sortifal/CIA
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
CIA/e-voting-system/.claude/POA_ARCHITECTURE_PROPOSAL.md
E-Voting Developer 3efdabdbbd fix: Implement vote check endpoint in frontend API proxy 
- Created `/frontend/app/api/votes/check/route.ts` to handle GET requests for checking if a user has voted in a specific election.
- Added error handling for unauthorized access and missing election ID.
- Forwarded requests to the backend API and returned appropriate responses.
- Updated `/frontend/app/api/votes/history/route.ts` to fetch user's voting history with error handling.
- Ensured both endpoints utilize the authorization token for secure access.
2025-11-10 02:56:47 +01:00

15 KiB
Raw Permalink Blame History

Proof-of-Authority Blockchain Architecture Proposal

Executive Summary

I've created a comprehensive OpenSpec proposal to refactor the e-voting system from a simple in-memory blockchain to a distributed Proof-of-Authority (PoA) blockchain network. This aligns with your request for:

  • Bootnode - Lightweight peer discovery service
  • Multiple Validators - 3 PoA validator nodes for consensus
  • API Server - FastAPI backend for voter registration and vote submission
  • Distributed Architecture - True blockchain consensus across independent nodes

What Has Been Created

1. OpenSpec Proposal (openspec/changes/refactor-poa-blockchain-architecture/proposal.md)

A 400+ line comprehensive proposal including:

  • Business Context: Why migrate from simple to distributed blockchain
  • Solution Architecture: Detailed component diagram and responsibilities
  • Technical Details: PoA consensus mechanism, data flows, storage structure
  • Implementation Phases: 4 phases with clear deliverables
  • Benefits: Transparency, auditability, redundancy, regulatory compliance
  • Risk Mitigation: Byzantine validator, network partition, performance
  • Success Criteria: 8 clear metrics for completion
  • Effort Estimate: ~12-16 days for complete implementation

2. Technical Design (openspec/changes/refactor-poa-blockchain-architecture/design.md)

A 800+ line detailed design document including:

Bootnode Service

  • REST API for peer registration and discovery
  • In-memory peer registry
  • Health check and metrics

Validator Node Service

  • PoA block creation (round-robin among validators)
  • Block validation with cryptographic verification
  • P2P network communication for blockchain sync
  • JSON-RPC interface (compatible with standard tools)
  • Chaincode for consensus rules

API Server Integration

  • BlockchainClient for JSON-RPC communication
  • Failover logic (try next validator if one fails)
  • Vote submission to blockchain
  • Transaction receipt polling
  • Results aggregation from blockchain

Docker Compose Updates

  • Bootnode service (port 8546)
  • 3 Validator services (ports 8001-8003, 30303-30305)
  • Updated API server with blockchain integration
  • All services on private Docker network

Testing Strategy

  • Unit tests for each component
  • Integration tests for multi-validator consensus
  • End-to-end tests for full voting workflow
  • Performance benchmarks

3. Implementation Checklist (openspec/changes/refactor-poa-blockchain-architecture/tasks.md)

A detailed task breakdown across 5 phases:

Phase 1: Bootnode Service (1-2 days)

  • 4 tasks covering creation, implementation, Docker, testing
  • Deliverable: Working peer discovery service

Phase 2: Validator Node Service (5-7 days)

  • 13 tasks covering block creation, validation, P2P, JSON-RPC, crypto
  • Deliverable: 3 consensus-based validators

Phase 3: API Server Integration (2-3 days)

  • 7 tasks covering blockchain client, vote submission, configuration
  • Deliverable: Votes submitted to distributed blockchain

Phase 4: Frontend Integration (1-2 days)

  • 5 tasks covering transaction tracking, verification UI, results display
  • Deliverable: Frontend shows blockchain confirmation

Phase 5: Testing & Documentation (2-3 days)

  • 5 task groups covering unit, integration, E2E tests, docs, security review
  • Deliverable: Complete tested system with documentation

Task Dependencies: Clear visualization of which tasks can run in parallel

4. Blockchain Specification (openspec/changes/refactor-poa-blockchain-architecture/specs/blockchain.md)

A formal specification with scenario-based requirements:

ADDED Requirements:

  • Distributed blockchain network with PoA consensus
  • Bootnode service for peer discovery
  • Validator node service with JSON-RPC interface
  • P2P network communication between validators
  • Vote submission via API server with blockchain integration
  • Consensus mechanism for vote recording
  • Blockchain verification interface

MODIFIED Requirements:

