🇨🇦 Canadian Digital Blockchain Infrastructure (CDBI) Technical Blueprint

Source: Canadian Digital Blockchain Infrastructure - Complete Technical Blueprint

1. Executive Summary: Core Innovation

The CDBI is a blockchain-based voting infrastructure that replaces paper ballots with cryptographically secure, publicly verifiable digital votes. The system uses physical kiosks (CDBI AVMs) deployed at traditional polling locations.

The Core Innovation is separating voter identity from vote content using public-key cryptography while maintaining a publicly auditable blockchain ledger. This provides both ballot secrecy and complete transparency, solving the fundamental tension in electoral systems.

2. System Architecture Overview

The system is organized into five high-level, integrated components:

Component	Function / Location	Key Technologies
Voter Interface	CDBI AVM Kiosk at Polling Station	Touchscreen, HSM, Encrypted SSD
Identity Layer	Verification of voter eligibility (CRA Integration)	SIN Verification, Zero-Knowledge Proof
Encryption Layer	Ballot Anonymization	Public Key Cryptography
Blockchain Ledger	Immutable record of votes	Distributed Consensus (Proof of Authority), 50+ Independent Nodes
Public Transparency Layer	Real-Time Dashboard for auditing	Web Application, Automated Tallying

3. CDBI AVM (Automated Voting Machine) Specifications

3.1. Hardware and Physical Security

Form Factor: Enclosed kiosk similar to bank ATM.
Display: 24" touchscreen (minimum $1920\times1080$ resolution).
Accessibility: ADA-compliant with wheelchair accessibility; Headphone jack for audio-assisted voting; Optional integrated biometric option (fingerprint).
Internal Components: Industrial-grade embedded system (ARM or x86), Encrypted SSD with local vote cache, Dual connectivity (wired Ethernet primary, LTE backup), UPS backup (4 hours minimum).
Security Features:
- Hardware Security Module (HSM): Used for cryptographic operations.
- Anti-Tamper: Tamper-evident seals, locked chassis, and tamper-detection sensors.
- Air-Gapped Boot: Cannot be remotely compromised during voting.
- Audit Log: Write-once, immutable record of all interactions.

3.2. Software Stack

Operating System: Hardened Linux distribution (Debian or Ubuntu LTS) with full-disk encryption (LUKS) and a minimal attack surface.
User Interface: React-based touch interface.
- Supports multi-language (English, French, Indigenous languages).
- Includes accessibility modes: High contrast, large text, audio narration.
- Average vote time: 60-90 seconds (faster than paper).

4. Kiosk Application Flow and Cryptography

4.1. Kiosk Application Flow

Welcome Screen: Language selection and prompt to "Enter your SIN to begin".
Identity Verification: API call to CRA verification service, checks voter eligibility database, loads riding-specific ballot.
Ballot Display: Shows candidates, party affiliations and photos, and optional "Learn More" info button.
Vote Confirmation: Displays selected candidate and warning: "Cannot change after confirmation".
Cryptographic Processing: Generates unique ballot ID, encrypts vote content, signs with kiosk's private key, and submits to blockchain.
Voter Confirmation Screen: Displays ballot ID (e.g., CDN-X7K9PL2M), timestamp, and confirmation that the vote was recorded. Optional: Print receipt.
Reset: Returns to welcome screen (60-second timeout).

4.2. Vote Encryption Process (Security Model)

This process ensures transparency (public can see a ballot exists) while maintaining privacy (public cannot see the vote content).

User selects a candidate (e.g., "Mike Doe - Conservative Party").
Kiosk generates unique ballot ID (e.g., CDN-X7K9PL2M).
Vote content is encrypted with AES-256.
Plaintext: {"candidate": "Mike Doe", "party": "Conservative"}

Encrypted: 0xABCDEF123456789... (gibberish without decryption key)
Kiosk signs the encrypted vote with its private key (proves legitimacy and prevents fake ballots).
The signed, encrypted vote is submitted to the blockchain with the Ballot ID.

