In part 1 and part 2 we showed two schemes supporting liquid democracy. Scheme Mixnet/Mixnet combined results from two tallies to obtain each election result. Scheme Homomorphic/Mixnet differed from Mixnet/Mixnet in that the tally of votes for delegates (votes to delegates) and delegate votes (votes by delegates) was done homomorphically, for example through additively homomorphic ElGamal. This allowed the accumulation of delegate weights to occur in ciphertext space, retaining higher levels of privacy.
Continuing the theme of operating in ciphertext space we have the FH scheme; which stands for Fully Homomorphic. The possibility of using fully homomorphic encryption was suggested to me by Sandra Guasch when discussing liquid democracy at a crypto conference. In a fully homomorphic encryption scheme it is possible to compute arbitrary functions on encrypted data. For this reason some consider fully homomorphic encryption to be the holy grail of cryptography, opening the door to all sorts of applications where third parties can process information without access to its contents.
In the FH scheme below we use a fully homomorphic scheme that supports both addition and multiplication (in contrast to ElGamal which can only be one of the two at the same time). From these two primitive operations it is possible to perform arbitrary computations on encrypted data. In our case it turns out that addition and multiplication are exactly the two operations required for a liquid tally.
Above, all boxes contain double borders indicating encrypted content. We can see therefore that all tally operations occur in ciphertext space. Only when the encrypted data has been processed to result in the final tally is it encrypted. There is also an optional arrow to decrypt delegate votes as a mechanism for voters want to monitor that their choices, to keep them honest. The sequence of operations is
- the votes for delegates are added to result in delegate weights,
- these are then multiplied by delegate choices, and
- finally combined with direct votes.
All these operations are carried out homomorphically on encrypted data. This scheme achieves the maximum level of privacy, capable of maintaining privacy even for delegates’ votes. In practice this is not really a benefit as it’s generally desirable for delegate’s to cast their votes in public to maintain transparency and trust. Moreover, unlike the previous two schemes, this scheme is not practically viable. As of this writing, fully homomorphic encryption is still experimental and prohibitively inefficient. Nonetheless we chose to include it as an interesting possibility that fits in well with liquid democracy.
We wrote a demo, FHLD, using Victor Shoup’s HELib library that implements the fully homomorphic crypto scheme we referred to before. The demo is available here. Be advised that the FHLD internals are experimental and the code that deals with HElib is somewhat cryptic.
In this series of posts we have seen three schemes that support secure liquid democracy. Below is a table that sums up the main properties of each
While the last scheme is mostly of theoretical interest, the first two can be implemented today using standard cryptographic techniques. There is thus no fundamental barrier to the use of liquid democracy tools with support for privacy as well as verifiability.