xVote: Electronic Voting Ballot Secrecy
XorIDA splits each ballot across multiple independent election authorities. Tallying requires threshold cooperation. No single authority can reveal individual votes.
The Problem
Electronic voting systems require trust in election authorities to maintain ballot secrecy. No cryptographic guarantee currently prevents individual vote exposure by a compromised authority.
Traditional e-voting systems store complete ballots on centralized servers. Election administrators, database operators, and system vendors all have theoretical access to individual voting records. Even with encryption, the decryption key typically resides with a single entity or small trusted group.
Paper ballots offer physical anonymity but cannot scale. Digital systems offer scalability but sacrifice the mathematical guarantee of secrecy. The challenge is preserving ballot secrecy with a cryptographic guarantee while enabling accurate, auditable tallying.
The Old Way
The PRIVATE.ME Solution
XorIDA splits each ballot into N shares distributed across independent election authorities. Tallying requires K-of-N cooperation. Individual vote secrecy is information-theoretically guaranteed.
Each ballot is split at the voter's device before leaving the client. No complete ballot ever traverses the network or exists on any server. Election authorities receive shares that individually reveal zero information about the voter's choices.
Built-in duplicate vote detection uses deterministic voter identifiers (derived from registration credentials) to prevent double-voting without linking votes to identities. The tally phase reconstructs ballots only in aggregate, never individually.
The New Way
How It Works
The ballot secrecy pipeline ensures that no complete ballot ever leaves the voter's device. Tallying is performed through threshold reconstruction with cryptographic audit trails.
Use Cases
Split ballots across independent election commissions. Threshold tallying prevents any single commission from accessing individual votes. Cryptographic receipts for voter verification.
3-of-5 thresholdBoard resolutions and proxy votes split across independent registrars. Ensures vote confidentiality while maintaining SEC compliance and audit requirements.
2-of-3 thresholdUnion leadership elections with cryptographic ballot secrecy. Prevents retaliation by ensuring no individual vote can be traced. NLRB-compatible audit trail.
2-of-3 thresholdFaculty senate votes, tenure decisions, and curriculum approvals with guaranteed ballot secrecy. Eliminates political pressure on individual voting decisions.
2-of-3 thresholdIntegration
import { castBallot, tallyVotes } from '@private.me/ballotsplit'; // Cast a ballot split across 3 authorities (2 needed) const receipt = await castBallot(ballot, authorities, { n: 3, k: 2, }); // Voter receives cryptographic receipt console.log(receipt.verificationCode); // Tally with threshold cooperation const results = await tallyVotes({ authorities: [authorities[0], authorities[2]], electionId: '2026-board-vote', });
Security Properties
| Property | Mechanism | Guarantee |
|---|---|---|
| Ballot Secrecy | XorIDA GF(2) splitting | Information-theoretic (unconditional) |
| Integrity | HMAC-SHA256 per share | Tamper detection on every share |
| Duplicate Prevention | Deterministic voter hash | Double-voting detected instantly |
| Verifiability | Cryptographic receipts | End-to-end audit trail |
| Coercion Resistance | No reconstructible individual ballots | Cannot prove how you voted |
Cryptographic Proof of Correctness
This ACI's computations can be cryptographically verified by xProve — so regulators, auditors, and counterparties can confirm results without re-running the computation or accessing the underlying data.
Tier 2: Commit-and-reveal — anti-equivocation for Beaver triples.
Tier 3: IT-MACs — malicious-security detection between parties.
Tier 4: KKW zero-knowledge proofs — publicly verifiable, ~50 KB, post-quantum.
Read the xProve white paper →
Ready to deploy xVote?
Talk to Ren, our AI sales engineer, or book a live demo with our team.
Ship Proofs, Not Source
xVote generates cryptographic proofs of correct execution without exposing proprietary algorithms. Verify integrity using zero-knowledge proofs — no source code required.
- Tier 1 HMAC (~0.7KB)
- Tier 2 Commit-Reveal (~0.5KB)
- Tier 3 IT-MAC (~0.3KB)
- Tier 4 KKW ZK (~0.4KB)