I agree collusion is not a showstopper, because individual people very rarely bother to try anything dishonest, and even when they do it isn’t effective. Also political parties will simply disseminate recommended spending plans. To prevent this would require something like absolute power over all communication, wielded by an entity over which no political party has any influence.
The truly secret voting suggestion is possibly the most awful idea I have ever heard with respect to voting, because while individual voters rarely commit fraud or do anything else inappropriate with their votes a very common and highly successful method of cheating an election is for the people who tally the votes to simply declare victory for one candidate or the other. If we cannot prove who anyone actually voted for, we can’t prove who actually won at all.
If we cannot prove who anyone actually voted for, we can’t prove who actually won at all.
Using zero-knowledge proofs it is possible to prove that votes were counted correctly, without revealing who anyone voted for. See MACI [1], which additionally provides inability to prove your own vote to a third party.
From the MACI link, my objection is a generalized version of this:
Problems this does not solve
A key-selling attack where the recipient is inside trusted hardware or a trustworthy multisig
An attack where the original key is inside trusted hardware that prevents key changes except to keys known by an attacker
This is the level where trust is a problem in most real elections, not the voter level. I also note this detail:
It’s assumed that undefined is a smart contract that has some procedure for admitting keys into this registry, with the social norm that participants in the mechanism should only act to support admitting keys if they verify two things
Emphasis mine. In total this looks like it roughly says “Assuming we trust everyone involved, we can eliminate some of the incentive to breach that trust by eliminating certain information.”
That is a cool result on the technical merits, but doesn’t seem to advance the pragmatic goal of finding a better voting system.
Vitalik’s Optimism retro-funding post mentions a few instances where secret ballots are used today, and which could arguably be improved by these cryptographic primitives:
The Israeli Knesset uses secret votes to elect the president and a few other officials
The Italian parliament has used secret votes in a variety of contexts. In the 19th century, it was considered an important way to protect parliament votes from interference by a monarchy.
Discussions in US parliaments were less transparent before 1970, and some researchers argue that the switch to more transparency led to more corruption.
Voting in juries is often secret. Sometimes, even the identities of jurors are secret.
In general, the conclusion seems to be that secret votes in government bodies have complicated consequences; it’s not clear that they should be used everywhere, but it’s also not clear that transparency is an absolute good either.
I agree collusion is not a showstopper, because individual people very rarely bother to try anything dishonest, and even when they do it isn’t effective. Also political parties will simply disseminate recommended spending plans. To prevent this would require something like absolute power over all communication, wielded by an entity over which no political party has any influence.
The truly secret voting suggestion is possibly the most awful idea I have ever heard with respect to voting, because while individual voters rarely commit fraud or do anything else inappropriate with their votes a very common and highly successful method of cheating an election is for the people who tally the votes to simply declare victory for one candidate or the other. If we cannot prove who anyone actually voted for, we can’t prove who actually won at all.
Using zero-knowledge proofs it is possible to prove that votes were counted correctly, without revealing who anyone voted for. See MACI [1], which additionally provides inability to prove your own vote to a third party.
From the MACI link, my objection is a generalized version of this:
This is the level where trust is a problem in most real elections, not the voter level. I also note this detail:
Emphasis mine. In total this looks like it roughly says “Assuming we trust everyone involved, we can eliminate some of the incentive to breach that trust by eliminating certain information.”
That is a cool result on the technical merits, but doesn’t seem to advance the pragmatic goal of finding a better voting system.
Vitalik’s Optimism retro-funding post mentions a few instances where secret ballots are used today, and which could arguably be improved by these cryptographic primitives:
I have not read this one, thank you for the link!