Russian elections were deemed a success, but this platform is targeted at corporate clients.
Waves Enterprise, the business-focused spin-off of the Waves project, announced on the public release of its blockchain voting system primarily aimed at corporations and board governance.
The Waves system uses blockchain at every step of the voting process, as votes are recorded and then counted with full cryptographic guarantees. Homomorphic encryption is used to accurately tally votes without having to reveal the identity of the person who cast each ballot.
While the system is primarily targeted for lower stakes environments such as corporate boards, the technology has recently been trialed in Russia during its local and parliamentary elections.
The team says that the experience showed the platform is ready for deployment, but the public product is somewhat different from the one used in Russia, chief product officer Artem Kalikhov told Cointelegraph:
“Those elections used a voting system developed in cooperation with Rostelekom […], which is based on a similar cryptographic protocol but has several important distinctions. For example, it uses Russian cryptography, it has different mechanisms for identification and anonymization, [and] the voting process is changed.”
Though Kalikhov said that authorities in Brazil are also exploring a potential implementation of blockchain voting, the current product is meant for corporate settings and board voting — a market estimated by Waves to be worth $100 million globally.
Having different target clients helped make the platform more accessible to the public. During the Russian elections, the platform was criticized by some for the inability for external parties to connect and verify the blockchain nodes. Kalikhov said that the commercial version runs on Waves Enterprise Mainnet, a permissioned but public blockchain.
The platform uses a variety of techniques to prevent fraud in the processes of voting and vote tallying. Kalikhov said that the use of blockchain and cryptographic signing of transactions ensures the vote will not be changed or deleted after being saved on the ledger. He continued to explain:
“The use of homomorphic encryption allows to automatically collect the results of the election without decrypting each individual ballot, guaranteeing the privacy of the vote. Using a distributed key generation protocol and several independent encryption servers excludes the possibility of a single actor with a ‘master key’ and guarantees that no one is able to decrypt the results or look into single ballots before the vote has ended.”
Overall, the combination of cryptographic techniques, blockchain and a system of checks and balances aims to minimize the possibility of fraud during the election process. Nonetheless, the use of blockchain does not exclude bugs or potential backdoors, as some other platforms showed.
Assuming that the election system is solid, the platform is still only as strong as the voter registration process. Election fraud often revolves around creating fake or manipulated ballots — for example by casting ballots in the name of dead people, felons, or otherwise ineligible voters; paying or harassing people to vote for a particular candidate; or leaving loopholes that allow for the same person to cast multiple votes.
Kalikhov said that voters are registered through a system of public and private keys. Smart contracts hold a registry of all valid voters through their public keys, while each private key remains on their personal devices. To defend against insincere voting, the system allows voters to change their preference at any point before the election is over.
But the system “cannot, of course, protect the users’ personal devices from hacks, loss or key transfers initiated by the user,” Kalikhov noted. While the voting software is built to ensure the safety of the private keys, users must still “follow the rules of cyber hygiene — using antivirus software and installing the latest operating system updates.”
In the future, the team is planning to implement technologies that could certify the identity of each user, Kalikhov added. Nonetheless, in corporate settings the current solution could be sufficient — fraud involving extra ballots is probably easier to notice in nongovernmental elections.