As Blockchain technology continues to mature, some of the use cases that were conceived few years back are now becoming a reality. One of them is voting. As contentious as it may sound, it is a reality now. This post covered the story behind a secure voting platform powered by Fluree.
This post was originally published on Fluree.
The International Islamic University of Malaysia, a public university in Malaysia, organized its first ever student union last month during the midst of the pandemic. With the unique challenges presented by the 2021 remote era, the university needed to procure a digital solution that could power a secure and fair election.
With Fluree’s system in mind, Marzex.tech responded and won the contract. Led by founder Marzouq Abedur Rahman, Marzex.tech proposed a digital platform would use Fluree’s backend to register identities, facilitate private voting, and thwart efforts to unfairly tamper with the election.
Secured Voting Powered by Fluree
When it comes to digital voting, security and privacy are essential features. Every vote must be accounted for, secured, and private. Fluree’s data-centric architecture allowed Marzex.tech to build these features directly into the platform without stitching together disparate software.
In the Fluree system, every user transacts and queries as a unique identity. Marzex.tech took advantage of this framework: students registered onto the voting platform using their student IDs, which generated a unique private key in the Fluree system. The platform simply used Fluree’s HTTP API endpoint to automatically sign voters’ transactions with their unique private key. With this framework, Marzex.tech could prove the legitimacy of every voter in the system and consequently enforce one-vote-per-user via identity matching.
Fraud Prevention Via SmartFunctions
If you are familiar with the distributed ledger space, you may recall how Blockchain fixes the “double-spend” problem, in which a user attempts to spend a balance of cryptocurrency more than once. Marzex.tech’s platform similarly prevented a “double-vote” problem using Fluree’s SmartFunctions. Using a simple SmartFunction set embedded into the data schema, the platform was able to identify and invalidate thousands of attempted duplicate votes.
Another set of SmartFunctions rejected users who did not qualify to vote, as well as users attempting to vote as other identities. Again, these fraud prevention capabilities were the result of a combination of provable identities via Public/Private Key Cryptography and Fluree’s SmartFunctions.
Traceable, Immutable Data
Marzex.tech used Fluree’s immutable ledger to bring overall trust and traceability to the voting process. Every transaction (vote) was tied to a provable identity (as per the above), time-stamped, and cryptographically tied to the immutable database. The system used Fluree’s SHA3-256 hashing capabilities to automatically prove out the provenance, unique identity, and legitimacy of every transaction in the system.
Pairing this traceability with privacy, root access to the system was only given to the election commission, but a separate base “admin” role was created for administration. The base admin role would not give anyone – including Marzex.tech – the ability to query or edit any user or ballot in the system, keeping the vendor out of the process.
3 Month Time-to-Value
Marzex.tech had 3 months to build the platform, pass multiple audit checks, and deliver the operational solution to 30,000 voters. Because Fluree consolidates data audit, verification, and security into the data layer, quality checks were quickly passable, according to Marzouq:
“Our solution met the security and audit standards quickly and efficiently, which allowed us to cut most of the issues associated with software QA out of the picture. At each audit stage, we were able to show how bringing security into the data infrastructure lessened potential attack surfaces and patterns. We could also independently prove that information in our system could not possibly have been tampered with, and that each transactional vote could be tied to unique identities.”
Marzouq Abedur Rahman, Founder @ Marzex.tech
The platform was well-received by the election committee. Muhammad Fiqri bin Mohd Shuib, the Chairman of the IIUM Student Union Election Commission, issued a written statement about the software:
“I am the person who is responsible in overseeing the entirety of the electoral process, especially in the development of IIUM’s e-voting management system, iTasweet. Overall, the process of nomination, canvassing, polling and poll counting were made easier and more efficient thanks to the software that had been developed by Marzex. The counting procedure that was supposed to take around 12 hours to finish is now instantaneous. Not to mention, the security measures that have been put in place by Marzex ensure that the system is foolproof.”
Muhammad Fiqri bin Mohd Shuib, Chairman of the IIUM Student Union Election Commission
Future-Proofed for Years to Come
As a result of the platform’s success, the Student Union is set to use the system for their future elections as well. Marzouq noted that Fluree’ data-centric architecture provided them with a flexible framework on which they can build and iterate over time:
“Our voting system will most likely need to change over time, including evolving front-ends. Fluree’s flexibility and data-centric architecture allowed us to build a flexible system that could power multiple iterations of applications over time without having to rip-and-replace every time a requirement or feature was added or modified.”