End-to-end verifiable voting

As part of the Defending Democracy Program, through our parent company Galois, we partnered with Microsoft in 2019 to develop the first release of ElectionGuard, a software development kit (SDK) that will enable anyone to build verifiable elections technology.

Voting system developers can use ElectionGuard to make their voting systems end-to-end verifiable, allowing for individual voters to confirm their votes were counted, as well as for third parties to validate that the results of an election haven’t been tampered with.

ElectionGuard is open source and available freely to the public, including election officials and election technology vendors who wish to build end-to-end verifiability into their voting systems. The ElectionGuard project has evolved significantly over the past year or so in exciting ways.  We are no longer actively working on ElectionGuard for Microsoft, though are closely tracking the project and its use.

End-to-end verifiability (E2E-V)

E2E-V is a cryptographic technology that enables voters to vote in a normal fashion in a polling place and have evidence that the election is trustworthy. A voter votes using either optical scan technology (the voter fills out a ballot by hand) or a ballot marking device (the voter uses a touchscreen and a paper ballot record is produced). Thus, a paper ballot remains the ballot of record—as advocated by all cybersecurity professionals involved in the elections integrity community—and facilitates post-voting election audits.

E2E-V voting systems also produce a cryptographic receipt, enabling voters to prove (1) that the voting system recorded their choices correctly and (2) that their ballot is part of the final results of the election. Moreover, the E2E-V protocol permits election officials and observers to determine whether the election has been run in a trustworthy fashion without any problems; if there are any issues—ranging from procedural problems to nation-state adversaries attempting to manipulate the election—they can be detected, and their impact can be narrowed to specific attacks or systems that have been compromised, so they can be procedurally and technically mitigated.

With ElectionGuard, developers can make an existing voting system end-to-end verifiable, or build in end-to-end verifiability from scratch.

For more detailed information on ElectionGuard, see Protecting Democratic Elections Though Secure, Verifiable Voting and the Microsoft ElectionGuard GitHub project.