dApp Platform FAQs

What is a dApp platform?

 A dApp platform is a software platform that supports decentralized applications (dApps). dApps run their backend code on a decentralized network and not a centralized server. This means that a blockchain is used for data storage and smart contracts for their app logic.

What is a blockchain?

A blockchain can be referred to as a transactional database or public ledger that is created and maintained by a network of computers/servers.  The various computers and/or servers that power the network take turns verifying sets of transactions and adding them to the database, which are referred to as blocks. These “blocks” of transactions are mathematically linked to one another in a way that would resemble a chain, hence the name blockchain. Once stored in the database, these transactions are permanent and irreversible. Our online voting platform has a blockchain-based ballot box that allows votes to be securely stored within the system.

What are smart contracts?

A smart contract is basically a set of rules that remain on the blockchain for all to see. Smart contracts operate precisely according to those rules. The code allows agreements and transactions to be completed automatically.

What are the benefits of dApp?

 dApps can look and feel just like regular apps, but they receive the same benefits of the blockchain it interacts with. This includes freedom from censorship, cryptographic security, increased efficiency, and greater transparency.

What is Pollaris?

Pollaris is our initial application on the dApp platform. Pollaris will help us to ensure that the platform we build adequately addresses the difficulties of developing blockchain-based applications while enabling us to test our design principles and guidelines to ensure that our solutions are indeed intuitive to people of all walks of life. In practical terms, Pollaris is a simple polling application intended for use in communities to establish consensus on any issue they may face.

When will Pollaris be launched?

Pollaris is currently being built out. You can sign up for our Follow My Vote Supporters email list and our Beta access list for updates on the launch of Pollaris. 

Who can develop dApps on your platform? 

The dApp platform we’re working to bring to fruition is not ours, but meant to be a platform owned and operated by the tech community at large. (Much like Bitcoin is not owned by any one entity.) Once Pollaris has been built, tested, and refined we will be opening up the platform to all developers at that time.  

What are the top dApp platforms?

Follow My Vote is building a dApp platform to compete with platforms such as Ethereum, EOS, and TRON. Ethereum remains the number 1 platform with over 2000 dApps currently running on the Ethereum blockchain.

 

Mobile Voting Platform FAQs

How can a mobile voting system protect a remote voter from being coerced / pressured to vote in a certain way?

In a mobile voting system, you can offer that same voter an ability to vote again after their initial votes/ballot has been cast, once in a safe physical environment. You can then treat the voter’s most recent vote on any given contest as the official vote for that contest. It’s also important to emphasize the blockchain /distributed ledger can be leveraged for this purpose to ensure vote timestamps are accurate with respect to each vote cast.

examples: Follow My Vote has already accounted for this and incorporated this functionality into their voting system designs, which can be showcased in Follow My Vote’s User Experience Demo. Per Philip Andreae, Estonia also seems to be following the same practice within their country’s elections. Follow My Vote’s designs should be seen as an improvement upon Estonia’s implementation, as Follow My Vote’s design leverages blockchain or distributed ledger as opposed to a centralized database.

What type of audit trails can a mobile voting system provide?

When designed as an open source software application, a mobile voting system can provide a complete audit trail for the entire election, from identity verification through to the final tally, on the public blockchain record. The open source application will validate this entire audit trail when tallying the results to ensure that no tampering occurred. Since the application is open source, the public can examine its code and verify that it is auditing the election correctly.

How does a mobile voting system ensure elections results are accurate?

Voters must have their identities verified prior to casting their ballots. Voters can only request official ballots for election contests that meet their identities’ credentials (i.e. country of citizenship, age, etc.) and can only request one ballot type per election based on their identification submission. During the ballot casting process, voters can rest assured knowing that their ballots will not be tampered with, as cryptographic technology prevents voters’ votes/ballots from being intercepted and modified prior to being stored in the blockchain-based ballot box, assuming the mobile voting system is blockchain-based. Once a voter’s vote has been stored in the blockchain-based ballot box, it cannot be changed by any other actor within the system due to the fundamental way in which blockchain technology works. Finally, all voters that participate in an election will have an opportunity to audit the ballot box themselves to ensure that the vote count of the ballots stored in the ballot box match the election results being reported.

