“E-cclesia”: lessons learned from building an e-voting protocol from scratch on Tezos Electis Follow Mar 30 · 9 min read

An interview with Myrto Arapinis, PhD, University of Edinburgh, creator of E-cclesia and Ivaylo Genev, lead developer.

Electis is organising an electoral project in cooperation with a network of universities and the financial support of the Tezos Foundation. For this, Electis is developing a blockchain-based e-voting solution, which is open-source and will be implemented on the Tezos blockchain.

The scientific director of the project is Myrto Arapinis, reader in computer security at the School of Informatics at the University of Edinburgh (UoE). Myrto’s research is focusing on formal verification of cryptographic protocols, with a particular interest for privacy and electronic voting. She developed the E-cclesia protocol, which is being used in the “Cross-University Vote” project. In this Interview, Electis is picking her brain about the protocol and her take on decentralised voting.

Ivaylo Genev completed his integrated BA with honours and Masters with honours degrees at the University of Edinburgh with Myrto Arapinis as his supervisor. Ivaylo is the lead developer of the e-voting solution of the Cross-University Vote Project, and we are asking him about his work on the topic of e-voting and the challenges that he is facing implementing Myrto’s protocol on the Tezos blockchain.

This is an open-sourced project, you can join on Gitlab, or get in touch.

ELECTIS: Myrto, how long have you been researching on the topic of e-voting?

MYRTO: I think I first started looking at the electronic voting problem in 2010 or 2011. I was particularly interested in applying formal methods and developing tools for the analysis of electronic voting protocols. We were looking in particular at simplifying the verification problem of e-voting schemes through reduction results. More recently, I have been investigating the self-tallying paradigm, in light of the recent developments in distributed systems that we have been witnessing with the development of Blockchain technologies. And in collaboration with Nikolaos Lamprou, Thomas Zacharias, and Lenka Marekova from UoE we developed E-cclesia, a self-tallying voting scheme inspired by tools and techniques deployed for preserving privacy in Blockchain systems.

ELECTIS: Has your interest always been decentralized voting?

MYRTO: Decentralised voting became of interest to me only more recently. I came into the voting problem, looking at the literature, and most of the solutions were either centralised or trust was being distributed among a small set of authorities. E-cclesia takes a step further towards decentralisation by investigating the self-tallying paradigm. It is the development of Blockchain technologies for decentralised banking that rekindled the idea of decentralised voting. And at the same time Blockchain governance calls for decentralised voting.

ELECTIS: What is particularly interesting about e-voting, and what are the problems that blockchain can solve?

MYRTO: In our E-cclesia scheme the Blockchain provides a solution for maintaining the bulletin board in a decentralised manner. This is an essential component of a verifiable electronic voting solution. This is the first and most obvious problem that Blockchains can solve in the context of electronic voting.

Also, in the sort of technical solution that we are proposing, Blockchains can help with ensuring fairness. That is guaranteeing that intermediate results are not being leaked while the casting phase is still open. We are not there yet, as we do not have efficient constructions, but they seem to provide good building blocks for what we call “time lock encryption” schemes and computational global clocks. This is another issue where I see Blockchain helping — but we are still at the very beginning of these investigations.

Furthermore, the Blockchain developments that we are seeing are a source of inspiration and provide solutions to problems that we also encounter in voting. I see that the Tezos community is coming up with a lot of ideas here. They come up with solutions that can also help with voting, for instance, such as the governance model implemented in the Tezos Blockchain.

“Blockchains can help with ensuring fairness. That is guaranteeing that intermediate results are not being leaked while the casting phase is still open.”

ELECTIS: You are saying that E-cclesia is based on the ideas of Zerocoin, what exactly do you mean by that?

MYRTO: Zerocoin is a blockchain that provides privacy. And the way it provides privacy is by exploiting some particular cryptographic primitives, like dynamic accumulators and signatures of knowledge, and it allows for decoupling the identity of the owner of a coin from the coin itself. So you can prove that you own a coin without leaking who you are. This is very similar to the privacy problem in voting where you want to be able to prove that you are eligible without leaking how you voted. This is where E-cclesia borrows ideas from and meets ZeroCoin.

On the other hand again, they don’t have the problems that we face and that has to do with fairness. We use different tools there. But in the anonymity part, we employ the same cryptographic tools as ZeroCoin.

ELECTIS: The first step in the voting process is the identification of voters by an election authority. Why does this have to be offline?

MYRTO: To be more precise, it is the provision of the eligibility list that takes place offline, everything else happens online. This might be necessary for elections where it is the identity of a user that determines if they are eligible. We have not looked at this aspect yet. Once eligible voters have been enrolled, credentials can be generated by the voters without the need of any trusted party. And these credentials can be used for multiple elections. If another solution becomes available for the population of the eligibility list, we will be able to plug it into E-cclesia.

Note that there are solutions out there for decentralising the registration, and that might be particularly well suited for certain types of elections. Think for instance at Blockchain systems where eligibility is determined by the stake of someone in the system rather than his identity. Still, for us, it was not the focus, so we decided to handle this phase offline for now.

ELECTIS: Now that you developed E-cclesia — are you still going to develop it further?

