Simple centralised deployment with voter-verifiable results and accessible vote privacy
Democracy is undermined when the result of the vote depends on the honesty of the authorities that are not accountable to voters
Ontario's 2022 municipal elections demonstrate the real-world impact: municipalities predominantly selected simple black-box systems without individual verifiability, explicitly citing operational complexity of E2E verifiable systems as the primary deterrent while also leaving vote privacy to be completely dependent on the vendor.
Electronic voting systems centralize critical functions, creating single points of failure where one successful attack could manipulate thousands or millions of votes simultaneously. Unlike paper systems that require physical access to many locations, centralized e-voting creates attractive targets for large-scale fraud that's easier to execute and conceal.
E-voting systems depending on threshold decryption ceremonies face a fundamental dilemma: technical errors by participants may leave election results permanently unencrypted, while low thresholds allow small corrupt minorities to break privacy guarantees.
Most E2E systems rely on computational privacy assumptions that may be broken by future cryptographic advances or quantum computing. This limitation is often compensated by eliminating eligibility verifiability and/or withholding election evidence from the public.
Even in properly deployed E2E systems, verification capabilities remain concentrated with election authorities, requiring voters to trust institutional honesty and competence rather than enabling independent verification. This leads voters to ask a pertinent question: If vote results have been manipulated, why wouldn't one also corrupt the vote verification process?
Systems that provide voters with receipts or verification tokens create opportunities for vote buying and coercion, as voters can prove how they voted to third parties, undermining the secret ballot principle fundamental to democratic elections. The risk is even more amplified when the vote buyer can remain fully anonymous.
The solution is not to eliminate technology, but to democratize participation in deployment and verification, empowering voters to independently verify their votes without depending on institutional promises.
Simple centralized deployment with voter-verifiable results and accessible vote privacy
Public evidence with everlasting vote privacy lets any expert audit resulting tally to be composed fairly from eligible voters, rather than requiring special vetting and access to internal audit data. This gives voters the option to choose which experts they trust, while the pool of experts can be enlarged through CI/CD pipelines.
Complete end-to-end verification from vote casting through final tally, with software-independent evidence
Complete protection against vote buying and coercion while maintaining full verifiability
Vote secrecy maintained even against future quantum computers and cryptographic breakthroughs
Clear responsibilities and simplified accountability. Enables federated deployment for enhanced security when needed
Include anyone in pseudonym anonymization before voting with integrity guaranteed via zero-knowledge proofs, eliminating trust assumptions at tallying phase
Election evidence published to GitHub/GitLab repositories with automated verification badges and static bulletin board generation for reproducable audits
"Unconditional Individual Verifiability with Receipt Freeness via Post-Cast Isolation"
No trust required—just cryptographic proofs and temporary isolation
Before voting, sequential braidings generate a braided generator that determines your anonymous voting pseudonym from your private key. Anyone can participate as a braider by providing zero-knowledge proofs of honest behavior, ensuring voters' anonymity.
Your voting device retrieves the voting proposal containing the braided generator and voting options. Once you make your selection, your voting calculator creates cryptographic commitments to your vote and tracker preimages, and pseudonymously signs the envelope, which your voting device delivers anonymously to the bulletin board.
After voting phase ends, your unique challenge appears on the bulletin board next to your pseudonym. Entering this challenge in your isolated voting calculator computes your tracker, with which you can locate your vote on the tally board. To maintain receipt-freeness, you can configure your calculator to display any alternative tracker from the tally board.