By studying the feasible implementation of the blockchain in online voting, the Scrypta development team has experienced how this technology could solve the fundamental problems related to privacy, transparency and security. The “Scrypta Polls System” arised from this study.
The Minimal Viable Product is functional and operational.
“We have created a dApp, based on blockchain technology, which could make the voting system safer and more transparent”.
How does it work
Thanks to the decentralized nature of the blockchain, the fairness of the vote can be verified by all the participants in the network. Voting data is not stored on servers but in blocks of information recorderd on all of the Scrypta network nodes computers. To pollute them, a hacker would need to penetrate all computers and gain access to individual nodes (data sets).
During the ongoing experimentation we tested this kind of pollution to show that it was possible to vote and track who voted, but it was not possible to connect individual votes to a specific voter. All this by exploiting a permissionless blockchain whose block explorer is visible and can be inspected by anyone who wants to.
The platform was implemented with a fundamental element: the dispatch of the “form” anonymously as well as the univocal registration of the users.
We proceeded as follows:
The promoter, which we will call “owner”, creates a new address for voting.
At this point it will be executed a transaction with the data to initialize the vote. Below is an example of the object that is stored:
pollData = {
name: ‘VOTE NAME’,
pubkey: ‘VOTE PUBKEY’,
privkey: ‘VOTE PRIVKEY’,
owner: ‘OWNER PUBLIC ADDRESS’,
start_date: ‘START DATE’,
start_time: ‘START TIME’,
end_date: ‘END DATE’,
end_time: ‘END TIME’,
question: ‘VOTE QUESTION’,
answers: ‘ANSWES ARRAY’
};
As you can see public data related to voting is required, including the private key of the same address. This for a purely demonstrative purpose and for the will to create a truly serverless system. Alternatively the private key would reside in the owner’s device.
As we will see later, although this private key is visible, the system is totally secure. You will see a sample transaction at this address: https://chainz.cryptoid.info/lyra/tx.dws?262865.htm.
This is the first of a series of transactions that refer to the same block 124565 https://chainz.cryptoid.info/lyra/block.dws?124565.htm.
Once the vote will be initialized and then waited for the network to process the data block (1 minute on average), our vote will be available on the platform. From this moment on, users can request authorization to participate in the vote.
So, let’s imagine an intermediate period between the creation of the “Poll” and the actual start of the vote in which all users will request to be accepted.
In this case, what happens in the background is the user sending a transaction to the voting address, using the poll: // AUTHREQUEST protocol
A transaction of this kind can be analyzed at this address: https://chainz.cryptoid.info/lyra/tx.dws?262891.htm.
Off-chain — the system also stores the user’s RSA public key (https://en.wikipedia.org/wiki/RSA_(cryptosystem)) which will be used when issuing the ballot paper.
At this point the voting owner will have the burden of authorizing or not authorizing the addresses of the applicants.
In the case of public voting, the owner will only issue an authorization if, for example, the identity of the applicant is physically demonstrated (perhaps through a KYC document or practice). Or it could be online, if the user will demontrate (off-chain) his identity, for example by sending an OTP to a certified mailbox. In other cases, common biometrics techniques could be implemented such as fingerprint scanning, etc …
When the voting owner authorizes a user to vote he will publicly send two different transactions: One to the polling address, using the poll: // AUTH protocol, so as to write publicly that the address has been authorized.
The second transaction is the result of following steps:
• Creation of a new address (public and private key pair)
• Address encryption using the user’s RSA public key
• Result registration by the voting address
• Sending the necessary funds to the voting transaction (0.002 LYRA in this case), which is carried out by the owner at the address of the ballot paper.
From this moment on, specific traces between the user and the voting form are lost. Below we refer to the example links that demonstrate the two operations:
• transaction for sending a voting form: https://chainz.cryptoid.info/lyra/tx.dws?262942.htm
• sending of funds by the owner to the voting form: https://chainz.cryptoid.info/lyra/tx.dws?262930.htm
As you can see, the poll: // VOTECARD protocol was used to identify the rating cards. There is effectively no link between the voter’s address and the address of his ballot paper, as different technologies are used which, although supported, cannot be linked in any way.
He will therefore be the only user to be able to verify his own “card” within the voting transactions. This system can:
• index users;
• authorize them on a single basis;
• entrust him with a unique and totally disconnected identity card (unlockable only by the user).
At this point the user will have to wait for his ballot paper to be issued and, as soon as it will be available, vote with it. If we go back to the same example transaction, we will see that it was used in this other operation: https://chainz.cryptoid.info/lyra/tx.dws?263000.htm.
Here it can be clearly seen that the protocol used is poll: // VOTE: 0 which clearly identifies the user’s choice. Going to retrace the input of this transaction, we will see that they refer to this address: “LctPjsVtdmoQXBonWPTJv6DfvjH2Vyvwzy” which is the voting owner, as can be clearly seen from the first transaction: https://chainz.cryptoid.info/lyra/tx .dws?262868.htm.
Now we don’t have any more doubt, this vote was certainly authorized by the owner, as it was the owner himself who generated this ballot.
The user is also entitled to verify that his vote has been counted correctly, retracing the same procedure in reverse:
• The address is scanned by the user.
• The user decrypts the ballot papers.
• As soon as the voting form is found, the incoming transaction is searched for with the poll: // VOTE protocol:
The user will finally have found and verified the correct acquisition of his vote.
Each user can also scan all incoming transactions and count the votes in real time, verifying the actual validity of the same.
“It seems we were able apply the expression ‘Don’t trust, verify’ to the thorny use case of the voting system. Clearly this is just an MVP that could not be used (at present) as a national and public voting system. We hope that our work will help those in government who are looking for solutions “.
The MVP source code is publicly available on Github at the following link:
https://github.com/scryptachain/scrypta-polls
We invite and allow blockchain enthusiasts, testers or e-voting supporters to verify and examine the technology behind our solution.
SCRYPTA - Archiving and VerificationWebsite: www.scryptachain.org
Block Explorer: https://chainz.cryptoid.info/lyra
Official Github: https://github.com/scryptachain
Twitter: https://twitter.com/scryptachain
Discord: https://discord.gg/mrVQvhB
Telegram: https://t.me/scryptachain_official
e-mail: info@scryptachain.org
