Jeremy Stein - Journal

« »

Fraud-Free Electronic Voting

I am proposing a system for electronic voting that will prevent the issues we currently see with accusations of voter fraud and inaccurate counting.


How it works in theory

The system records voters and ballots in separate tables that are not linked to each other (although there is a printed audit trail in case of trouble). Both of these tables are published publicly at the end of the election.

To allow the voter to identify their vote in the public record, we include a hash of the voter info and ballot in the public table of ballots. To protect voter’s privacy, and voter-selected secret password is included in the hash.

To limit fraudulent claims of missing or incorrect votes, we also generate a hash of the voter info, ballot, and a temporarily-secret key for the election. This prevents perjuring fraud claimants from forging a vote confirmation.

How it works in practice

The registered voter logs into the voting system on the day of the election. The voter is presented with the ballot for his district. The voter selects his answers. To submit his vote, the voter must also select a secret random string (“the voter secret”). For simplicity, we can generate this for the voter, but voters should be able to set the secret themselves if they want to. For example, the voter might make selections like this:

Ohio District 3 Ballot
Representative: Jane Smith
City Council: Bill Jones
Ballot Initiative 45: Yes
Voter Secret: xQdW4jkkStlZ

The voter will be given two hashes that will prove the vote was recorded correctly. For example:

Confirmation 1: 5bd5ec1718f2009eaaaf5e98d8f5d4051b8511aa15d577d571a27ef82a4e8fe1
Confirmation 2: f7ee8528a44a72a84e31d55f422cb782a82acfed78c96b74653c575bb45ed5a9

Note that confirmation 1 is simply the SHA256 hash of the ballot and voter info including the voter secret. In this case: {Date:20201-Nov-02;District:Ohio/3}{Representative:Jane Smith;City Council:Bill Jones;Ballot Initiative 45:Yes}{Joe Voter;100 E Broad St,Columbus,OH 43215}{Secret:xQdW4jkkStlZ}

The encoded ballot should be presented to the user so he can validate the SHA256 digest himself.

Confirmation 2 is the SHA256 hash of the same information except using the election secret instead of the voter secret. The election secret is chosen by the system and is the same for all votes in a given election. It remains secret until 72 hours after the recorded ballots are published.

This means that the voter can compute confirmation 1 himself immediately, and confirmation 2 after a few days.

To record the vote, the system makes three writes:

  1. An entry is added to the election’s voter table with the following information:
    • Name
    • Address
  2. An entry is added to the recorded_ballot table with the following information:
    • Ballot (encoded as a single string)
    • Confirmation 1
  3. For non-searchable auditing purposes, the following is printed on a secure election printer:
    • Name & Address
    • Ballot
    • Voter’s secret code
    • Confirmation 1
    • Confirmation 2

At the close of the election, the voter table and recorded_ballot table are made publicly available. Anyone can easily count the votes to confirm the winners. The number of voters and number of recorded ballots will be the same. The printed audit is kept long enough to deal with any challenges and then destroyed.

Benefits of this system

Voters can see their vote (anonymously) listed in the public record of votes. They know their vote was correctly included.

Voting results are instantly available.

No one can claim that mysterious unknown votes were added to the results.

It’s harder to claim that votes were discarded, as long as voters are keeping their confirmation info.

How it prevents accusations of fraud

My vote was not counted

The recorded ballots are public record. Look for confirmation 1 in the recorded ballot table and you can see that your vote was recorded.

If confirmation 1 doesn’t appear in the recorded ballots table, disclose confirmation 2 right away. Confirmation 1 can be forged, but confirmation 2 cannot. You need to prove that you received confirmation 2 before the election secret is made public.

My vote was recorded incorrectly

Same as above. Confirmation 1 can confirm that your vote was recorded correctly. For people who forged it, we can catch them by asking for confirmation 2 before the election secret is released.

Fraudulent votes were added

The voters are listed publicly. If someone is ineligible, we can go through the audit printout and find their vote.

How to transition to this system

Not everyone will be ready to use electronic voting right away. In the interim, paper ballots should be converted into electronic submissions into this system. Those who vote by paper won’t have the confirmation codes to get the same benefits as those who vote online directly.

January 3, 2021 2 Comments.


  1. Joan Hershberger replied:

    so many steps and anoyther!!! password to recal. groan

    January 10th, 2021 at 11:58 am. Permalink.

  2. Mark A. Hershberger replied:

    “…will prevent the issues we currently see with **accusations** of voter fraud and inaccurate counting.” (emphasis mine)

    You wrote to me last week about this post and I’m only now getting around to it.

    I’ll post more of my thoughts on my weblog, but I think the core problem here is that this system will not stop people from making bad faith accusations.

    This is especially when the average person does not understand sha hashes let alone database tables in the same way that they understand a piece of paper on which they have marked their choices.

    January 10th, 2021 at 1:19 pm. Permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

« »