05 October 2023

Think back to the last time you voted. How certain are you that your vote was counted correctly?

It doesn’t matter how you voted – using a paper ballot or a voting machine, by post, or online. Currently, there is no system in use in large-scale political elections anywhere in the world that allows voters to personally verify that their ballot was accurately included in the final count. For the time being, it’s all a matter of trust. And as we all know, trust is increasingly in short supply.

E-voting with full end-to-end user verification has the potential to change all this. A number of systems already in use in smaller-scale settings give voters the power to personally verify that their vote was correctly counted, while still preserving the secrecy of their vote. 

One such system is “self-enforcing e-voting” (SEEV). Developed by a team of researchers at Warwick University and Newcastle University in the UK, it is compatible with both voting machines and online i-voting systems. Following successful initial testing, the team has now launched a company, SEEV Technologies Ltd, to develop the system for use in real-world elections. Feng Hao, CTO of SEEV Technologies and Professor of Security Engineering at Warwick University, talked to Democracy Technologies about how it works.

Beyond black box voting systems

What happens to our ballot after we cast it? When it comes to paper ballots, there are systems in place to ensure that counts are fair, usually involving both independent observers, and observers from all participating parties. We know that there is a chance that our paper ballots will be miscounted, or that our postal vote may go missing or arrive late. But most of us trust that the electoral authorities act in good faith, and that any discrepancies are likely to balance out.

When it comes to e-voting, things get more complicated. With a purely electronic voting system, there is no physical process for observers to watch. In a so-called black box system, our votes are recorded by an electronic system, and simply disappear from view. It is down to the computer software to count the votes. If the software is controlled by bad actors, they can manipulate the results without anyone knowing.

“There’s no way for voters or for the parties to actually verify whether this tallying process is correct,” Hao points out. “That is the fundamental problem with e-voting, and it is also why there are so many controversies surrounding it.”

Tallying encrypted voting data

To make the electronic tallying process more transparent presents us with a major challenge: How can we allow voters to personally verify that their vote is counted correctly without thereby revealing to others how they have voted?

One method is to encrypt ballots and employ a group of cryptographic experts, or “tallying authorities,” to perform the decryption and tallying process. However, this solution has downsides. If the tallying authorities lose their keys or refuse to do the work (say, because they don’t like the projected outcome), the election result will never be known. This means placing trust on a very small group of people.    

The major innovation in SEEV is that although ballots are encrypted, there is no need for tallying authorities to decrypt the data at any stage in the process – neither for the count to be performed, nor for an audit to be carried out. 

How is this possible? First of all, SEEV performs the count with the election data still in its encrypted form. “This is a counterintuitive idea,” says Hao. If someone sends you a message on an encrypted messenger app like WhatsApp or Signal, your phone has to decrypt the message before you can read it – otherwise you are left with illegible nonsense.

Ordinarily, it’s exactly the same with data. For a computer to work on encrypted data – say, to count a set of votes – this data first has to be decrypted.

But there are actually ways of working with encrypted data without decrypting it first. Many e-voting systems use homomorphic encryption, a process which allows data to be processed in its encrypted form. In other words, the votes do not need to be decrypted in order to be counted. 

End-to-end user verification

Computers may be able to work with encrypted data – but surely the final results will need to be decrypted so that we can understand them? In many e-voting systems, it is at this point that tallying authorities step in to decrypt the results using secret keys. They publish the final count, and can perform an audit to check that the count was correctly carried out.

SEEV skips this stage, eliminating the need for a tallying authority. Once the final count is finished, the system automatically publishes the final tally – a table showing how many votes each candidate received, but containing no information about who voted for whom. And rather than relying on a tallying authority to audit the vote, it allows everyone who voted to check that their ballot was included in the final count. 

This is known as end-to-end user verification. In SEEV, it functions using receipts – either physical or electronic. When we buy something in a shop, two receipts are printed. One is given to you, while the other is kept by the shop. While the transaction might be processed behind the scenes at the bank and be difficult for either you or the shop to audit, the receipts provide a record for both parties, in case any disputes should arise.

Public bulletin board

Now imagine that rather than being presented with an audit of the vote-counting process, the public is simply presented with a bulletin board containing all of the voter receipts. To verify that your vote was counted, you simply check that the corresponding receipt is included on the bulletin board.

The major difference from the receipts issued by shops is that the information about your vote is provided in its encrypted form – a string of letters and numbers that will be meaningless to anyone who sees your receipt. This is necessary to preserve the secrecy of the ballot. Otherwise, receipts could be used to show how you voted, opening the way to vote buying and voter coercion.

The bulletin board is typically a website containing the full list of encrypted votes. Since nobody has a decryption key, there is no way of decoding an encrypted vote and finding out how anyone voted. But as long as I have my own unique receipt, I can verify that my vote appears on the bulletin board and so must have been included into the counting process. 

Voter-initiated election auditing

The secure public bulletin board ensures that my vote was included in the final tally. But how can I be sure that the encrypted code I’m issued with contains the actual vote I wanted to cast?

Here, SEEV uses voter-initiated auditing, a feature also employed by several other e-voting systems. It is sometimes called “the Benaloh challenge,” named after its creator Josh Benaloh. As we already saw, when I select a candidate, I am issued with a receipt. Yet at this stage, I am prompted by the voting machine or i-voting system to either confirm and cast my vote, or to change it.

If I opt to change my vote, I can “challenge” the voting machine to print a second receipt with a decoded version of my cancelled vote, revealing the name of the candidate I chose.

Digital envelopes

“You can think of encryption like putting your vote in an envelope,” says Hao. “When you cast your vote, the system puts it in an envelope. If you decide to challenge the system, you get to open the envelope and look inside. But as soon as you open it, the vote is no longer valid, and is not included in the tally.”

The voter can select a candidate and cancel as often as they choose. This means that, although they cannot decode the encryption of the final ballot that they cast, they can be confident that the machine is accurately encrypting their votes. If the machine were trying to “deceive” them, it would get caught out when the user chooses to “open the envelope.”

Hao points out that most voters won’t need to go through these steps of casting and cancelling votes. But the option is there for anyone who wants to verify that the system is recording the votes accurately.

Receipts from an SEEV trial in Gateshead, UK. The first receipt for a cancelled ballot displays the full decrypted version of the vote, revealing the name of the selected candidate. The second receipt for a confirmed ballot contains the encrypted version only, which can be checked against the bulletin board published at the end of the election process. Image first published by the Cryptology ePrint Archive, copyright Feng Hao.

Successful trials of self-enforcing e-voting

SEEV voting has already undergone two major tests. On May 2 2019, the system was used to conduct an exit poll at local elections in Gateshead in the UK. 94 people participated in the voluntary trial, and user feedback was positive.

The team also collaborated with the New Town Kolkata Development Authority (NKDA) in New Town, West Bengal, India, to run a trial during the Hindu festival of Durga Puja. Anyone with an Indian phone number was invited to vote for their favourite festival decorations using mobile phones over the Internet with end-to-end verification.

The team have already developed functioning versions for various voting methods, including first-past-the-post, Condorcet, Borda Count and Instant Run-Off. They are currently working on an STV system.

Their online shareholder voting system for simple, first-past-the-post elections is scheduled for completion by December 2023. In the long run, they aim to support end-to-end user verification in statutory elections, both for online voting and in polling stations.

Systems like SEEV allow us to eliminate the distinction between who votes and who counts the votes, enabling each of us to verify the results for ourselves. By making each of us an election observer, they have the power to render elections more transparent than ever before – a clear win for democracy.

How useful was this post?

Click on a star to rate it!