate without revealing sensitive information. The system provides a guarantee that even if an actor is malicious, they cannot compromise the integrity of the election or discern the identity of voters. ZKP allows for the verification of the authenticity of a vote without disclosing the voter's identity. So, it offers a strong defence against fraudulent activities and reinforces the security and privacy aspects of the BEV system. In addition, there is work that has explored the practical approach to developing a biometric identification scheme based on ZKPs.

  
  

This sort of system in BEV can assist in genuinely identifying genuine users in real-time.

• 📥MIT Paper: Can any one of these entities or any combination unduly control the outcome of the election?

  
  

• ✅Response: No, the design is structured to prevent any single entity or a combination of entities from unduly controlling the outcome of the election. The foundations of ZKP ensure that each actor operates within a framework that upholds the principles of transparency, security, and integrity. ZKP enables verifiable yet anonymous voting that can minimize the risk of collusion or undue influence on the election results. The decentralized nature of blockchain technology with ZKP acts as a strong resistance against concentrated control to generate a fair and trustworthy electoral process.

2. Security Objectives and Threat Model:

• 📥MIT Paper: What security properties is the system intended to have?

  
  

• ✅Response: Firstly, it aims to ensure the integrity of the election process by preventing unauthorized access, tampering, or manipulation of votes. The system also prioritizes confidentiality through the use of ZKP which assists in safeguarding the anonymity of voters while allowing them to verify their vote's inclusion and accuracy. Additionally, the BEV system seeks to achieve coercion resistance and receipt-freeness so that voters are protected against external pressure or coercion, and they cannot prove how they voted and ultimately preserve the secrecy of their choices.

• 📥MIT Paper: What is the threat model, considering compromises, recording failures, tabulation errors, etc.?

  
  

• ✅Response: The threat model for the system takes into account several potential vulnerabilities and risks (including the compromise of a device's hardware and software), that could occur through supply-chain attacks by exposing a threat to the system's overall security. Furthermore, the model considers the possibility of failures in properly recording a voter's choices, tabulation errors, selling of votes, corruption of the evidence trail, and tactics like ballot "stuffing" or destruction. By addressing these threats, the BEV system aims to ensure the integrity of the voting process, maintain accurate tabulation, and prevent any malicious activities that could compromise the outcome of the election. The threat model thus provides a comprehensive framework for understanding and mitigating potential risks in the electoral system.

3. Security Mechanism Design:

• 📥MIT Paper: What security mechanisms are proposed in the system design? Do the mechanisms provide coercion resistance, receipt freeness, and a secret ballot? How does the system handle disputes and security violations?

  
  

• ✅Response: It depends on the nature of the election. Generally, the system consists of several security mechanisms in its design. These mechanisms are intended to provide coercion resistance, receipt freeness, and ensure the secrecy of the ballot. Coercion resistance is maintained by the cryptographic nature of ZKPs, which allows voters to prove the validity of their vote without revealing the actual vote to potential coercion. Receipt freeness ensures that voters cannot prove how they voted so it protects the integrity of the secret ballot. In case of disputes or security violations, the system is designed to detect and address such issues promptly. In addition, activity and transactions could be traced and tracked. The mechanisms are structured not only to prevent security violations but also to detect them, and in the event of a dispute, the system could go through a dispute resolution process. This is an excellent and democratic approach that aims to uphold the security and integrity of the BEV system throughout the voting process.

These are the major questions listed in the first MIT paper mentioned in this article but there are so many other questions too. The following texts attempt to answer the rest of the questions collectively.

Latest Development on Building the Strong ZKP-based BEV

So many existing voting protocols have indeed failed to assure anonymity, legitimacy, and accurate vote counting. Furthermore, these systems often lack robustness, so they can't properly tally votes when a voter chooses to abstain. In response to these challenges, ongoing work is to offer a solution that introduces an innovative blockchain-based self-tallying voting protocol. This protocol integrates group signatures and ZKP so the voters can distribute electronic ballots anonymously and in a manner that prevents linking, thus it assures complete anonymity and legitimacy.

Another research proposes remedies for challenges like voter identification, accessibility, network scalability, and latency in the context of elections. This proposed blockchain-based voting system ensures a secure and transparent platform for casting and tallying votes. So, it can maintain the privacy, anonymity, and verifiability of election outcomes. By utilizing blockchain technology, this system addresses security and transparency issues that persist in traditional voting methods.

Image source: The Research Paper

It achieves strong integrity and traceability by integrating Digital Signatures, Homomorphic Encryption (HE), ZKPs, and the Byzantine Fault-Tolerant consensus method.

Another one is that the paper proposes EtherVote, a secure electronic voting system utilizing the Ethereum Blockchain network to enhance security, and privacy, and reduce costs. It concentrates on identifying eligible citizens and addresses key issues in electronic voting systems. Through the exclusive use of Blockchain without central servers — ensures transparency and reliability for national elections.

