Chapter 1: Introduction
Chapter 1: Introduction
Chapter 1: Introduction
The ledger exists in many different locations: No single point of failure in the
maintenance of the distributed ledger.
There is distributed control over who can append new transactions to the ledger.
Any proposed “new block” to the ledger must reference the previous version of
the ledger, creating an immutable chain from where the blockchain gets its
name, and thus preventing tampering with the integrity of previous entries.
The blockchain technology was introduced in 2008 when Satoshi Nakamoto created
the first crypto currency called Bit-coin. The Bitcoin blockchain technology uses a
decentralized public ledger combined with PoW(Proof-of-Work) based stochastic
consensus protocol, with financial incentives to record a totally ordered sequence of
blocks, the blockchain. The chain is replicated, cryptographically signed and publicly
verifiable at every transaction so that no-one can tamper with the data that has been
written onto the blockchain. The blockchain structure is an append-only data structure,
such that new blocks of data can be written to it, but cannot be altered or deleted The
blocks are chained in such a way that each block has a hash that is a function of the
previous block, providing the assurance of immutability.
1
1.1 GOALS AND OBJECTIVES
The blockchain is a shared, programmable, cryptographically secure and therefore trusted
ledger which no single user controls and which can be inspected by anyone. A blockchain
is a permanent record of transactions (votes) that are distributed, every vote can
irrefutably be traced back to exactly when and where it happened without revealing the
voter’s identity. In addition, past votes cannot be changed, while the present can’t be
hacked, because every transaction is verified by every single node in the network. And
any outside or inside attacker must have control of 51% of the nodes to alter the record.
2
CHAPTER 2: MOTIVATION
Democracy and voting are great ideas, but the classical paper ballots are prone to fraud;
ballots can be counted incorrectly or ballots sent via mail might get lost in transit. To
show examples for failure or fraud, we focus for this list on the parliamentary elections
from Germany in 2005, because they are well documented. Examples are:
In one state the ballots were not correctly assigned to the parties, which led to a
bad result for a small party.
Paper ballots sent via postal mail take a long time until they are tallied.
Observations showed that even ten days might not be sufficient to re quest and
send the ballot back before the election ends.
An external company was delegated to distribute paper ballots for one city.
Unfortunately, they sent 50,000 ballots to the wrong recipients. Due to this
error 10,533 ballots became invalid.
These are only a few examples for potential problems with traditional paper
voting and they are not the only exceptions. This does not mean that all
elections are compromised or completely insecure.
3
High Cost
Another factor are the costs of an election. We focus on the numbers from Germany
again.
The parliamentary election for the Bundestag in 2009 did cost about 67 million Euros
in total. Cities with less than 100,000 eligible voters received 0.48 Euro per voter, big-
ger cities even 0.74 Euro [The11]. Additionally, volunteers, who support an election,
received another monetary compensation for their help. This is a massive amount of
money being normally spent every parliamentary election.
One possible solution to reduce the costs and to optimize the general voting process is
the usage of computers.
Electronic voting systems attempt to be as easy to use and secure as ideal traditional
elections and attempt to eliminate the human errors described in 1.1. This is hard to
achieve, because electronic voting systems need a strong encryption to guarantee
security, integrity and anonymity of the vote. This must be ensured and still result in a
user-friendly application, which is often hard to achieve.
But to assume that traditional elections are completely secure and correct is also
questionable, as we already showed in section 1.1. So, this is a good opportunity to
think about reinventing elections with the help of computers and cryptography.
One of the main advantages of electronic voting systems is the chance to call a
completely verifiable election, which means that all voters are able to verify if their
vote was properly counted and even that the complete election was properly tallied.
Some countries use dedicated voting machines, which are used to place votes in polling
stations. These voting machines are exclusively used for the voting process and can
either tally the votes electronically or create strips of papers with the voter's choice,
which must later be tallied. Usually, it is not possible to verify tallying steps of these
black boxes, because the companies do not provide details about the implementation of
4
their machines; only the main developers have access to the source code and know in
detail, how these machines operate.