5. Identity Verification Layer

5.1. CRA (Canada Revenue Agency) Integration

The CRA is used because Canadians already trust them with sensitive data (taxes), they have existing infrastructure for SIN verification, and they provide real-time API access to verify identity.

CRA Validation Checks:

SIN is valid and active.
Person is 18+ years old.
Person is a Canadian citizen.
Person is alive.
Person has not already voted in this election.

5.2. Privacy Protection

The SIN is hashed before being recorded on the blockchain.
The actual SIN is never stored in the voting database.
The CRA API uses zero-knowledge proof (confirms eligibility without revealing identity).
The link between identity and ballot ID is cryptographically severed after the vote is cast.

5.3. Voter Eligibility Database

Maintenance: Maintained by Elections Canada, updated from CRA data.
Structure: Contains SIN hash, riding, and eligibility status.
Function: Real-time sync across all kiosks prevents double-voting (voter marked "voted" after first ballot).
Security: Database is read-only for kiosks, encrypted at rest and in transit (TLS 1.3), and distributed across multiple secure servers.

6. Blockchain Architecture

6.1. Consensus Mechanism: Proof of Authority (PoA)

PoA is used instead of Proof of Work (PoW) or Proof of Stake (PoS) for the following reasons:

Speed: Blocks are confirmed in seconds (not minutes).
Energy Efficient: No wasteful mining computation.
Controlled Validators: Trusted institutions run the nodes.
Finality: Votes are irreversible once confirmed.

6.2. Validator Nodes (Authority Nodes)

A minimum of 50 independent nodes are distributed across key Canadian institutions.
Distribution Examples: Elections Canada (primary authority), Provincial election bodies (10 nodes), Universities (15 nodes - UBC, Waterloo, etc.), Independent auditing firms (10 nodes - PwC, Deloitte, etc.), Civil society organizations (10 nodes), and International observers (5 nodes - UN, OAS, etc.).
Requirements: Must be publicly identified (no anonymous validators), must run open-source CDBI software, must have 99.9% uptime SLA, and must undergo annual security audits.
Removal: A compromised validator can be removed by a $2/3$ vote of the other validators.

6.3. Cryptographic Security

Component	Algorithm / Key Property	Details
Ballot Encryption	AES-256-GCM (symmetric encryption)	Vote content is made illegible without the decryption key.
Signatures	ECDSA with secp256k1 curve (same as Bitcoin)	Used to sign votes and prove legitimacy from a registered kiosk.
Hashing	SHA-256 (industry standard)	Used for voter SIN hash (cannot reverse) and block chain integrity.
Key Management	Unique Key Pair per Kiosk	Private Key stored in HSM and never leaves kiosk; Public Key is on blockchain for verification.

The blockchain provides **immutability**, **transparency**, and **auditability**. Finality is achieved once $51\%+$ validators sign a block.

7. Real-Time Tallying and Public Transparency

7.1. Automated Tallying System

The automated system eliminates the delay and lack of transparency associated with traditional manual counting.

Vote submitted to blockchain $\rightarrow$ 51%+ validator nodes confirm (<5 seconds) $\rightarrow$ Vote permanently recorded $\rightarrow$ Automated tally updates immediately $\rightarrow$ Public dashboard refreshes in real-time.

New votes are tallied within 5 seconds, and the public dashboard refreshes every 2 seconds.

7.2. Public Transparency Dashboard (`transparency.cdbi.ca`)

This publicly accessible web application enables real-time auditing:

Live National Map: Interactive map of Canada showing each riding colored by the leading candidate, real-time vote counts, and turnout percentages.
Riding-Level Detail: Displays current vote totals by candidate, bar chart visualization, and turnout stats.
Vote Verification: Voters can enter their unique **Ballot ID** to personally verify their vote's inclusion.
- Verification Result Confirms: Ballot ID found on blockchain, vote recorded time, riding counted in, status is Finalized, block number, and validator signatures confirmed (e.g., 52/50).