Regarding the latest real-world work, here are the most recent developments and they have seriously attempted to address the persisting concerns raised by the existing blockchain-based voting system.

ZKProof Standards: It is an industry-academic initiative, that aims to standardize ZKP cryptography through an inclusive and community-driven process. This initiative prioritizes interoperability and security by seeking to make ZKPs more accessible and widely adopted.

Mina Protocol: The Mina Protocol operates as a layer 1 protocol that revolutionizes blockchain infrastructure by utilizing ZKPs. This succinct blockchain maintains a constant size of approximately 22KB. Mina directly combines ZKPs into smart contracts and zkApps so it can offer an innovative approach to building BEV-based applications. For example: O(1) Labs have developed a Mina-based voting system with an architectural diagram as follows:

PipeZK: It is an innovative pipelined accelerator designed to enhance the practicality of ZKP in real-world applications like BEV. It comprises two subsystems capable of managing intensive computing tasks. Evaluated in 28nm, PipeZK demonstrates a substantial performance boost by achieving a 10x speedup on standard cryptographic benchmarks and 5x on the Zcash cryptocurrency application.

These are a few examples but Engineers and researchers are exploring advanced cryptographic techniques to further strengthen the privacy and integrity of voting processes. Efforts are being made to make ZKP implementations more efficient and practical for large-scale elections—progress is ongoing to develop systems that are resistant to various forms of attacks and provide transparent, reliable, and user-friendly experiences for voters.

Challenges: Using ZKPs in BEV systems has several challenges that need to be addressed for better outcomes, integrity, security, and usability of the electoral process. Here are a few points.

1. ZKPs involve complex cryptographic concepts that might be challenging for voters, election officials, and auditors to fully understand. Depending on the type of the blockchain network, reversing the work done by a blockchain is very difficult or requires a huge amount of computational resources so minor mistakes could also bring a serious alternation in the overall voting process.

   
   

2. ZKPs often require significant computational resources which could affect the scalability of a voting system especially when there are a large number of participants in an election. Ensuring that ZKPs can operate efficiently while accommodating a large number of transactions or votes is the most notable challenge.

   
   

3. ZKPs aim to keep voters anonymous. Yet, it's tough to hide votes and ensure their accuracy without revealing personal details. If ZKP implementation has flaws, voter privacy might be at risk.

   
   

4. ZKPs should allow for the verification of votes without revealing sensitive information about individual ballots. Creating a system that allows voters to confirm that their votes are correctly recorded and counted without revealing their votes publicly is another challenge.

   
   

5. The reliance on ZKPs requires a high level of trust in the foundational cryptographic principles and the system's implementation. Any vulnerabilities or loopholes in the ZKP protocols could lead to election manipulation or compromise the system's security.

   
   

6. Integrating ZKPs into existing voting systems or developing new systems requires careful planning, repeated testing, and secure implementation. Ensuring that the system is safe against potential attacks or vulnerabilities is critical but challenging.

What the Future Holds

To solve the above challenges, advanced blockchain networks with features like high scalability, energy efficiency, easy-to-use with strong security features, and low latency, are expected. The future of ZKP-based BEV systems holds promise in revolutionizing modern elections. Ongoing advancements aim to enhance the security, privacy, and usability of these systems.

With continued research, ZKP-based BEV platforms could gain wider acceptance among governments and voters alike. To make ZKP-based BEV systems more user-friendly and accessible, it needs to involve meeting different technical skill levels and diverse voter requirements. Creating specific rules and standards for these systems can help them smoothly become part of official voting procedures.

Joint research may assist in tackling security issues by ensuring trustworthiness in these systems. Also, smaller test runs could set the stage for these methods to be used more widely in bigger elections which could bring a new trend for the fair and democratic process worldwide. For reference, Estonia, known for its innovative e-governance solutions, has taken a pioneering step in digital governance, notably in their voting systems. By using ZKP in their BEV system, Estonian citizens can securely and anonymously cast their votes online. Their success stories or challenges could be noted to develop the best solutions for future voting in different nations.

Conclusion

This article attempted to respond to the famous criticisms; however, it acknowledges that no solution is flawless. It's the responsibility of the entire blockchain community to demonstrate that ZKP-based BEV can effectively address persisting issues with practical and viable solutions. There's a need to innovate and develop new technologies to overcome these challenges. So, the evolution of voting systems has led to the emergence of BEV (Backed by ZKPs), as a promising solution to modernize elections. BEV, combining blockchain's tamper-proof nature and ZKPs' encryption, ensures secure, transparent, and cost-effective voting processes. It tackles the challenges of traditional methods while preserving voter privacy, system integrity, and safety against adversarial actors. However, challenges like complexity, computational resources, and privacy concerns persist. Ongoing research aims to address these issues by enhancing scalability and accessibility for widespread acceptance. The collaborative approach and successes, as seen in pioneering nations like Estonia, signal a future of fair, secure, and democratic elections powered by ZKP-based BEV.