MYRTO: There is plenty to do. First of all, you asked about the registration and setup authority — we will be looking into it next. As I said, this is still handled in a centralised way, and we will be looking at solutions for decentralising this phase of the scheme too. Turning then to efficiency and scalability, there will be plenty of aspects of the scheme that will need further development and work. And then of course usability needs to be taken into consideration if the scheme is to be used by real people (she says with a smile). For now, we have not touched upon the usability problem at all.

Also, on the theoretical side, there is a lot to be done to understand how far one can go with verifiable self-tallying schemes. For instance, E-cclesia does not provide the strongest privacy guarantees one might want for certain elections, such as coercion resistance; that is resistance against vote selling. There are ideas in the literature on how to provide higher levels of privacy but most of them are either not efficient, and cannot be used in large scale elections, or assume the existence of trusted third parties in many steps. A lot more work needs to be done to see if such solutions can be adapted to our setting, or if different techniques are even possible for addressing these issues. More generally, understanding the tradeoff between decentralisation and privacy is important for the future developments of the scheme. This will also dictate in which contexts and for what type of elections E-cclesia can be useful for.

“More generally, understanding the tradeoff between decentralisation and privacy is important for the future developments of the scheme. This will also dictate in which contexts and for what type of elections E-cclesia can be useful for.”

ELECTIS: Ivaylo, why did you decide to work on the topic of e-voting during your studies?

IVAYLO: It was quite a stroke of luck. Myrto Arapinis was my lecturer, and in the third year of my studies, I had to choose an honours project. Since I liked Myrto’s lecturing style and I was quite interested in security — the theory of security and its implementation — so I applied to all of Myrto’s projects. E-voting and Blockchains sounded very interesting and at the time bitcoin was like (making an upwards gesture). I thought “why not? Let’s learn about blockchains! It might be relevant in the future.”

ELECTIS: Do you still think it’s relevant?

IVAYLO: To me, the technology is not coupled to the financial sector. Blockchain, at its core, tries to solve the consensus problem, which means getting a whole bunch of machines — with some per cent that might be malicious — to agree on a single value. So, this applies to many scenarios. Transactional history is just one — and to me, it might not even be the most interesting one. But it’s undoubtedly the most profitable.

ELECTIS: So you have been involved in the E-cclesia project for a while now…

Yes, ever since the start of its implementation. In fact, it was my bachelor’s and master’s honours project.

ELECTIS: While working on E-cclesia during your time at university, you have been working with Ethereum. What other blockchains have you been working with and did you have any experience with Tezos before the Cross-University Vote Project?

IVAYLO: Before this project, I had zero experience with Tezos.

I had only worked with Ethereum, and I had read a couple of papers on some other blockchains that popped up over time. Since Ethereum seemed to be always a couple of steps in front of everybody — in that time I couldn’t go with any of the other choices. The technology just wasn’t there at the time.

ELECTIS: What differences have you noticed while now working on Tezos, and what do you think about Tezos in general?

IVAYLO: Firstly, from an engineering standpoint, I like the way Tezos developers have gone with their choice of implementational language. I love functional languages.

By using that, they are also able to implement frameworks for formal verification, using them you can mathematically prove facts about your smart contract, which is not something that you get for almost any software that you write. What normally engineers will do, they would write some tests, but the passing of the test doesn’t mean that the programme is perfect, it means that under the conditions of the test the programme behaves as expected.

I also like the fact that you can use other languages. You can use more mainstream languages to compile down to the domain-specific language on Tezos (Michelson) — so you don’t need to be an expert on the specifics to that language to start actually writing, which I think is great. And even if you don’t know anything about Michelson, you can still gain the benefit of the formal verification methods that I mentioned.

From a theoretical standpoint, one of the main benefits is being able to deal with problems on the chain without having to fork it. Ethereum had a fork a couple of years ago. In this case, on Tezos, you wouldn’t have to fork it. Here you can have the community vote on the changes to be made.

If that vulnerability would have happened on Tezos, instead of the community saying “screw this chain let’s make our own network” they could have said, “let’s instantiate a vote on patching this vulnerability and return all the funds from the account back to the DAO account”. And provided the community agrees, the incident would be resolved without the need to fork. This better retains the network effect of Tezos when decisions have to be made and implemented.

“From a theoretical standpoint, one of the main benefits is being able to deal with problems on the chain without having to fork it. Ethereum had a fork a couple of years ago. In this case, on Tezos, you wouldn’t have to fork it. Here you can have the community vote on the changes to be made.”

ELECTIS: What are the challenges now to put the protocol E-cclesia on Tezos?

IVAYLO: I am having mainly the same problems as I had with my implementation on Ethereum — Even less and I will say something about that in a bit.

Those problems have to do with getting the implementation of the underlying crypto primitives to work, so I would have to do that no matter what blockchain I am putting it on.

This is the hardest and most uncertain bit of the project. It is independent of the blockchain technology used. One thing that is going faster on Tezos is the actual implementation of smart contracts because I don’t have to relearn another language from scratch as I had to do before. I can use one that I already know, like Ocaml or Python to compile it down to Michelson as I specified earlier. So, in terms of getting from zero to something, it’s easier.