Image header: image preview

Project title: Stellot

Summary: Privacy-first i-Voting platform powered by Stellar.

Category: Applications

Goals:

  • Inherit open blockchain trust in the i-voting system.
  • Lower operational costs by leveraging existing blockchain infrastructure.
  • Achieve privacy and verifiability for all voters.

Timeline:

  • Q4.2019 - Start blockchain-based i-voting systems research. ✓

  • Q1.2020 - Create a journal article draft. ✓

  • Q1.2020 - Create a proof-of-concept application. ✓

  • Q1.2020 - Create a proof-of-concept service for creating general-purpose votings. ✓

  • Q2.2020 - Add keybase auth via jwt and keybase-bot (similar how https://stellarcommunity.fund works) ✓

  • Q2.2020 - Add basic authN & authZ methods (cookie, IP address, codes, email, domain etc.) ✓

  • Q2.2020 - Add vote encryption (preventing partial results before the end of voting). ✓

  • Q2.2020 - Add multi-select voting.

  • Q3.2020 - Store voting meta-data on IPFS content-addressable network. ✓

  • Q3.2020 - Solve the scalability problems ✓

  • Q3.2020 - Add stake-weighted votings.

  • Q3.2020 - Finish service for creating general-purpose votings.

  • Q3.2020 - Publish a journal article.

  • Q3.2020 - Add domain-specific auth with OpenID Connect.

  • Q4.2020 - Add metamask support for stake-weighted votings.

  • Q4.2020 - Create a framework for creating domain-specific standalone votings.

  • Q4.2020 - Find academic/government votings where such a system could be used.

  • Q1.2021 - Host dean elections of the Gdańsk University of Technology with Stellot.

Description: Stellot is a privacy-first i-voting system powered by the Stellar network. We argue that the proposed system satisfies all requirements stated for robust i-voting systems such as transparency, verifiability, and voter anonymity/privacy. The system is designed in such a way, that voter is completely abstracted from blockchain technology used underneath. Open Stellar blockchain allows everyone to verify the election results without having to trust a central authority.

I believe that this project is valuable for Stellar, mainly because it proves that Stellar can be used not only for asset tokenization and payments but also as a robust i-voting system backbone.
Starting with the general-purpose voting platform, we would like to target all kinds of votings including domain-specific elections, straw polls, referendums, plebiscites. It would be amazing to host the next SCF voting with Stellot, proving its self-contained ecosystem. Since we have connections with our University, we will start here with annual elections every February. When applied successfully, we will scale the product to other domains, bringing Stellar high notability.

The voter privacy is achieved by the blind-signature technique on the stellar transaction, while the signer is protected by a cut-and-choose method. Deeper technical details are available in this draft of the article (should be finished in about month or two). We provide demo implementation for the proposed system under https://voting.stasbar.com. This general-purpose voting service is great for end-users votings, but we believe that our goal is also to digitize the academic/government votings. Such elections require domain-specific applications, and so we would like to create a framework for these types of solutions. Especially the Auth-Server is something that will differ in every institution.

Links:

Tags: voting, i-voting, privacy, platform

PS. I would like to thank @dzham for his help with blind-signature over ed25519 scheme, without him, the project would still be in the design phase.

    I reviewed your app
    How can you prove that it is decentralized?
    And how is this app different from centralized apps?
    Why can someone vote infinitely?
    I think you have to change your structure and use the public key to validate the voters and every user has to sign their own vote.
    This will make your system more reliable.

      John

      How can you prove that it is decentralized?

      I'm not sure how to interpret your question, so I will describe how it works in the big picture.

      Decentralized vs centralized

      Let's take a Stellar Community Funding voting as an example.
      Galactictalk or Keybase would become Authentication Server(AS) so you can "Login with GalacticTalk/Keybase" account. CENTRALIZED
      The Stellar organization would run the Token Distribution Server (TDS), which will be responsible for both: signing transactions, and authorization (keeping track of who has already voted, and who is eligible for issuing ballot). CENTRALIZED.
      Client Webapp is just a user interface that is responsible to interact with AS, TDS, and Stellar Horizon API. DECENTRALIZED
      Stellar Horizon API is considered DECENTRALIZED since it is just API to stellar network, it can be hosted by anyone.
      Stellar Network is DECENTRALIZED.

