Anonymous Voting System

This visualization explains how the cryptographic voting library works, focusing on the core concepts without requiring deep cryptographic knowledge. You'll learn about anonymous credentials, unlinkable pseudonyms, and how the entire system preserves voter privacy while ensuring vote integrity.

⚠ī¸ Experimental Code

This library is unaudited and contains experimental cryptography. Please do not rely on this in any production environment.

System Overview
Cryptographic Pseudonyms
Voting Process
Verification & Security
Interactive Demo

How the System Works

This anonymous voting system allows voters to cast verifiable votes without revealing their identity. Let's explore the key components:

🔑

Credentials

Cryptographic credential each voter creates and keeps secret

👤

Pseudonyms

Unique, unlinkable identifiers with zero-knowledge validity proofs for each voter in an election

đŸ—ŗī¸

Votes

Ballot choice with associated pseudonym signing this choice for the given election

🔍

Verification

Public verification without compromising voter anonymity

Key Features

  • Strong Anonymity: Votes cannot be linked back to the voter's identity, even if election authorities and credential issuers collude.
  • Sybil Resistance: The system prevents a single voter from casting multiple votes through cryptographic authentication.
  • Double-Voting Prevention: Any attempt to vote multiple times is automatically detected and recorded.
  • Distributed Vote Collection: Multiple vote collectors can operate independently and later combine their results.
  • End-to-End Verification: The integrity of the voting process can be verified without compromising voter anonymity.

System Overview

Credential Issuer Issues anonymous credentials Voter Creates pseudonyms & votes Vote Collector 1 Verifies & collects votes Vote Collector 2 Verifies & collects votes Vote Collector 3 Verifies & collects votes Credential Issuance Vote Casting Public Verifier 1 Audits election integrity without compromising privacy Public Verifier 2 Audits election integrity without compromising privacy Public Verifier 3 Audits election integrity without compromising privacy Merge and Verify

Cryptographic Pseudonyms

Pseudonyms are the core technology that enables anonymous yet verifiable voting. Here's how they work:

What is a Pseudonym?

A pseudonym is a cryptographic identifier that:

  • Is unique for each voter in an election
  • Cannot be linked to the voter's identity
  • Cannot be linked to pseudonyms from other elections
  • Can be verified as belonging to an eligible voter
  • Can be used to sign data like a digital signature, like your choice in an election

The Magic of Pseudonyms

Voter Private Key (k) Credential (a, e, k) Receives Election 1 Pseudonym (deterministic) Election 2 Pseudonym (different ID) Attempt Double Vote Same Pseudonym ID (Double Vote Detected) Derives Pseudonyms

Pseudonym Creation (Technical Details)

Each pseudonym is created using the voter's credential and contains:

  • Election ID (relying_party_id): Unique identifier for the election
  • Pseudonym ID (y): Unique identifier for this voter in this election
  • Zero-Knowledge Proof: Cryptographic proof that the pseudonym was derived from a valid credential without revealing which credential
// A simplified representation of how pseudonyms are created
let pseudonym = credential.pseudonym_for(
    params,         // System parameters shared by all participants
    election_id,     // Unique identifier for this election
    "vote data",     // Additional data to bind to this pseudonym
    rng    // Source of randomness
);

// The pseudonym ID is deterministic for a given (credential, election) pair
// But pseudonyms from different elections cannot be linked

Key Properties

  • Deterministic per Election: The same credential will always generate the same pseudonym for a specific election, preventing double voting.
  • Unlinkable Across Elections: Pseudonyms from the same voter but different elections cannot be linked, preserving voter privacy.
  • Zero-Knowledge Verification: Anyone can verify a pseudonym belongs to an eligible voter without learning which voter.

The Voting Process

Let's walk through the entire voting process from credential issuance to vote verification:

Setup

Setup

Issuer generates key pair and publishes public key. System parameters are established.

Credential Request

Credential Request

Voter generates private key and sends a credential request to the issuer.

