Ultra Redundant Data Backups
What if someone could rm -rf
all of the votes from an election?
To further ensure the reliability of SIV elections, we can add additional highly redundant vote storage systems. A storage solution with no-single-point of failure can protect election data from loss, while also maintaining accessibility and accurate results.
Two such promising solutions are Storj (opens in a new tab) and Filecoin (opens in a new tab). Both are decentralized, open-source cloud storage platforms that leverage peer-to-peer networking to provide ultra-redundant backups. These resemble existing cloud storage solutions such as Amazon S3, but with orders-of-magnitude higher levels of redundancy, yet still at reasonable prices.
A solution like this can provide a robust and ultra-redundant backup option to address concerns about data loss, such as if an attacker was first able to compromise key election servers, then attempted to delete all votes in the middle of an election with a command like rm -rf
.
The following are key arguments in favor of adding such decentralized storage backups:
-
Additional backups only: These storage options can serve as additional redundant backups, not the primary storage, such that even if something goes wrong with them, the overall health of the system is no worse than if they had not been added in the first place.
-
Decentralized storage: A decentralized approach eliminates single points of failure and distributes data across numerous nodes in the network. This makes it extremely difficult for an attacker to target all records of votes simultaneously.
-
Data encryption: When a vote is cast, SIV already encrypts it to protect the private vote content. Adding additional storage has no adverse effect on privacy, because the SIV design does not assume encrypted ciphertexts are private.
-
Real-time redundancy: These decentralized architectures allow for real-time redundancy, meaning that as soon as a vote is cast and stored on the network, massive redundancy is achieved instantaneously. This ensures that even in the event of an attack or data loss, the system can quickly recover all votes cast so far, and maintain the integrity of the election data.
-
Network health monitoring and self-healing: These networks constantly monitor the health of their networks, identifying and automatically replacing any failed or unresponsive nodes. Using erasure coding (opens in a new tab), a large buffer of additional nodes above the minimum necessary redundancy can be maintained. This ensures the desired redundancy level is always maintained, and any potential weaknesses are addressed promptly.
In summary, these decentralized storage solutions — combined with encryption, real-time redundancy, and network self-healing — can provide a robust and ultra-redundant backup system for Secure Internet Voting, making the risk of vote data loss far less likely than analogue paper systems can possibly offer.