How are verifiable elections possible within a mobile voting system?

Transparency is the most critical aspect of hosting a legitimate election; if one cannot audit the results of an election themselves, then how can they be assured that the results are accurate? If the mobile voting system is designed correctly, a vote cast shouldn’t technically be able to reach the ballot box, unless it went through the proper channels and was deemed to be a valid vote; therefore, a pre-certification of election results might not even be necessary. Either way, all voters should have access to the blockchain-based ballot box that contains every ballot that is cast within each election so that they can audit the results of an election at any time to ensure the election results being reported are truly accurate.

Will my vote be kept private in a mobile voting system?

In a blockchain-based mobile voting system, being that all votes/ballots cast will be viewable to all voters, anonymity is necessary in order to protect each voter’s right to privacy. Therefore, a blockchain-based mobile voting system could/should provide each voter with anonymity to cast their votes within the system through the use of an anonymous voting key registration protocol. Upon software initialization, a public key should be cryptographically generated for each voter, which they can anonymously register to subsequently cast their votes/ballot. Voters would be known by other actors in the system only by their public key so that their identity isn’t revealed to anyone else within the system. With this in mind, voters can be assured that their identities will be protected and that their votes will remain anonymous when being viewed by others in the blockchain-based ballot box.

Will a mobile voting system allow me to change my vote?

Voters that use mobile voting systems should be able to cast their ballots securely, ahead of time, similar to how one would vote by mail in an election. Once cast, voters should be able to cast additional votes on the election contests they are registered for at any time on or prior to the polls closing on Election Day. This rule will ensure that, in the days leading up to an election, a voter can change their vote before it’s made official if they end up being coerced during their initial vote and/or happen to change their mind about a particular candidate. This will also ensure that, when an election comes to a close on Election Day and the votes are officially counted, the election results are much more likely to reflect whom the voters really want to win the election at that point in time (i.e. securing better representation).

How can we verify the correct person is voting?

This question breaks down into two parts: first, how can we verify that a given person is allowed to vote (i.e. they have a right to vote, and they have not voted already); second, how can we determine that a given vote was cast by one of those verified persons, and that it is the only vote on a given issue cast by that person. The first part doesn’t change substantially in a transition to a mobile voting system. Voters must register to vote, and receive a certification authorizing them to vote when the polls open. In a mobile voting system, this certification takes the form of an identity on a blockchain which has been cryptographically signed by the identity verifiers for the election as being unique and authorized to vote. The second part is a more difficult problem which, in contemporary paper ballot systems, is largely unaddressed. It is simply assumed that if a ballot is in the box, it is valid and should be counted. There is no possible verification of this assertion later on in the process. In existing electronic voting systems, the problem is worse as typically audit trails are not preserved, and these systems are frequently designed with no eye towards security, allowing them to be manipulated to alter the votes. However, a secure blockchain-based mobile voting system will preserve a complete audit trail which provides cryptographic proof that each counted vote was cast by one of the authorized identities, and it was the only valid one cast by that particular identity, without enabling any party (including election officials) to determine which certified identity cast that vote.

How can the voter ensure that the vote they submitted is the one that is received?

In a blockchain-based mobile voting system, all votes are public data available on the blockchain. Because of this, a voter can look up his vote in the public record and verify that it was cast correctly. The voter can do this verification on a public computer to verify that his personal computer is not out of sync with the network, or being fed invalid information about the public record by an attacker. Furthermore, if the blockchain-based mobile voting software is open-source, the software application will be able to count the votes on the public record, and show the voter the results directly, rather than trusting election officials to tally the votes in secret, so the voter can be completely assured that his vote was cast as intended and counted as cast.

How can the mobile voting provider verify that the votes they received are the same as the ones that were submitted?

