Table of Contents
SPEECH TITLE: Timestamping an election with Bitcoin (Guatemalan example)
SPEAKER: Peter Todd
CONFERENCE: Surfin’Bitcoin 2023
I’m going to talk to you about timestamping an election with Bitcoin, what timestamping is, what it’s useful for, where this comes in and how do you get involved with timestamping election. In this case, this was the recent Guatemalan elections.
What is a timestamp?
A timestamp is carbon dating for data. I don’t know how many people are archaeologists in this room, the whole purpose of that is to say, hey, I have this artifact, I want to know how old it is. Carbon dating for things involves carbon isotopes and all kinds of magic science but the equivalent for data involves a whole bunch of other magic called Bitcoin. Basically, it’s saying: “I can prove that this piece of data existed in the past”. I can’t prove when exactly that data was created but I can at least say: “hey, prior to this point in time it was created somewhere before that”.
It’s a time machine and last I checked the bad guys don’t have one. And what’s nice about this is what if you can rule out when an attack could have happened. Very frequently you can say: “this thing was created prior to when that attack happened”, thus it’s impossible. There’s a lot of examples where this is useful, of course an election is one of them and I’ll get to that later but in Bitcoin core itself we actually use OpenTimestamps to timestamp digital signatures on the source code as well as on release artifacts like binaries. Why is this useful? Think about it, a digital signature is a private key and a public key, and the private key is used to do some crypto magic and sign something but if that private key gets stolen or leaked, you have no way of knowing if the signature is valid but usually, you can figure out roughly when that might have happened and the timestamps that we now use on these digital signatures tell you: “hang on a second that digital signature is still valid because it was created a year ago” and we’re pretty sure the keys got stolen six months ago, simple as that. It’s a very useful thing to have, Bitcoin Core does it, LND is another example, I think Wasabi is beginning to use it, OpenTimestamps does this, that’s your use case.
How does a Bitcoin timestamp work?
You don’t have to understand a lot of the details but I want to give some impression of how it works. OpenTimestamps breaks up this process into what I call commitment operations, and importantly, a hash function, an example of commitment operation, but the idea is more general. It is a proof that some message existed prior to some other message and if you can chain those proofs eventually you can reach something where you’re sure with when it was created.
Trivial commitment operations
The simplest example of commitment operation is append and prepend. If my operation is to say: “whatever the message is, put some fixed thing in front of it”, the output of that operation (since it includes input) is obviously proof that the input existed prior to the output. It’s a very trivial proof but it is still proof and you do that and you get ‘Hello World’.
As we all know, hash functions are used in Bitcoin and what makes them interesting is that they have this input-output relationship where the input can be any size and the output is a number chosen at random, but the number is always the same for the same input, and the important thing is that number is fixed size but it’s big enough that finding two inputs that map to the same output is completely infeasible. It’s like trying to win all the lotteries simultaneously in all simultaneous parallel universes, it’s a very big number. We know that there exist inputs to SHA-256 that collide, that has to be right. The number of inputs exceeds the number of outputs, there must be collisions, yet humankind does not have access to enough energy to find them because 2^256 is a very big number. And if you know a little bit more math, you might say, 2^ 128 is also a very big number but that’s kind of beyond what I think you need to know. The important thing is that’s another example commitment operation, if I have a hash and I know the message, that is proof that the message existed prior to the hash. How do you string all this together? We use something called OpenTimestamps.
OpenTimestamps is an infrastructure that makes all this usable in reality. It’s all well and good to have commitment operations but you want to type OTS stamp, you want a proof, go soft to Bitcoin. Well, how does this all happen in the hood? First of all, OpenTimestamps is a centralized project, you’re relying on a couple servers that promise to do timestamping for you and they build Merkle Trees of all this stuff which in practice means you get a whole string of commitment operations all the way to a Bitcoin block header and Bitcoin block headers have a date in them and OpenTimestamps proves the relationship between your data and that date.
Timestamping an election
This is a ballot from Guatemalan presidential election. Guatemala being a somewhat poor country with many literate people it has the photos of who you’re voting for on there but it’s like any paper ballot system, it’s a piece of paper, you go show up to a voting booth, you do your x on it and you put it in the box (pretty obvious stuff). And paper ballots are the only way to go in government elections, like, if you need an expert like me to explain to you how your democracy works, it doesn’t work.
What happens next? We have polling stations all around the country, we put a whole bunch of paper in ballots, well, someone’s got to take those pieces of paper out and count those ballots. This is a wonderful example of double spends here when you vote, you put ink on your finger and good luck washing that ink off and they have a wonderfully explicit set of rules, if you don’t have this finger, if it’s been amputated, you use this finger and so on, a lovely low-tech way of making sure no one votes twice.
