Cryptography and Security 16 JAN, 2015

End-to-end verifiability

End-to-end verifiability

This pamphlet describes end-to-end election verifiability (E2E-V) for a nontechnical audience: election officials, public policymakers, and anyone else interested in secure, transparent, evidence-based electronic elections. This work is part of the Overseas Vote Foundation’s End-to-End Verifiable Internet Voting: Specification and Feasibility Assessment Study (E2E VIV Project), funded by the Democracy Fund.

💡 Research Summary

The paper is a concise, non‑technical pamphlet that explains the concept of end‑to‑end verifiable voting (E2E‑V) to election officials, policymakers, and any stakeholder interested in secure electronic elections. It is part of the Overseas Vote Foundation’s “End‑to‑End Verifiable Internet Voting: Specification and Feasibility Assessment Study” (E2E VIV Project), funded by the Democracy Fund.

The core idea of E2E‑V is to make every stage of an election—ballot casting, recording, tallying, and result publication—transparent and independently auditable. Voters receive a cryptographic receipt (often a QR code or hash) that uniquely corresponds to their encrypted ballot but does not reveal their choice. This receipt is posted immediately to a public bulletin board (PBB), a tamper‑evident, read‑only ledger that anyone can inspect. By checking that their receipt appears on the board, voters can confirm that their ballot was recorded correctly.

During tallying, all encrypted ballots are processed using homomorphic encryption or mix‑net techniques. These methods allow the system to compute the final vote totals while keeping individual ballots encrypted and shuffled to protect privacy. Crucially, the tallying process generates a zero‑knowledge proof (or a succinct non‑interactive argument of knowledge, such as a SNARK) that demonstrates, without revealing any vote content, that the tally was performed correctly and that no ballot was added, altered, or omitted.

The pamphlet outlines four essential components of a practical E2E‑V system:

  1. Cryptographic Ballot and Receipt Generation – Voters’ selections are encrypted on the client side, and a one‑time receipt is created that binds the encrypted ballot to the voter’s view.
  2. Public Bulletin Board – All encrypted ballots and receipts are posted in real time, providing a transparent audit trail that can be inspected by voters, NGOs, and independent auditors.
  3. Secure Tallying – A verifiable computation aggregates the encrypted votes. The use of homomorphic encryption or mix‑nets ensures that the aggregation can be proved correct without exposing individual choices.
  4. Proof Verification – Anyone can download the public proof and, using open‑source verification software, confirm that the published results match the set of posted ballots.

By giving voters a personal means of verification and by allowing third parties to audit the entire process, E2E‑V eliminates the “black‑box” perception that has plagued many electronic voting deployments. The pamphlet stresses that the technology must be paired with user‑friendly interfaces—mobile apps or web portals that automatically verify receipts—so that verification does not become a burden for ordinary citizens.

Implementation challenges are also discussed. Large‑scale elections require high‑performance servers and efficient data structures to handle millions of receipts and proofs in real time. Receipt privacy must be protected; receipts are one‑time use and should be designed to resist duplication or leakage that could compromise ballot secrecy. Moreover, legal frameworks need to be updated to recognize cryptographic evidence as a legitimate part of the election record, and to define standards for certification, auditing, and dispute resolution.

In conclusion, the pamphlet argues that end‑to‑end verifiability offers a robust solution to the twin problems of trust and transparency in electronic voting. By embedding cryptographic guarantees directly into the voting workflow, it enables voters to confirm that their vote was counted, allows independent observers to verify the integrity of the tally, and provides a publicly auditable trail that can withstand scrutiny. Policymakers who understand these technical foundations can craft legislation that embraces E2E‑V, thereby advancing a more secure, transparent, and evidence‑based democratic process for the digital age.