Due to the inherent trust, fault tolerance, and censorship issues involved in a centralized voting solution, blockchain-based mobile voting systems leverage a decentralized design. Thanks to this property, these decentralized systems do not require any blockchain-based mobile voting software provider to verify the votes. This is done by individual voters as they tally the votes as described in the question “How can the voter ensure that the vote they submitted is the one that is received?”. This verification is done using the cryptographic audit trail made publicly available on the blockchain. This audit trail proves that the votes were not tampered with after they were cast.

What safeguards are there against malware on the voter’s device?

In any electronic voting system, if the operating system the voter uses when casting his votes is compromised with malware, it is possible that an attacker could steal the voter’s cryptographic identity, change the votes prior to publication, and determine the real-world identity of the voter. No safeguards do or can exist with modern technology once the malware infection has taken place; therefore, the only defense against this is to prevent a malware infection, or to neutralize the infection for the duration that the voter’s private information is held on the device used to vote. Clearly, the threat of malware is a serious one. However, the threat of attack is greatest on web-based platforms. The threat of attack is least on mobile devices, where, due to the security models used by modern mobile operating systems, it is rare to find a malware infection capable of interfering with other applications on the device (most malware on mobile devices can do nothing without first asking the owner’s permission and can be trivially removed simply by uninstalling the application containing it). The greatest risk of compromise from malware will be on desktop and laptop computers, where the operating systems do not have as strong of a security model, and malware can be difficult to find and remove. Because of this, it is recommended that users only vote from these computers using a live operating system (a temporary computer operating system which runs in RAM and is used only for voting), which will neutralize the threat of malware on the computer while the mobile software application is running and storing data on the computer. Tutorials and/or additional software can be provided to help voters accomplish this. Voting from a computer running a live operating system is the most secure way to vote, and will protect users from virtually all possible malware.

What safeguards are there against a cyber-attack to a mobile voting system?

As discussed above in “How can the mobile voting provider verify that the votes they received are the same as the ones that were submitted?”, in a decentralized blockchain-based mobile voting system, there is no centralized system to attack. A custom cyber-attack would have to be levied against each individual voter, which would be prohibitively expensive and time-consuming. Furthermore, attacking voters who are using the live operating system described in the previous question would be nearly impossible.

What contingencies are there for votes being tampered with on an individual and large-scale basis?

With respect to blockchain-based mobile voting systems, due to the decentralized design of the system and the blockchain-based record, it should be impossible to tamper with votes on a large-scale basis. If such an attack could be found, the same attack could compromise the entire Bitcoin network (an online payment processing network). Since there is already such a great incentive to find such an attack, yet Bitcoin remains secure against large-scale attacks, it is highly unlikely that such an attack will be found. The difficulty of attacking an individual voter depends on how careful the voter is to avoid attack, but as described in the question “What safeguards are there against malware on the voter’s device?”, blockchain-based mobile voting software can be designed in a way to make it easier for voters to protect their security than to compromise it. Nevertheless, if such an attack is successfully levied against a voter, that voter will immediately be able to see on the public record that his vote has been tampered with, and will be able to report the fraud to the election officials. From there, the exact details of how fraud is dealt with will need to be determined by the authorities.

How can you detect interference with the mobile voting system during the election?

All of the online communications used by the mobile voting system should be encrypted and cryptographically signed. Therefore, any interference with the online communications will be automatically detected and rejected.

How can a mobile voting system prevent vote-buying?

First of all, from a voting system perspective, vote sales and vote coercion are fundamentally the same problem, which is that the information about how a voter voted can “leak” to other people. So from a voting system perspective, this is the issue to tackle.

It is important to understand, though, that neither vote sales nor vote coercion are voting system problems. They are social or cultural problems, and as such, no voting system can ever solve them. The only way to solve them is with social/cultural solutions, for example, legal measures. So until those outlying issues are locked down, these problems will continue, regardless of the voting system.