After an analysis of 74 voting machines, the Chaos Computer Club (CCC), which is
Europe's largest association of hackers, summarized their results with one short quote:
The CCC observed in 2006 a pilot project in Cottbus, Germany, where voting
machines were used. They explained in their analysis of this election that with these
issues in security and verifiability, voting machines should be banned and not be used
in any election. Missing verifiability led to the prohibition of current voting machines
for elections in Germany. As long as the essential steps of the voting process are not in
public verifiable by a typical citizen, voting machines are forbidden in parliamentary
elections [The09]. These are also the reasons why we do not consider voting machines
in this thesis.
We feel confident that many countries will use electronic vot ing systems in the future
to realize their elections, because this technology could heavily improve the voting
process. Therefore, it is essential to analyze existing systems, learn from their
experiences and try to solve the issues which emerged during their trials, which is the
core of this thesis. We also describe basic approaches to realize a voting system with
clients and servers and give a brief view into a peer-to-peer approach using the
blockchain.
2.3 STRUCTURE
In chapter 2 we define the preliminaries and requirements of a n election. This also
includes some assumptions we had to include to realize a voting system. Since
security, anonymity and integrity must be guaranteed by computers, we have to use
cryptography to solve these issues. The cryptographic primitives used by many voting
systems are described.
5
CHAPTER 3: DESIGN
6
3.2 BLOCKCHAIN
A blockchain carries no transaction cost. (An infrastructure cost yes, but no transaction
cost.) The blockchain is a simple yet ingenious way of passing information from A to
B in a fully automated and safe manner. One party to a transaction initiates the process
by creating a block. This block is verified by thousands, perhaps millions of computers
distributed around the net. The verified block is added to a chain, which is stored
across the net, creating not just a unique record, but a unique record with a unique
history. Falsifying a single record would mean falsifying the entire chain in millions of
instances. That is virtually impossible. Bitcoin uses this model for monetary
transactions, but it can be deployed in many others ways.
7
3.3 ETHEREUM
8
3.3.1 SMART CONTRACT
Smart contract is just a phrase used to describe a computer code that can facilitate the
exchange of money, content, property, shares, or anything of value. When running on
the blockchain a smart contract becomes like a self-operating computer program that
automatically executes when specific conditions are met. Because smart contracts run
on the blockchain, they run exactly as programmed without any possibility of
censorship, downtime, fraud or third-party interference.
9
3.3.3 DECENTRALIZED VOTING SYSTEM STRUCTURE
BROWSER
Front End
HTML , CSS,JS
Node
Node Node
Smart Contract
Node
Block Chain
Ledger
10
3.3.4 USE CASE DIAGRAM
A use case diagram is a dynamic or behavior diagram in UML. Use case diagrams
model the functionality of a system using actors and use cases. Use cases are a set of
actions, services, and functions that the system needs to perform. In this context, a
"system" is something being developed or operated, such as a web site. The "actors"
are people or entities operating under defined roles within the system.
Use Case
Draw use cases using ovals. Label the ovals with verbs that represent the system's
functions.
Actors
Actors are the users of a system. When one system is the actor of another system, label
the actor system with the actor stereotype.
Relationships
Illustrate relationships between an actor and a use case with a simple line. For
relationships among use cases, use arrows labeled either "uses" or "extends." A "uses"
relationship indicates that one use case is needed by another in order to perform a task.
An "extends" relationship indicates alternative options under a certain use case.
11
Use Case Diagram For Decentralized Voting System
12
3.3.6 SYSTEM DATA-FLOW DIAGRAM
A data flow diagram (DFD) maps out the flow of information for any process or
system. It uses defined symbols like rectangles, circles and arrows, plus short text
labels, to show data inputs, outputs, storage points and the routes between each
destination. Data flowcharts can range from simple, even hand-drawn process
overviews, to in-depth, multi-level DFDs that dig progressively deeper into how the
data is handled. They can be used to analyse an existing system or model a new one.
Like all the best diagrams and charts, a DFD can often visually “say” things that would
be hard to explain in words, and they work for both technical and nontechnical
audiences, from developer to CEO. That’s why DFDs remain so popular after all these
years. While they work well for data flow software and systems, they are less
applicable nowadays to visualizing interactive, real-time or database-oriented software
or systems.