      So yes, the government layer is centralized. I addressed this issue in section8 Fully Decentralized Blockchain Application.
      But it's important to realize how limited the power of government is in this system. Since he (the government) manages the authorization, he can block a certain users from casting vote. But he can not perform votes on other user behalf since there is only the limited publicly known number of created tokens (e.g. the number of galactictalk active users). Yes, he can assume that only 20% of users will take part in the election, and use the 80% of unspent tokens to perform vote on his behalf. But it still could be mitigated by limiting the number of tokens to the number of users who are incentivized to cast a vote, so the frequency would be high, therefore limiting the number of unspent tokens.

      Decentralized auth is a completely different topic, but It is something I would love to continue my research on. Zero-knowledge proofs might be the clue.

      And how is this app different from centralized apps?

      Besides auth, everything is recorded on the blockchain. Each user can count the voting results on its behalf, without the trust to government. The user is responsible for publishing the vote transaction to the stellar voting, so he can be sure that his vote was taken into account. But the biggest advantage is the fact that the votes are completely anonymous since no one (besides the voter) knows who cast the particular transaction to the network. But everyone can be sure that this transaction was authorized by TDS (because he blindly signed the transaction).

      Why can someone vote infinitely?

      Right now the authorization is skipped. I assumed that it's an implementation detail, that I'm currently working on.

      04.2020 - Add basic authN & authZ methods (cookie, IP address, one-time link, one-time code, email, etc.).

      It's just a matter of time, not lack of concept.

      I think you have to change your structure and use the public key to validate the voters and every user has to sign their own vote.

      It would require the user to already posses the Stellar account which is highly unpractical and limiting. I can't imagine a scenario, other than stellar community voting, where you would require each voter to possess the Stellar account. Additionally, it would allow connecting the user with his vote. Right now the user does not even know that he is using blockchain, which is one of the most important features of this system.

      I hope it answers your questions, let me know if there is something more I could clarify.

      I receive many questions, so I assume that a lot of things are unclear, I will create a FAQ page and some illustrations 🙂

      • John replied to this.

        Does people can vote using proof of stake like on Binance with BNB? What is the business model to monetize the project ?

          stasbar Thanks for the description but what is the most important feature in the voting platform?
          The answer is simple, the poll result must be valid.
          why we use blockchain in the voting platform?
          because we want to show that the poll result is valid and no one can change it.
          So what happens if you don't use the public key for a validating vote and don't use the private key for signing that?
          The answer is simple, votes are invalid because no voter signed them and you can't prove that.
          One example: Imagine that we would use your voting system for this Grant Stellar period
          And everyone can vote indefinitely
          Can we trust the poll results?
          I refer you to look at the Status voting system, this is a perfect sample of a voting system

            stasbar Also the image you posted is a simple structure of all Stellar apps
            And it doesn't show the structure of a decentralized voting platform.

            Justin

            Does people can vote using proof of stake like on Binance with BNB?

            This solution is built with non-crypto users in mind. I argue that this is the only way to use this solution on large scale.

            Proof-of-stake voting or I would rather say stake-weighted voting, would be very interesting in crypto space.
            If we take the basic weighting model, i.e. based just on amount of XLM on your account, then the implementation is really straightforward. Instead of the vote token go directly from distribution account to ballotBox account, it would go first from distributing account to the user account, and then from the user account to ballotBox account. This way, counting results would involve one additional step, checking the account balance at the end of elections.
            I will add it to the timeline.

            What is the business model to monetize the project ?

            For general-purpose votings, the idea is rather simple. Voting creation would require some fee, based on number of votes and some base fee for operational costs.
            For institutional level votings, it is mostly an operational fee that depends on the number of voters and the Authentication Server integration complexity.
            We plan to work similarly to those guys https://polys.me

            John

            the Status voting system, this is a perfect sample of a voting system

            Sorry, but in my opinion, the voting platform that requires metamask is made only for crypto users, and is far from being "perfect". Can you imagine the presidential elections that require metamask installed?
            As I wrote in the previous post, the implementation of your postulate is straightforward, and it's something I already added to timeline.

            Also the image you posted is a simple structure of all Stellar apps

            That's how the system is designed. Maybe the sequence diagram will clarify the concept.
            Here is an example based on Keybase authentication (same as https://stellarcommunity.fund/) works now.

            Voting creation
            Voting creation

            Casting ballot
            Casting ballot
            NOTE: batching and cut-and-choose methods were skipped for simplicity. Blind-signature algorithm was simplified

            Counting results
            Counting results
            NOTE: TDS could be easily removed in domain-specific voting, by injecting metadata directly into webapp

            If you are interested how will it work for one-time authorization codes here are the diagrams.