Credential Issuance

Credential Issuance

Issuer verifies the request and issues a credential without learning the voter's private key.

Election Setup

Election Setup

Vote collector creates a new election with a unique ID and enables it in the database.

Create Pseudonym

Create Pseudonym

Voter derives a pseudonym specific to the election using their credential.

Cast Vote

Cast Vote

Voter creates a vote with their choice and pseudonym as proof of eligibility.

Vote Verification

Vote Verification

Vote collector verifies the vote's authenticity using the issuer's public key.

Recording & Results

Recording & Results

Vote is recorded and counted in the final results.

Code Example: Creating and Casting a Vote

// Example of how a vote is created and cast
let election_id = ElectionID { bytes: /* unique ID for this election */ };
let choice = "Candidate A".to_string();

// Create a vote using the voter's credential
let vote = credential.vote(election_id, choice).unwrap();

// Add vote to the database (this is done by the vote collector)
let result = vote_database.add_vote(vote, &issuer_public_key);

match result {
    Ok(()) => println!("Vote recorded successfully!"),
    Err(VotingError::DoubleVote { .. }) => println!("Double voting detected!"),
    Err(VotingError::Unauthenticated) => println!("Invalid vote!"),
    Err(VotingError::NonexistentElection(_)) => println!("Election not found!"),
}

Verification & Security

The system provides strong security guarantees through various cryptographic mechanisms:

Double-Voting Prevention

When a voter attempts to vote twice in the same election:

  1. Both votes will have the same pseudonym ID (derived deterministically from their credential)
  2. The system detects the duplicate pseudonym ID
  3. The second vote is rejected and recorded as a "liar" for auditing
Vote 1 Pseudonym ID: ABC123 Choice: "Yes" Vote 2 Pseudonym ID: ABC123 Choice: "No" Vote Database Pseudonym ID: ABC123 Choice: "Yes" Double Vote Detected: ABC123 Accepted Rejected

Database Verification

The integrity of the entire vote database can be verified by anyone with access to the database and the issuer's public key, without compromising voter anonymity:

// Verify the entire database
let database_valid = vote_database.verify(&issuer_public_key);

if database_valid {
    println!("All votes in the database are valid.");
} else {
    println!("Database verification failed!");
}

Security Guarantees

  • Anonymity: Votes cannot be linked back to voters' identities, even if election authorities collude.
  • Non-transferability: Credentials are bound to the voter's private key and cannot be used by anyone else.
  • Double-voting Prevention: The system detects and prevents voting multiple times in the same election.
  • Distributed Trust: Multiple vote collectors can operate independently and later combine their results.

Limitations

  • Trusted Setup: The system relies on a trusted credential issuer, as otherwise they can potentially issue arbitrarily many credentials and use them to influence elections.
  • Credential Security: Voters must keep their private keys secure.
  • No Coercion Resistance: The current implementation does not address vote buying or coercion.
  • Unaudited: This library contains experimental cryptography and has not been professionally audited.

Interactive Demonstration

This interactive demo simulates the core components of the anonymous voting system.

1. Setup

First, let's set up the system by generating keys and initializing a vote database.

Click the button above to initialize the system...

2. Create Voters

Now, let's create some voters with valid credentials.

Click the button above to create voters...

3. Create Election

Let's create a new election and enable it in the vote database.

Click the button above to create an election...

4. Create Vote Collectors

Let's create multiple vote collectors that can independently collect votes.

Click the button above to create vote collectors...

5. Cast Votes

Let's have the voters cast their votes to different collectors.

Click the button above to cast votes...

6. Attempt Double Voting

Let's simulate a voter trying to vote twice in the same election.

Click the button above to attempt double voting...

7. Combine Vote Databases

Now, let's combine the independent vote collector databases before verification.

Click the button above to combine all vote collector databases...

8. Verify Results

Finally, let's verify the combined database and see the election results.

Click the button above to verify the database and see results...