  • Vote recording (enhanced with distributed consensus)
  • Election results (aggregated from distributed blockchain)
  • Blockchain persistence (new focus)

Each requirement includes scenarios describing:

  • WHEN (precondition)
  • THEN (postcondition)
  • AND (additional details)

Architecture Overview

┌─────────────────────────────────────────────────────────┐
│              Docker Network (evoting_network)            │
└─────────────────────────────────────────────────────────┘
                              │
         ┌────────────────────┼────────────────────┐
         │                    │                    │
         ↓                    ↓                    ↓
    ┌─────────┐         ┌─────────┐         ┌─────────┐
    │ Bootnode│         │Validator│         │Validator│
    │:8546    │◄───────►│   #1    │◄───────►│   #2    │
    │         │         │ :30303  │         │ :30304  │
    └────┬────┘         └────┬────┘         └────┬────┘
         │                   │                    │
         │              ┌────┴────┐               │
         │              ↓         ↓               │
         │         ┌─────────────────┐            │
         │         │   Validator #3  │◄───────────┘
         │         │    :30305       │
         │         └────────┬────────┘
         │                  │
         └──────────────────┼──────────────────┐
                            ↓                  ↓
                   ┌──────────────────┐  ┌──────────────┐
                   │   API Server     │  │  MariaDB     │
                   │  :8000 (FastAPI) │  │  :3306       │
                   └──────────────────┘  └──────────────┘
                            │
                            ↓
                   ┌──────────────────┐
                   │   Frontend       │
                   │   :3000 (Next.js)│
                   └──────────────────┘

Components

Bootnode (Peer Discovery Authority)

  • Simple HTTP service for validator registration
  • Enables validators to find each other without hardcoding IPs
  • Responds to /register_peer and /discover endpoints

Validators (PoA Consensus & Blockchain Storage)

  • 3 independent FastAPI services running blockchain consensus
  • Each validator:
    • Creates blocks in round-robin (validator 1, 2, 3, 1, 2, 3...)
    • Validates blocks from other validators
    • Maintains identical copy of blockchain
    • Syncs with peers over P2P network
    • Exposes JSON-RPC for API communication

API Server (Frontend/Registration Authority)

  • Handles voter registration and authentication (JWT)
  • Submits encrypted votes to validators via JSON-RPC
  • Queries results from validators
  • Serves frontend UI

Database (Voter & Election Metadata)

  • Stores voter credentials, election definitions, candidate lists
  • Stores vote metadata (transaction hashes, timestamps)
  • Does NOT store encrypted votes (stored on blockchain only)

Key Features

Proof-of-Authority Consensus

Instead of Proof-of-Work (mining) or Proof-of-Stake (wealth-based), PoA uses:

  • Designated Validators: Known, authorized validators create blocks
  • Simple Majority: 2 of 3 validators must accept a block
  • Fast Finality: Consensus reached in seconds, not minutes
  • Zero Waste: No energy spent on mining

Byzantine Fault Tolerance

With 3 validators and 2/3 consensus:

  • System survives 1 validator failure (crash, slow, or malicious)
  • Any party can run a validator to verify votes
  • No single point of failure

Immutable Vote Recording

Each block contains:

{
  "index": 42,
  "prev_hash": "0x...",
  "timestamp": 1699360000,
  "transactions": [
    {
      "voter_id": "anon-tx-abc123",
      "election_id": 1,
      "encrypted_vote": "0x7f3a...",
      "ballot_hash": "0x9f2b...",
      "proof": "0xabcd..."
    }
  ],
  "block_hash": "0xdeadbeef...",
  "validator": "0x1234567...",
  "signature": "0x5678..."
}
  • Each block cryptographically links to previous block
  • Changing any vote would invalidate all subsequent blocks
  • All validators independently verify chain integrity

Public Verifiability

Anyone can:

  1. Query any validator for the blockchain
  2. Verify each block's hash and signature
  3. Recount votes independently
  4. Confirm results match published results

Implementation Roadmap

Phase 1: Bootnode (Days 1-2)

bootnode/
├── bootnode.py (FastAPI service)
├── requirements.txt
├── tests/
└── Dockerfile

Phase 2: Validators (Days 3-9)

validator/
├── validator.py (Main PoA client)
├── consensus.py (Consensus logic)
├── p2p.py (Peer networking)
├── rpc.py (JSON-RPC interface)
├── crypto.py (Signing/verification)
├── tests/
└── Dockerfile

Phase 3: API Integration (Days 10-12)

backend/
├── blockchain_client.py (JSON-RPC client)
├── routes/votes.py (Updated for blockchain)
├── Updated main.py
└── tests/

Phase 4: Frontend (Days 13-14)

frontend/
├── Updated voting component
├── New transaction tracker
├── New blockchain viewer
└── Tests

Phase 5: Testing & Docs (Days 15-17)

tests/
├── unit/ (bootnode, validator, blockchain_client)
├── integration/ (multi-validator consensus)
├── e2e/ (full voting workflow)
└── docs/ (deployment, operations, troubleshooting)

Technical Decisions

Why Proof-of-Authority?

