Online voting security in the 21st Century

In the previous chapter (Elections via Blockchain, fact or fiction?) we discussed how the use of blockchain technology can certify the integrity of the ballot box, ensuring that all voter votes are present at the time of recount, and that they have not undergone any alterations. In this article, I will explain how to ensure voter privacy by using modern information encryption techniques. An exciting world.

I will start from the beginning. Information security, especially on the internet, is based on the encryption of information by using cryptographic algorithms since the 1980s. The most commonly used algorithms (like RSA or ElGamal) base their security on the complexity of solving certain mathematical functions for current computers.

And we lived happily. Encrypting a vote with one of these algorithms was considered safe until relatively recently. Deciphering a vote would cost a computer hundreds or thousands of years, until the possibility of building a quantum computer went from being an intergalactic film fiction to a reality. Big corporations like Google, IBM and Microsoft already have working prototypes. Prototypes that using the Shor algorithm can potentially break current cryptographic systems.

I am not going to go into details of what a quantum computer is, but we can be sure that since Schrodinger made his cat famous in 1935 great efforts have been made to master this specialty of particle physics to build, among other things, supercomputers capable of solving almost any problem extremely fast. Voters value their privacy very much, and so do electoral authorities. They do not want a vote cast in 2020 to be decrypted in a short time and their election choices to become public. We must ensure voter privacy.

The threat of quantum computing has driven great efforts to find new cryptographic algorithms that new computers are unable to solve. The new cryptography has several approaches, but the one that is having more adherents by the properties that we will explain below, is cryptography based on super singular elliptical curves. What a cool name! This type of cryptography is called homomorphic cryptography. The result of this new cryptography is so spectacular that you want to switch the name from cryptography to cryptomagic. This is post-quantum-era cryptography.

Let us see how this homomorphic cryptography differs from traditional RSA-based cryptography. In both cases, you want to protect information. To do this, cryptographic keys are generated:

• A public key that is given to each voter. It is used to encrypt their vote.
• A private key that serves to retrieve the encrypted information.

However, the difference between RSA and homomorphic cryptography is very significant when it retrieves the information:

• With RSA you have to decrypt each vote to see its contents and count the voted choices.
• Homomorphic cryptography does not decipher votes. They are added while encrypted, getting the result still encrypted and then deciphering only the result.

The difference is huge and the impact is huge as well:

• By not deciphering individual votes, you do not have to fear for voter privacy and do not rely on complex vote-mixing algorithms like those needed with RSA.
• Not having to decipher every vote, allows getting results very fast. Computers perform sums at high speed and they only need a complex cryptographic deciphering operation a single time at the end.

These are the advantages of the new homomorphic cryptography. Cryptomagic. But it also has drawbacks. Unfortunately, whenever there is an improvement in one aspect there is another one impacted.

In this case, it is transparency. How can we be sure that the sum of the result is correct if we have not decrypted each of the votes? Remember that the Blockchain guarantees the integrity of the ballot box, so it is not something that concerns us now. This question is very important and should be properly answered. There are several approaches:

• The most trivial. We can apply a mixing algorithm to the encrypted votes and decrypt them all during a subsequent audit (when time no longer presses) just as we did with RSA and check that the sum initially obtained was correct. It is simple, although it takes time and has the disadvantage of increasing the risk of voter privacy again.
• The cryptomagical approach. We can provide a zero knowledge proof of universal verification. Honestly, the terms that post-quantum cryptography uses are so beautiful that they are impressing just by hearing them. Yet, let us try to understand them, too.

A zero knowledge proof of universal verification is a cryptomagic. This is a method to verify that the ballot box votes are added correctly, without knowing the votes. Homomorphic cryptography algorithms allow performing this amazing property. The problem is that it is a very complex mathematical operation, out of the scope of this article and not possible for the vast majority of voters to perform. However, you could get a glimpse through videos like this one.

Thus, when implementing electronic voting systems that want to enjoy the advantages of homomorphic cryptography based on super singular elliptical curves, if you want to provide the guarantee of universal verification, you must count on the collaboration of independent auditors, usually mathematical experts from universities, who perform the tests and inform the rest of the voters about the outcome.

I hope this explanation is of interest. A good online voting system today must have integrity protection based on a Blockchain, as explained in the previous article, and a post-quantum cryptographic or criptomagic system that guarantees voters' privacy now and in the future. Nonetheless, privacy will depend on us keeping well-guarded the private key of the election... but that’s already the subject of another article!