13
CHAPTER 4 : SOFTWARE USED
NODE JS
NPM
TRUFFLE
METAMASK
GANACHE
LITE-SERVER
4.1.1 NODE JS
14
could only run in the browser to something you could run on your machine as a
standalone application.Now you can do much more with JavaScript than just making
websites interactive. JavaScript now has the capability to do things that other scripting
languages like Python can do.Both your browser JavaScript and Node.js run on the V8
JavaScript runtime engine. This engine takes your JavaScript code and converts it into a
faster machine code. Machine code is low-level code which the computer can run
without needing to first interpret it.
15
INSTALL NPM
4.1.3 TRUFFLE
INSTALL
16
Figure 4.1.3 (b) : (TRUFFLE)
4.1.4 METAMASK
MetaMask is a bridge that allows you to visit the distributed web of tomorrow in your
browser today. It allows you to run Ethereum dApps right in your browser without running
a full Ethereum node.
MetaMask includes a secure identity vault, providing a user interface to manage your
identities on different sites and sign blockchain transactions.
17
4.1.5 GANACHE
Ganache can use to run tests, execute commands, and inspect state while
controlling how the chain operates.
Ganache is an ethereum client which one can use for Ethereum development.
Ganache can use for the development of DAPP and once it is developed and
tested on the ganache you can deploy your DAPP on ethereum client like geth
or parity.
Ganache allows you to create a private Ethereum blockchain for you to run tests,
execute commands, and inspect state while controlling how the chain operates. It gives
you the ability to perform all actions you would on the main chain without the cost.
Many developers use this to test their smart contracts during development. It provides
convenient tools such as advanced mining controls and a built-in block explorer.
18
4.1.6 LITE – SERVER
Lightweight development only node server that serves a web app, opens it in
the browser, refreshes when html or javascript change, injects CSS changes
using sockets, and has a fallback page when a route is not found.
lite-server is a simple customized wrapper around BrowserSync to make it easy
to serve SPAs.
BrowserSync does most of what we want in a super fast lightweight
development server. It serves the static content, detects changes, refreshes the
browser, and offers many customizations.
19
CHAPTER 5 : CODING
Used Languages:
JAVA SCRIPT
BOOTSTRAP
<html lang="en">
<head>
<meta charset="utf-8">
<!-- The above 3 meta tags *must* come first in the head; any other head content
must come *after* these tags -->
<title>Election Results</title>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media
queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
20
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script>
<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body>
<div class="header">
<nav>
<ul>
<li><a href="index.html">HOME</a></li>
<li><a href="about.html">ABOUT</a></li>
<li><a href="#">GALLERY</a></li>
<li><a href="#">CONTACT</a></li>
</ul>
</nav>
</div>
<div class="hero-image">
<br><br><br><br>
<div class="row">
<div class="col-lg-12">
<hr/>
21
<br/>
<div id="loader">
<p class="text-center">Loading...</p>
</div>
<table class="table">
<thead>
<tr>
<th scope="col">#</th>
<th scope="col">Name</th>
<th scope="col">Votes</th>
</tr>
</thead>
<tbody id="candidatesResults">
</tbody>
</table>
<hr/>
<div class="form-group">
</select>
</div>
<hr />
22
</form>
</div>
</div>
</div>
</div>
<script
src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"></script>
<!-- Include all compiled plugins (below), or include individual files as needed -->
<script src="js/bootstrap.min.js"></script>
<script src="js/web3.min.js"></script>
<script src="js/truffle-contract.js"></script>
<script src="js/app.js"></script>
</div>
<h2>Devloped by Project07</h2>
</div>
<h2>Devloped by Project07</h2>
</div>
</body>
</html>
23
5.1.2 CSS CODE
body, html {
height: 100%;
.hero-image {
height: 100%;
background-position: center;
background-repeat: no-repeat;
background-size: cover;
position: relative;
.header{
position: sticky;
nav{
width: 100%;
height: :80px;
background-color: #0009;
line-height: 80px;
24
nav ul{
float:right;
margin-right: 30px;
nav ul li{
list-style-type: none;
display:inline-block;
transition:0.8s all;
nav ul li a{
text-decoration: none;
color: #fff;
padding:30px;
nav ul li:hover{
background-color: #f39d1a;
web3Provider: null,
contracts: {},
account: '0x0',
hasVoted: false,
init: function() {
return App.initWeb3();
25
},
initWeb3: function() {
App.web3Provider = web3.currentProvider;
} else {
return App.initContract();
},
initContract: function() {
$.getJSON("Election.json", function(election) {
App.contracts.Election = TruffleContract(election);
App.contracts.Election.setProvider(App.web3Provider);
App.listenForEvents();
return App.render();
});
},
26
listenForEvents: function() {
App.contracts.Election.deployed().then(function(instance) {
// https://github.com/MetaMask/metamask-extension/issues/2393
instance.votedEvent({}, {
fromBlock: 0,
toBlock: 'latest'
}).watch(function(error, event) {
App.render();
});
});
},
render: function() {
var electionInstance;
loader.show();
content.hide();
web3.eth.getCoinbase(function(err, account) {
App.account = account;
27
$("#accountAddress").html("Your Account: " + account);
});
App.contracts.Election.deployed().then(function(instance) {
electionInstance = instance;
return electionInstance.candidatesCount();
}).then(function(candidatesCount) {
candidatesResults.empty();
candidatesSelect.empty();
electionInstance.candidates(i).then(function(candidate) {
var id = candidate[0];
candidatesResults.append(candidateTemplate);
candidatesSelect.append(candidateOption);
});
28
5.1.4 INITIAL MIGRATION CODE
module.exports = function(deployer) {
deployer.deploy(Migrations);
};
module.exports = function(deployer) {
deployer.deploy(Election);
};
contract Election {
// Model a Candidate
struct Candidate {
uint id;
string name;
uint voteCount;
}
// voted event
event votedEvent (
uint indexed _candidateId
);
constructor () public {
addCandidate("Candidate 1");
addCandidate("Candidate 2");
}
29
}
contract Migrations {
address public owner;
uint public last_completed_migration;
modifier restricted() {
if (msg.sender == owner) _;
}
constructor () public {
owner = msg.sender;
}
30
CHAPTER 6 : SNAPSHOTS
31
6.3 FRONT PAGE
32
6.4 ABOUT PAGE
33
6.6 START METAMASK
34
6.7 SET RPC SERVER
35
6.9 VOTE
36
6.11 RESULT
6.12 RESOURCES
I know, it’s a lot You might have this article open for a while as you slowly develop this
application and really understand what’s going on. But that’s learning! Please
supplement this guide with all the documentation from Ethereum, Truffle, and what I
have provided below. I’ve tried to hit many of the key points in this article, but it’s just
a brief overview and these resources will help a lot.
Web3 Javascript API - this will be great to know and reference, but Truffle
Contracts abstracts many parts of this
Ethereum Docs - look to the side bar and there’s plenty of stuff
CryptoKitties Code Explanation - The writer goes through the important parts of
CryptoKitties’ Smart Contract
37
CHAPTER 7: CONCLUSION
In this thesis we describe and analyze the general structure of the biggest internet
voting systems being used so far. Many countries are involved in the development of
secure electronic voting systems and we could therefore pick the most relevant around
the globe, which were practically used or were supposed to be used in parliamentary
elections. Our analysis starts with the description of the cryptographic primitives over
the complete voting process up to the security flaws each system has.
Each analyzed system is unique in the way it solves the problems of electronic voting.
All aim to be secure, anonymous and trustworthy so that the eligible users are ready to
participate via Internet in the election. With the knowledge we gained during the
analysis of existing systems and their failures, we construct a theoretical end-to-end
verifiable electronic voting system, which fulfills more preliminaries than the real-
world e voting systems from chapter 4. Our system also aims to eliminate many of the
original system's flaws or at least reduce them. The construction chapter can be used as
a template to implement a voting system, which fulfills most of the preliminaries.
