What is End-to-End Verifiability?

And why is it important for elections?

We often talk about how online voting solutions can help governments hold end-to-end verifiable elections. But what does that really mean?

For an election to have end-to-end verifiability, voters and third parties alike must be given the necessary tools and resources to verify every step of the voting process. On the surface, this may seem like a challenge for online elections, where voters cast their ballots over the internet from any location, and where results are often tabulated automatically.

Security and cryptographic experts, nevertheless, have developed unique verification methods for online voting systems that provide complete verifiability, which can often result in even greater transparency than that of paper-based elections.

In this article, we'll explore the different facets of end-to-end verifiability in online elections. By the end, you'll be able to confidently assess whether your online voting solution is equipped with the necessary features to ensure election transparency and trust.

Verifiability Basics

We can think about election verifiability, which is sometimes also referred to as auditability, from two perspectives: that of the individual voter, and that of third-party election auditors and the public in general. These two perspectives inform the two main branches of verifiability:

1. Individual Verifiability, in which individual voters verify that their individual ballots have been successfully cast and "deposited" in the electronic ballot box, and that the cast ballot maintains the choices they had originally selected (in other words, that it has not been manipulated in any way while it was being sent over the internet).
2. Universal Verifiability, in which third party auditors and even the general public verify that the final vote tally is correct and reflects that actual votes cast in the election.

Let's take a look at how each are achieved.

Individual Verifiability

As mentioned, individual verifiability consists of supplying voters with the ability (and the right) to verify that their ballots were officially deposited in the ballot box with the choices they selected, and that those choices were recorded properly. Each of these actions refers to two types, or steps, of individual verifiability: 

1. Cast-as-Intended Verifiability, referring to the ballot containing the voter's actual choices.

2. Recorded-as-cast Verifiability, referring to the ballot being successfully stored in the digital ballot box.

These individual verifiability procedures not only reassure voters of the integrity and transparency of the electoral system, but also give voters the opportunity to alert election authorities if an error has occurred.

Online voting might seem to present a slight challenge to these verifications, as voters cannot just seal up their ballot and drop it in a physical ballot box themselves. Rather, their ballots leave their hands and are sent through the internet to a voting server, where they await decryption and tallying at the end of the voting period.

Luckily, full individual verifiability is quite possible in an online election, provided the right features have been implemented.

Cast-as-Intended Verifiability

The ability for voters to verify that their vote has been encrypted and cast with the voting choices that they originally selected is known as cast-as-intended verifiability. This is one of the first verifications to be done, as it can be completed directly after (or sometimes even while) a voter casts their ballot.

There are a few methods through which cast-as-intended verifiability can be achieved:

• Cast and Decrypt: In this scenario, voters are presented with a QR code after they cast their ballot. This code contains the randomness, or the randomly generated mathematical formulas, that were used to encrypt their vote. To verify that the vote they cast actually does contain the voting choices they selected, they can use an official verification app to scan the QR code, which will retrieve their individual vote, or an exact copy of it. The randomness stored in the QR code will then decrypt the retrieved vote, showing the choices that have been stored with the ballot. The voter can then verify that it does contain the choices they originally selected.

• Cast or Challenge: Here, the voter completes their ballot, which is automatically encrypted on their device. Then, the voter can choose either to cast their ballot, or to decrypt it (i.e. “challenge” it) to see if their choices have remained the same upon encryption. The voter can opt to decrypt their ballot as many times as they would like, allowing them to verify that their device is not compromised or infected with malware.

• Return Codes: In this case, each voter is given a personalized voting card where every voting option is assigned a particular code. For example, option A may have the code “1234,” whereas option B would have the code “5678” (in reality, these codes would be more complex and random). When a voter casts their ballot, the voting system is able to compute the codes associated with each voting option selected without decrypting the ballot or revealing the identity of the voter. The voter is then sent the code of the option that was selected as a "return code". So, if a voter selected option A, they should receive a return code of “1234,” and if they selected option B, they should receive a return code of “5678.” Assuming the election is larger than a single vote, the voter would receive a list of return codes, each unique for every race.

Recorded-as-Cast Verifiability

Once voters are sure that their ballots were correctly submitted to the digital ballot box, the next step of individual verifiability, recorded-as-cast verifiability, comes into play. Here, voters must also be able to verify that their ballot was successfully received by the voting server and placed in a position to be counted. Recorded-as-Cast Verifiability is usually achieved through voting receipts. 

When a voting server receives a ballot, it assigns a unique identifier to it and sends this identifier, usually a long string of numbers and letters, back to the voter. A list of all receipts recorded by the server is then published on a public bulletin board, usually after an election. Voters can then check this list of receipts and verify that their ballot is among those recorded by the server. In this way, voters can guarantee that their ballot was recorded-as-cast.

It's important to note that receipts should always be anonymous and should never disclose the contents of a ballot.

Universal Verifiability

Whereas individual verifiability consists of individual voters verifying the accuracy and secure transmission of their individual votes, universal verifiability is an auditing procedure that is open to all independent third-party auditors, and sometimes to the general public. Universal verifiability consists chiefly of counted-as-recorded verifiability, whereby the processes of electronic ballot shuffling, decryption, and tallying are audited. 

In simple terms, this allows auditors and the public to be sure that every ballot cast is accounted for in the final tally.

Counted-as-Recorded Verifiability

Since election observers cannot witness the physical mixing, decrypting, and tallying of ballots in an online election, auditing the processes is best done with zero knowledge proofs.

Learn more about zero-knowledge proofs from our Research & Security team! 

These cryptographic mathematical formulas offer data that proves the accuracy of the mixing and decrypting processes without disclosing sensitive information. With this confirmation that votes were mixed and decrypted properly, auditors can verify the accuracy of the tally and final count.

As the accuracy of mixing, decrypting, and tallying processes can be individually verified, the accuracy of results can be guaranteed. Thus, auditors can assure themselves that all ballots in an election were counted-as-recorded. 

Ensuring End-to-End Verifiability in Your Election

Now that you know a bit about the different facets of election verifiability, you can assess whether your voting process actually is end-to-end verifiable. While verifiability is important for any election, regardless of voting method, end-to-end verifiability is not only possible, but also vitally important in an election with online voting.

In this sense, your online voting provider should be able to demonstrate the different features they have available to ensure cast-as-intended, recorded-as-cast, and counted-as-recorded verifiability. And we encourage you to ask!

If you're interested in learning more about other security features that are necessary for secure, transparent, and accessible online voting elections, take a look at our Security Table of Online Voting: