The Cryptographic Fix for US Elections Is Still Sitting on the Shelf

In 2006, software program engineer Michal Pospieszalski uncovered harmful flaws in U.S. voting machines—flaws he says nonetheless threaten American elections immediately.

Employed by the Election Science Institute, the place he served as Chief Expertise Officer, Pospieszalski was flown to the headquarters of election vendor Election Methods & Software program (ES&S) in Omaha, Nebraska. His activity was to investigate the corporate’s iVotronic voting system.

For over every week, Pospieszalski uncovered a variety of points, together with “unhealthy code practices, backdoors, static passwords,” and most significantly, what he described as an entire lack of “end-to-end cryptographic proofs.”

“The largest factor that wasn’t there was end-to-end cryptographic proofs,” Pospieszalski instructed Decrypt in an interview. “Which means there’s no approach the machine, even with excellent exterior safety, may know if a poll is official, or if it’s been counted twice, thrice, 10 instances, or 1,000 instances.”

What’s lacking from immediately’s voting machines

The CEO of blockchain safety and id software program firm MatterFi, Pospieszalski, stated that vulnerability isn’t hypothetical; it’s simply exploitable by anybody with entry to voting machines and voter registration programs.

“You would simply run the identical poll by 10 instances—and that’s nonetheless true immediately—and it’ll simply rely as 10 votes,” he defined. “And the scanner doesn’t know any higher, and neither does the tabulator. The tabulator within the central precinct is like, ‘Oh, it was 10 votes.’”

Pospieszalski stated the separation of poll and voter file programs typically makes reconciliation unattainable with out referring to unique paper data.

“There’s no nameless serialization of every poll that may permit the system to know that every serialized poll needs to be counted solely as soon as,” he stated.

The answer, in line with Pospieszalski, includes software program—not {hardware}—and builds on cryptographic strategies first developed within the Eighties by David Chaum, a cryptographer who pioneered digital money and launched blind signatures, permitting transactions to be verified with out revealing their contents.

Chaum later based DigiCash, an early digital forex, and proposed cryptographic voting programs that protect anonymity whereas enabling public verification. His work laid key foundations for each safe e-voting and fashionable cryptocurrencies like Bitcoin.

“What you need is the machine on the finish—the central rely tabulator or election administration system—will get a vote definition, and you’ve got a Chaumian-blinded serialization on each poll,” Pospieszalski stated. “So, like in LA County, that output poll that’s printed has a serial quantity. That serial quantity doesn’t determine the voter, nevertheless it tells the tabulator within the central precinct, ‘Hey, it is a distinctive poll.’”

“If I see two of them, then anyone cheated,” he added. “Particularly if I see 50 of them.”

In Pospieszalski’s proposed mannequin, there can be three counts: the paper ballots, the traditional digital tally, and a 3rd cryptographic rely.

“The way in which you see dishonest is the digital rely says there are 100 votes, and the cryptographic rely says there ought to solely be 90,” Pospieszalski stated. “Now you recognize somebody injected 10 votes.”

Classes from Antrim County

In 2020, Pospieszalski was employed to conduct forensic evaluation in Antrim County, Michigan, after a quick vote-counting error triggered widespread hypothesis.

“There was a vote flip in Antrim County by, like, roughly 2,000 votes, the place, like, someday it was 2,000 for Biden, and the subsequent day it was 2,000 for Trump,” he recalled. “What actually occurred is the poll definition was misconfigured in order that the system thought that the votes for Trump have been for Biden.”

He stated that when the ballots have been rescanned with the corrected definition file, “The whole lot went again to regular.”

Pospieszalski emphasised that whereas the error was technical, the optics of the state of affairs fed public suspicion.

“There wasn’t an enormous, hostile assault. However as a voter being riled up by the media—significantly right-wing media—individuals are going to need solutions,” he stated, including that such confusion is strictly what end-to-end, off-chain cryptographic proofs are designed to stop.

However whereas he discovered no proof of distant hacking or software program backdoors, Pospieszalski did say he encountered indicators of doable poll injection throughout his evaluation.

“In case you have a poll with 42 selections, and within the evaluation you see 100 ballots with all 42 crammed out the very same approach, you’re like: Um, in all probability not actual,” he stated. “That’s the stuff I discovered some proof of in Antrim County.”

Requested why cryptographic poll serialization hasn’t been carried out, Pospieszalski pointed to entrenched programs and company reluctance to make modifications, including that proposals for safe voting typically failed to achieve traction as a result of they have been too difficult.

“They’re suggesting all types of actually, actually difficult-to-use schemes… stuff that individuals are identical to, when you’re a voting machine producer, this isn’t going to make any sense,” he stated.

A number of applied sciences intention to enhance election safety and belief. In April, New York Assemblyman Clyde Vanel launched a invoice that may use blockchain know-how to safe voter data and election outcomes. Whereas blockchain has been promoted as an answer for safe voting, Pospieszalski argued that the core situation doesn’t require that stage of complexity.

“All you are making an attempt to do is clear up a easy downside: get an correct rely of official votes,” he stated. “Further complexity is pointless. Lots of people push blockchain as a result of it is common, however you do not really want it.”

In contrast, Pospieszalski says his resolution works with present machines.

“I’m simply saying: Look, make it a software program improve to the prevailing system and work with Dominion, work with ES&S, and you’ll simply flip it on or off,” he stated.

Requested how adoption may occur, Pospieszalski steered laws or mandates from jurisdictions that oversee elections.

“Voting producers and their prospects—counties—want large precincts to push for change,” he defined. “If a legislation stated that by 2028 or 2032, voting programs should embrace end-to-end crypto proofs, we’d be in enterprise.”

The benefit, in line with him, can be readability in future elections, particularly in heated contests the place belief is fragile.