Nevertheless, the voting system can be adjusted to mitigate these problems, albeit with tradeoffs. The system can mitigate vote sales and vote coercion by making vote leaking difficult. (Note that paper ballot systems do not solve the problems either, they seek to mitigate them by suppressing vote leaking — this is all any voting system can possibly do)

In an online voting system, vote leaking can be mitigated, for example by designing the app to keep the way a voter votes secret. Of course, this effectively prevents the voter from verifying the integrity of their vote, which is suboptimal, but that’s the cost of applying mitigations at the voting system level rather than solutions at the social level. The voting system is diminished until proper solutions are implemented.

We can retain the heart of verification, though, by designing the app to keep the vote data secret, but allowing the voter to open the app and have it check that the vote on record still matches their saved vote. All they would see is a green checkmark or a red X, the actual voter decision would not be viewable, but the verification would be effective, and the code that does it could be inspected to verify that it performs the verification honestly. This isn’t as good as allowing the voter to verify the vote directly, as it leaves some advanced hacking possibilities in play, but it’s better than what we have now, which is no verifiability at all.

When considering the effectiveness of mitigations, it’s necessary to examine the mitigations in place now, and design mitigations in the new solution to ensure that, while no mitigation is a solution, we are at least ensuring that we’re not making the problem worse.

In the existing system, if I want to extract information about how the voter voted, I can catch them on their way into the booth and make them wear a hidden camera, so I can watch them mark the ballot and submit it. So the window of opportunity for attackers is limited: if the attacker catches the voter before they vote, the attacker has options; if the attacher catches the voter as they go to vote, the attacker has control; if the attacker catches the voter after they vote, the attacker has nothing.

A new voting system which aims to mitigate these problems should ensure that the mitigations are at least as effective: limit the window of opportunity. A fully verifiable voting system leaves the window for vote leaking wide open: it can happen any time. If we ensure that the vote cannot be viewed after it is cast, we cut down the window so that if the attacker shows up after the vote is cast, he gets nothing. We can design other mitigations to limit the attacker’s options if they catch the voter before he votes, such as restricting when or where a voter has the ability to cast a vote.

Of course, all mitigations have trade-offs, and thus finding an effective solution for any particular election is a design problem, and one which Follow My Vote will be ready to aid election officials in solving in the best way possible for their particular situation and environment.

Would you consider open-sourcing your software or working with others in an alliance?

Follow My Vote’s code is open source on GitHub. The entire voting system will be open source, including the voting, tallying, and auditing software. They welcome contributions from all who wish to further the goal of building a secure, open source, end-to-end verifiable online voting system and seeing this system implemented in elections around the world. Anyone wishing to help out with development should visit followmyvote.com/code-contributors.

 

FAQs From FMV Supporters 

The blind signature approach is better than the double-envelope approach because it doesn’t require procedural security when splitting the votes and counting them. But does it allow revoting on paper after you have voted online?  – Bozhidar Bozhanov, Advisor to the Deputy Prime Minister of Bulgaria

Yes, our protocol allows voters to rescind their online votes in favor of a paper ballot. Voters who have completed our registration process have an anonymous voting account which casts votes on the blockchain. They can cast a special kind of “vote” which declares their online vote revoked in favor of an offline vote, at which point our voting application will provide them with a receipt. They must present this receipt at the central polling place. The worker at the polling place checks that the receipt is valid and marks the anonymous voting account as having received a paper ballot, to prevent the same voter from receiving multiple paper ballots at different times, and gives the voter their paper ballot.

How do you propose to manage secure key distribution in this system. Is presentation of a private key sufficient to prove my identity? Also, how do you prevent sabotage of the election, for example by DDoS attacks. Or even geographically selective DoS of clients and client networks, that might prevent voting by certain demographics in a way that could change the election outcome? Another question: Can (A) blockchain technology, and (B) your software specifically, handle different voting systems like Alternative Vote (aka Instant Runoff) or proportional systems like Single Transferable Vote?           – Ian from the UK
The blockchain is the PKI in our designs. Using a blockchain as a PKI is a practical scenario, and the BitShares blockchain already does just this by mapping usernames to public keys. What this looks like in the voting context is that a user creates a key pair, and publishes the public key on the blockchain as an identity, then uses that key to sign a request for an ID verifier to certify that on-chain identity as being unique and authorized to vote. The exact procedure by which the verifier determines the identity of the person making the request is out of scope for the voting system, but we have a general procedure outlined which closely mirrors that of getting your identity verified for an SSL certificate today.
 