  • Suitable: Small, known, trusted validator set
  • Simple: No energy waste or complex stake mechanisms
  • Fast: Instant finality, no forks to resolve
  • Transparent: Validator set is public and known
  • Proven: Used successfully in many consortium blockchains

Why Custom Implementation (not Geth)?

  • Learning Value: Educational blockchain from scratch
  • Lightweight: Focused on voting, not general computation
  • Control: Full control over consensus rules
  • Understanding: Clear what's happening vs. black box

Why 3 Validators?

  • Simple Majority: 2/3 for consensus
  • Cost: 3 nodes fit in one deployment
  • Scalable: Easy to add more if needed
  • BFT: Can tolerate 1 failure

Benefits

For Users

  • Transparency: See your vote on the blockchain
  • Auditability: Independent verification of results
  • Fairness: No central authority can change results

For Elections

  • Compliance: Meets transparency requirements
  • Legitimacy: Public verifiability builds confidence
  • Accountability: Full audit trail preserved

For System

  • Redundancy: Votes stored on 3 independent nodes
  • Consensus: Agreement across validators prevents tampering
  • Scalability: Foundation for more validators if needed
  • Production-Ready: Real blockchain, not just prototype

Risks & Mitigation

Risk Impact Mitigation
Byzantine Validator Signs invalid blocks 2/3 consensus rejects invalid blocks; validator monitoring
Network Partition Validators split into groups Private Docker network prevents partition
Performance Vote submission bottleneck 3-validator PoA handles thousands of votes/sec
Complexity Hard to implement/debug Phase-by-phase implementation with testing
Key Compromise Attacker creates fake blocks Keys stored securely; monitor signatures

Success Metrics

  1. Bootnode operational
  2. 3 validators reach consensus
  3. Votes submitted and confirmed on blockchain
  4. Complete voting workflow works
  5. Blockchain verification succeeds
  6. Docker deployment works
  7. Documentation complete
  8. All tests pass

Files Created (in OpenSpec structure)

openspec/changes/refactor-poa-blockchain-architecture/
├── proposal.md              (Business + technical proposal)
├── design.md                (Detailed technical design)
├── tasks.md                 (Implementation checklist)
└── specs/
    └── blockchain.md        (Formal requirements + scenarios)

Next Steps

Option 1: Immediate Implementation

If approved, I can begin implementation immediately with Phase 1 (Bootnode).

Option 2: Review & Discussion

Review the proposal and discuss:

  • Architecture decisions
  • Timeline feasibility
  • Resource allocation
  • Risk tolerance

Option 3: Modifications

If you'd like changes to the design (e.g., different consensus mechanism, more validators, different technology), I can update the proposal accordingly.

Questions for Review

  1. Approval: Do you approve this PoA architecture for implementation?
  2. Timeline: Is 12-17 days acceptable for full implementation?
  3. Validators: Is 3 validators the right number (vs. 5, 7, etc.)?
  4. Technology: Is custom Python implementation acceptable (vs. Geth)?
  5. Scope: Should we proceed with all phases or start with Phase 1 only?

Summary

This OpenSpec proposal provides a comprehensive plan to upgrade the e-voting system from a simple in-memory blockchain to a distributed Proof-of-Authority blockchain with:

  • Bootnode for peer discovery
  • 3 Validators for consensus-based vote recording
  • API Server for voter registration and vote submission
  • JSON-RPC interface for validator communication
  • Docker deployment for easy startup
  • Public verifiability for election transparency

The proposal is documented in OpenSpec format with:

  • Detailed proposal (vision, benefits, risks)
  • Technical design (components, protocols, APIs)
  • Implementation tasks (5 phases, 50+ tasks)
  • Formal specifications (requirements + scenarios)

All documentation is in /openspec/changes/refactor-poa-blockchain-architecture/ ready for review and approval.