So we have a bunch of ballots and boxes. What do we do? A bunch of human beings, with a whole bunch of other human beings looking at them rather intensely because they’re from all the different political parties, you take these ballots out and you count them, right? Simple as that.
Well, we create a sum sheet of how many votes were in every one of these ballot stations for every candidate, and this particular sum sheet, if I understand correctly, was from the first round of Elections which is two months ago, and the more recent one was, there were two runners off and you had to pick between the two, but it’s a pretty simple system, you get a whole bunch of sheets of paper. Now, the more tricky thing is now they have a bunch of sheets of paper, what do you do with that, right? Because it’s like 10,000 different polling stations have one of these sheets of paper attached, or 100,000 or something like that, it’s a very big number. This is where the digital stuff comes into play. Now that we’ve done the initial paper counts, they want the system to go and actually report results reasonably quickly, preferably the night of the election. That’s where my client, Simple Proof, comes in, as well as a whole bunch of other IT contractors, and you scan those pieces of paper in, send it up to yet another system for further tallying, right? Because if you have like 100,000 of these pieces of paper, well, you’re going to have multiple different sums adding all that up and that’s exactly how it works.
And I should point out because this is paper, this does happen at multiple levels, the system I was involved with was purely the digital upload to the database system. There’s also a separate set of counties who would then manually do recounts, but that’s a much slower process, some of it’s literally calling people over the phone and reporting results, right? But that’s the first bit.
Well, this is the actual thing we timestamped that system where we literally scan in these pieces of paper at the polling stations, that was the trigger for… they get scanned in, ideally they would have been time-stamped right at the device but long story short that couldn’t happen, but when they get sent to the central database, that’s when the timestamp gets applied.
What does all this look like? Well, that’s a photo of me at election Central in Guatemala City. You can’t see it on there, but I actually did have an official government contractor elections ID, which is hilarious because I’m not sure if I was actually in the country legally, I’m not quite clear if I could work there but it’s Guatemala and that’s a good example. It’s a huge room with hundreds of people, representatives from all like 50 parties, they have, media, even like the volunteer firefighter departments showed up and had booths, it’s an entire party, it’s totally ridiculous. And, here I am at the front with my clients looking at everything happening. One of the things that did happen is, well, let’s face it, it’s an election, you’re going to have a whole lot of ceremony and other silliness.
Well, that was the actual moment when they decided to initialize the database. I wish I could give you a video of it, it’s truly ridiculous because you get all the major representatives of political parties sitting up on stage a dozen cameras on them and they type some stuff into a computer and say, ‘Alright, now we’re resetting the database to zero and starting from this point all of the scanned in ballot summary documents will start coming in and then we’ll start adding them up in the database.
What’s on that screen? That was them timestamping that official election has started document with OpenTimestamps, waiting for a Bitcoin confirmation. Some bright guy in the government figured, ‘Hey, we know we could use this to make the whole thing look super official,’ right? Eventually, someone gave them the hints like, Bitcoin can take a while to confirm. Also, the way OpenTimestamps works is, if you know a bit about Bitcoin, you know about reorganizations. Well, I’m kind of a lazy programmer, so I set up OpenTimestamps so that it waits for five confirmations before it ever adds anything to the database. So they were going to be waiting there for like an hour. All that kind of happened, a whole bunch of stuff came in and I don’t know if you’ve seen elections, you kind of wait around forever and eventually, we wound up leaving at 6:00 a.m., waiting for the final ballots to come in.
This is where things get interesting. We find out that the Guatemala City ballots are not coming in. It’s like all of the city mysteriously waited like eight hours to submit their ballots, where everything else came in in like 30 minutes.
I’ll preface this all by saying, I personally deliberately did not look up much details about Guatemala’s politics or its election system. I’m a contractor. My job is to go explain honestly how OpenTimestamps work, convince people it works, and not take sides. I’m not here to say who should have won. I’m here to say how things worked.
And through the magic of crypto, as well as just tons of observers, we can say that suspiciously, the party that was unexpectedly losing for the Guatemala City area, the ballots just took a very long time to get submitted to the system. Funny about that. We can also say that there were many people, who claimed to observe the ballot boxes getting taken away for a couple of hours and then returned. Very suspicious. We can also say that when the ballots were returned, a lot of those polling stations were crossed out, and new numbers written. Gee, I wonder why that would have happened.