            • John replied to this.

              stasbar
              I disagree with you

              Can you imagine the presidential elections that require Metamask installed?

              Yes, if you want to build that on the Ethereum you must be used Metamask for Auth.
              I think you have trouble understanding the dapp structure.

              Add basic authN & authZ methods (cookie, IP address, one-time link, one-time code, email, etc.).

              Are you kidding? How do you want to prove who they voted?
              I think you know what I mean
              And you're just defending your centralized project

                John
                Excuse me, but where did I claim that this is dapp ? One place where I mentioned dapp is section 8. in my article, where I explain why it is NOT fully dapp. Only part of the system is decentralized, and I claim that this is enough to achieve outlined e-voting requirements. Since this system relies on a centralized authentication system, it inherits this property too. If you find a way to achieve decentralized auth on centralized identification provider, let me know, I will love to implement it.
                Since you start to humiliate me, I propose to stop our conversation.

                  stasbar Excuse me Stasbar I thought it is a dapp and your app is decentralized.
                  Thank you for your answer

                  @John Decentralization simply isn't a requirement for the SCF. This is a fascinating project and I agree with @stasbar that decentralization as an assumption for every Stellar project is naive and unhelpful. Decentralization as a mindset or in certain areas may be useful but only as it serves a purpose, as a buzzword or an assumption can actually be dangerous as it can open you up to legal and regulation liability if you have little to no control over your own service.

                    tyvdh
                    Hi Taylor
                    I wasn't trying to sabotage any project. This is just a matter of different opinions. I always try to be frank. As a developer, I believe merely using the SDK doesn't represent good structure. We should aim to solve problems fundamentally. This approach just makes developers lazy.
                    I'll prove to you that these three properties of Stellar (Multisignature - Batching / Atomicity - Time bounds
                    ) can be used to achieve great things but because most developers are not willing to spend time thinking about them, they just ignore them.
                    I'm sorry if I've offended anyone. I won't discuss other projects anymore.

                    stasbar Cool! I actually coincidentally came across your project in my search for a voting solution for the William & Mary Blockchain Lab that I am leading.

                    https://www.linkedin.com/company/william-mary-blockchain-lab

                    I am hoping to make some of our efforts decentralized by Spring 2021. I look forward to reading through your paper ,asking questions and following your progress.

                    We do have a Researcher who specializes in e- governance affiliated with the lab, if you find yourself in need of a government expert to help lend a social science eye to your already impressive team of researchers, we are here to help.

                      twiipongwii Great to hear that. When we finish the prototyping phase, it'll be more than helpful to reach someone involved in e-governance.

                      I think that this is a fascinating project and I appreciate the details you’ve shared illustrating your depth of thought you placed into this. Regarding sustainability you mentioned that this would be a similar business model to polys.me but I’m unsure as to how they survive as well. Can you share some insight on this part of your plan? Thanks

                        6 days later

                        We have added:

                        04.2020 Add keybase auth via one-time codes and keybase-bot (similar how https://stellarcommunity.fund works) ✓

                        Additionally, you can specify the team membership requirements, so only members of a particular team can take part in voting. Therefore we can delegate the user authorization process to team owners. It is achieved by using keybase-bot. When the voting is created, stellotbot requests access to a specified keybase team. If the team is open, it automatically joins the team, If not, it waits until the team owners approve the stellotbot request. When the stellotbot can access the team membership list. When a user want to cast a vote in such voting, he enters his Keybase username, and send it to Stellotbot, which ensures that the user is a member of the required team. Stellotbot then sends a signed JWT token to username account in private message. User proof his identity by entering the received JWT token. TDS ensures that the username hasn't already issued the voting token. Now we are ready to issue voting token with blind-signature technique.

                        Give it a try, this voting is restricted to stellar.public team members only. Right now the membership is checked on-request, but we are thinking about freezing the list at the time of voting creation, to prevent sockpuppeting accounts.

                        samuelconner
                        Monetization is something we will focus on after we create a working prototype. We believe that the demand for secure and private e-voting is something we don't need to worry about (especially nowadays), so the success of this project relies mainly on the properties we are able to achieve. Our undoubted advantage is the fact that user wallet/keypair is completely optional, and we designed the solution on the open Stellar blockchain, which is something we didn't find before. Our first targets are Universities we are associated with, so we already have a solid testing environment.

                          Hi, great to see you are proceeding. As you write especially with the corona crisis there will be an increasing demand on e-voting. For all different organizations.