Evoting for Democracy

Simple centralised deployment with voter-verifiable results and accessible vote privacy

Why E-voting Systems Fail Democracy

Democracy is undermined when the result of the vote depends on the honesty of the authorities that are not accountable to voters

Deployment Complexity Forces Poor Choices

Ontario's 2022 municipal elections demonstrate the real-world impact: municipalities predominantly selected simple black-box systems without individual verifiability, explicitly citing operational complexity of E2E verifiable systems as the primary deterrent while also leaving vote privacy to be completely dependent on the vendor.

Centralisation Makes Fraud Easy

Electronic voting systems centralize critical functions, creating single points of failure where one successful attack could manipulate thousands or millions of votes simultaneously. Unlike paper systems that require physical access to many locations, centralized e-voting creates attractive targets for large-scale fraud that's easier to execute and conceal.

Decryption Ceremony Limits Privacy

E-voting systems depending on threshold decryption ceremonies face a fundamental dilemma: technical errors by participants may leave election results permanently unencrypted, while low thresholds allow small corrupt minorities to break privacy guarantees.

Lack of Everlasting Privacy

Most E2E systems rely on computational privacy assumptions that may be broken by future cryptographic advances or quantum computing. This limitation is often compensated by eliminating eligibility verifiability and/or withholding election evidence from the public.

Authority-Dependent Verifiability

Even in properly deployed E2E systems, verification capabilities remain concentrated with election authorities, requiring voters to trust institutional honesty and competence rather than enabling independent verification. This leads voters to ask a pertinent question: If vote results have been manipulated, why wouldn't one also corrupt the vote verification process?

Vote Buying and Coercion Risks

Systems that provide voters with receipts or verification tokens create opportunities for vote buying and coercion, as voters can prove how they voted to third parties, undermining the secret ballot principle fundamental to democratic elections. The risk is even more amplified when the vote buyer can remain fully anonymous.

If voters cannot independently verify that their votes are accurately counted while maintaining their privacy—regardless of whether administrators are honest or corrupt—then the system has failed its fundamental democratic purpose.

The solution is not to eliminate technology, but to democratize participation in deployment and verification, empowering voters to independently verify their votes without depending on institutional promises.

Solving E-voting's Central Problem

Simple centralized deployment with voter-verifiable results and accessible vote privacy

Public evidence with everlasting vote privacy lets any expert audit resulting tally to be composed fairly from eligible voters, rather than requiring special vetting and access to internal audit data. This gives voters the option to choose which experts they trust, while the pool of experts can be enlarged through CI/CD pipelines.

E2E Verifiable

Complete end-to-end verification from vote casting through final tally, with software-independent evidence

🛡️

Receipt Free

Complete protection against vote buying and coercion while maintaining full verifiability

🔒

Everlasting Privacy

Vote secrecy maintained even against future quantum computers and cryptographic breakthroughs

🎯

Centralized Deployment

Clear responsibilities and simplified accountability. Enables federated deployment for enhanced security when needed

🔄

Open Transactional Anonymization

Include anyone in pseudonym anonymization before voting with integrity guaranteed via zero-knowledge proofs, eliminating trust assumptions at tallying phase

🚀

CI/CD Evidence Publishing

Election evidence published to GitHub/GitLab repositories with automated verification badges and static bulletin board generation for reproducable audits

Research Foundation

"Unconditional Individual Verifiability with Receipt Freeness via Post-Cast Isolation"

How Your Vote Stays Private Yet Verifiable

No trust required—just cryptographic proofs and temporary isolation

1

Setup - Pseudonym Anonymization

Before voting, sequential braidings generate a braided generator that determines your anonymous voting pseudonym from your private key. Anyone can participate as a braider by providing zero-knowledge proofs of honest behavior, ensuring voters' anonymity.

2

Cast Your Vote

Your voting device retrieves the voting proposal containing the braided generator and voting options. Once you make your selection, your voting calculator creates cryptographic commitments to your vote and tracker preimages, and pseudonymously signs the envelope, which your voting device delivers anonymously to the bulletin board.

3

Isolate and Verify

After voting phase ends, your unique challenge appears on the bulletin board next to your pseudonym. Entering this challenge in your isolated voting calculator computes your tracker, with which you can locate your vote on the tally board. To maintain receipt-freeness, you can configure your calculator to display any alternative tracker from the tally board.

Every previous e-voting system faced an impossible choice: give voters receipts (enabling vote buying) or trust authorities (enabling fraud). PeaceFounder is the first to escape this paradox entirely.