From what I hear, the party who is losing unexpectedly are corrupt as fuck and it’s interesting what they were trying to do, allegedly, was not to throw off the election because they didn’t have the ability to. Remember this paper ballot system, right? There’s many checks and balances, there’s many observers, there’s many systems. What they were actually doing was saying, ‘Hey, the election is definitely thrown off here, right? These numbers in this particular location are totally unreliable, nudge, nudge, wink, wink. Why don’t we redo the whole election?’ I found this New York Times article interesting because if the election did succeed, Guatemala will have lost the battle for democracy. And New York Times very carefully wrote this article to gloss over the fact that there was election fraud, absolutely clear proven election fraud. And the reason why there was election fraud was to try to get their election redone. They’d like to say, ‘Oh, no, no, the results were good,’ They wanted the results to be provably wrong. Of course, it’s an interesting question for me and my client, well, how do we fit in all this?
What did OpenTimestamps actually achieve?
OpenTimestamps is just one of many layers of auditing in a system like this. When you have like 100,000 ballot boxes that you’re summing up, there are a lot of people on the ground, literally hundreds of thousands of people actually observing this whole process at many levels. And to compromise all that cleanly, you have to compromise all those people. That’s not going to happen. But what timestamping did do is it was able to give yet another level of auditing, saying very clearly, ‘Hey, all these pieces of paper that we scanned in we have this massive database of 100,000 pieces of paper, and the blocks they were timestamped in in nearly all cases were very close to when you would expect. On top of that, remember what I said about how Bitcoin blocks have dates in them, and the times are kind of dodgy? Well, I also had a separate parallel system to timestamp Bitcoin blocks with something called Roughtime, which is trusted, and that goes back to Cloudflare and so on, that’s a whole another thing.
But important thing is that’s Bitcoin blocks are widely witnessed. Many people could go through all this evidence and say, ‘Hey, for all these cases, this is roughly when these documents were scanned in, and these other cases were hours late.’ On top of all that, I should point out there’s also a subset of cases where, for instance, polling stations were mysteriously burnt to the ground. But that seems to be more like local politics where people are just angry at the fact there was an election and stuff like that.
But big chunk of stuff coming in late leaves an interesting question: how useful is timestamping really? An argument I always make with timestamping is it’s dirt cheap. OpenTimestamps, because it scales, because it does not put one timestamp per Bitcoin transaction, you can add it essentially anything for no more effort than a programmer spending a couple of hours and saving roughly a kilobyte of data, why wouldn’t you do that if you had a database?
It isn’t always useful but the effort required to do this is very low. In the case of this election, even taking into account government contracting and all that silly nonsense, I’m sure they spent less than like 100 grand on it, including a pile of software and other stuff. That’s a lot less than the cost of everything else in the election. Remember that big room I was in, there were people running around with UN and all kinds of organizations who were obviously flown in at great expense and filled up the hotel next door. Elections are expensive. This little additional bit of security was really cheap.
The election was done in very similar format in much of Central and South America, right down to the details of what they call the different parts of organizations that do this. And my client would love to apply OpenTimestamps elsewhere. I’d also love to get a little more security. Remember when I said they had a big database? Well, one thing we couldn’t really do is say what is the full set of documents. Currently we’re not really in a position where you could easily download all of those 100,000 sum sheets. That’s still hard. In the future, we’d like to put that on a Git-repo which be timestamped, of course. But if it’s in a Git-Repo, you can just do Git clone and instantly get access to this.
There are some third-party efforts who are trying to do that kind of recounting of the ballots. Remember how I said, we have a system for counting, that system for counting is itself potentially vulnerable. I mean, did people actually write down the numbers correctly? We don’t know. You do that by getting raw access to the data and recomputing all that. I wish I could tell you a little more about some of the details of efforts there, but this was a very ugly process. I had my clients hiring security guards and bodyguards just to protect them. I would have been in Guatemala a couple of days ago, but they told me, ‘Well, there’s a non-zero chance we get arrested over this because the country is corrupt and the ruling party who lost is not very happy that they lost. So we’ll kind of have to see how things go, but who knows, maybe this will happen again, maybe it won’t. If anyone wants to give a call to people in El Salvador, surely they should have been the first to timestamp their election with Bitcoin.
Disclaimer: Transcripts provided on bitlyrics.co represents solely the opinion of the speaker and is not by any means financial/legal advice or an opinion of the website. The content has been transcribed with maximum accuracy. Repetitions and fill words have been amended in order to enhance the reading experience. The full text may not be confirmed by the speaker. Please, refer back to the above-provided source of content for more certainty. If you are a speaker and wish to confirm/amend your speech please contact us.