Our contribution to this topic is a modified version of the proof-of-stake, which makes
it possible to construct a secure blockchain without needing masses of computational
power to discover the specific hashes needed for the proof-of -work, which are used by
the Bitcoin protocol. This even allows small devices, like smartphones, to participate in
the network to ensure the blockchain's integrity. It can be easily implemented as a
small application, which keeps the voter's device online to work as a full node in the
blockchain-based peer-to-peer voting system. Electronic voting systems should only be
used when there are no concerns about their security. These issues might be solved in
the next years and there are many promising publications in this field, but they are
temporarily not adaptable due to their usability. Building applications on Ethereum is
pretty similar to a regular application calling a backend service. The hardest part is
writing a robust and complete smart contract. I hope this guide helped you understand
the core knowledge of decentralized applications and Ethereum and will help you kick-
start your interest in developing them.
38
If you’d like to build off of what we’ve built, here are some ideas. I’ve actually written
the smart contract in such a way that it’s easily implemented with everything I’ve given
you in this guide.
Ask and store more information about a User, such as their date of birth and
home address.
Write a new smart contract function that counts the votes for BOTH
candidates at once. Currently, we have to make two separate calls for two
candidates, requiring the contract to loop through all the Users twice.
Allow new Candidates to be added. This means adding a new form to add
Candidates, but also changing up a little on how we display and vote for candidates
in the frontend.
Require Users to have an Ethereum Address to vote. My logic for not including
user addresses is because voters wouldn’t be expected to have Ethereum to
participate in this voting process. However, many DApps will require users to have
an Ethereum Address.
Also, here are some tips that could prevent some roadblocks from happening:
Double and triple check your smart contract functions when something weird is
happening. I spent a couple hours on a bug to figure out that I returned the wrong
value in one of my functions.
Check whether your URL and port are correct when you connect to your
development blockchain. Remember: 7545 is for truffle develop and 9545 is for
39
Ganache. These are defaults, so if you can’t connect to your blockchain, you
might’ve changed them.
I didn’t go over this because this guide would’ve been too long and I probably will
make another post on this — but you should test your contracts! It will help a lot.
If you aren’t familiar with promises, go through how they work and how to use
them. Truffle Contracts uses promises and the beta for web3 will also support
promises. They can, if you do them wrong, mess up a lot of the data you’re
retrieving.
40
7.1.3 USABILITY ANALYSIS
Several voting schemes have been published, which aim to solve the last issues in
electronic voting. These systems are mostly too complicated or have a very bad
usability experience, like Civitas. This is one reason why they are not successful and
are not used for real-world elections.
Usability is a very important point: if the voters do not understand how to use the
voting system, they will not try it. Therefore some guidelines should be designed to
simplify
7.1.4 IMPLEMENTATION
Theoretical systems have the advantage that they solve all issues in theory, but it is not
possible to evaluate them in real elections. Therefore, this system needs to be
implemented for a real comparison with the other big voting systems. There will also
be a button that counts and displays the number of votes per candidate.
This way, we will be able to focus the process of creating and interacting with the smart
contracts within an application. The source code for this entire application will be in this
repository, and you will need to have Node.js and npm installed. For any
application, you want your smart contracts to be as simple as possible, even stupidly
simple. Remember that you have to pay for every computation/transaction you make,
and your smart contracts will be on the Blockchain forever. So, you really want it to
work perfectly––meaning, the more complex it is, the easier it is to make a mistake.
41
CHAPTER 8: REFERENCES
1. Zyskind, G., et al.: Decentralizing privacy: using blockchain to protect personal
data. In:Security and Privacy Workshops (SPW), pp. 180–184. IEEE (2015).
2. Kosba, A., et al.: Hawk: the blockchain model of cryptography and privacy-
preserving smartcontracts. In: IEEE Symposium on Security and Privacy (SP),
pp. 839–858. IEEE (2016).
3. Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979).
6. Nair, D.G, et al: An Improved E-voting scheme using Secret Sharing based
Secure MultipartyComputation. arXiv preprint arXiv:1502.07469 (2015).
42
43