As to preventing sabotage, there are a number of ways this could be attempted. An attacker could attempt to manipulate the individual votes themselves, but our protocol is designed to make this impossible at large scale, and extremely difficult and expensive at small scale. Furthermore, even if an attacker targeted a specific voter to change his vote, the voter could easily detect this and report the fraud. As you pointed out, a more promising sabotage technique would be some kind of DoS as a censorship mechanism. Unfortunately, DoS neutralization/mitigation is an open problem, and we do not have a solution to it, but DoS attacks are noisy (implying a high risk of being caught), so if a DoS attack were to occur, it would be widely known, and of course the election results would not be considered valid until all voters have had a chance to vote. Furthermore, our decentralized design makes DoS difficult: there is no server to attack, and since a voter could vote from her phone, it would be difficult to successfully deny her service, as she could simply move to a different access point and try again. Additionally, election officials can make DoS attacks impractical by setting a large window during which votes will be accepted. Maintaining such a high-profile attack across the entire window would then be prohibitively expensive and/or too risky.
 
To your final question, our software can be easily adapted to support arbitrary contest, contestant, and tally semantics, even on a per-contest or per-election basis. As long as it is possible to express the votes in a digital format and count them unambiguously, we can implement it, possibly without even requiring an update to the software.
Do you have a version of FollowMyVote that supports any form of Proportional Representation voting system such as MMP or STV?    -Mark from Canada

Our voting system starts with the assumption that a voter can securely prove his real-world identity over the internet (typically using a service like Jumio), and that given a real-world identity, it is possible to unambiguously determine which contests, if any, that identity is authorized to vote on. We should be able to customize our software to serve any use case that fits those conditions.

There are often many uncast ballots in an election. What prevents a bad actor from voting on behalf of the people who were not going to vote for themselves – in other words, ballot stuffing. That is, if a bad actor were able to get a list of voter ids, could they determine which ones were unused and vote for those voters.  Or similarly, could a bad actor register dogs or dead people and then vote on their behalf?      -Mark from Canada
You mention an attacker leveraging otherwise unused login credentials to submit valid votes, but in our design there should be no unused login credentials at all. Voters prove their real-world identity to the ID verifiers which then certify their public keys (on the blockchain) as belonging to said identity (like a PKI). The voter then begins registration using this certification, and finishes it using a new key which can’t be tied to his identity. We’re about to release a video describing exactly how this registration works. We’ll send you a link when that goes live. (Watch Video Here)
 
At the end of this registration process, the voters who completed the process have a key which is publicly certified as being able to vote on the appropriate set of contests, but which cannot be tied by anyone, including the ID verifiers or registrars, to the voter’s identity. Only votes which are signed by such a key will be counted, thus eliminating ballot box stuffing.
 
An attacker could attempt to fraudulently register as one of the eligible voters, but the ID verifiers should detect and reject this attempt. Even if he believed he had a reasonable chance at success, in general he has no way of knowing which identities will legitimately register, and if he successfully registered with an identity whose owner later tried to use legitimately, it would be detected that someone had fraudulently voted.
 
Of course our system is designed to be as fraud-resistant as possible, but one of our design principles is that when fraud is successfully executed, to make that fraud detectable. This is different from currently utilized voting systems, which generally make fraud undetectable.
 What is a “blinded token” (that will be signed by the registrar)? Is it a “Blind RSA Signature”, as described here on Wikipedia?           -D. Pulmi

Yes, that’s the blinded signature scheme we’re using. The token itself is just a random nonce selected by the voter.

If you still have questions please reach out via our contact page