What if you could confidently just vote from your phone? Imagine having no lines or polling stations. Your vote goes in fully secure and your choice remains absolutely secret. There aren’t any ballot counters because even the government isn’t allowed to see for whom you voted. However, anyone, anywhere, can independently verify that the election results are legitimate, down to the very last vote.
Trust in voting systems and institutions are in decline, creating a real threat to democracy. Citizens who doubt the accuracy of vote counts are less likely to vote at all and have less confidence in their leaders. Authoritarians leverage distrust to proclaim rigged elections, disregard election results, and seize power. To counter this trend, for decades, there have been numerous attempts at a fully secure and protected digital voting system, but every attempt crashed into the same wall.
Until now.
Why Every Digital Voting System So Far Has Failed
The graveyard of failed digital voting experiments shows us that every attempt to digitize democracy crashed against an impossible trilemma. You could have privacy, transparency, or scalability, but never all three.
The Failures
When West Virginia tried blockchain voting with Voatz in 2018, voters had to blindly trust that the company's servers weren't compromised, despite blockchain's supposed transparency. Switzerland suspended its e-voting system in 2019 after researchers found critical security flaws. Moscow's 2019 blockchain voting experiment was cracked by a French researcher in just 20 minutes. The Iowa Democratic caucus app crashed spectacularly in 2020, delaying results for days and fueling conspiracy theories.
The Trilemma
Each failure exposed the same fundamental problem. To make systems fast enough for millions of voters, developers cut corners on privacy. To ensure privacy, they sacrificed transparency. To add transparency, they exposed voter identities.
This wasn't just about bad implementation. It was a mathematical impossibility. When researchers proposed zero-knowledge systems as a solution, they hit a computational wall. Verifying millions of votes would take weeks and cost fortunes. The technology simply couldn't scale.
The Verdict
By 2018, the consensus was clear. The National Academies report essentially declared the problem unsolvable, stating that no known technology could guarantee the secrecy, security, and verifiability needed for elections. Every government that tried learned the same harsh lesson. The math simply didn't work.
That was until our team at Shutter (and several other voting platforms) showed how new cryptographic techniques could solve what once looked impossible.
The Approach that Changes Everything
We realized that the industry was trying to solve the wrong problem.
For years, developers pursued Fully Homomorphic Encryption (FHE) - a technology that allows any computation on encrypted data. Imagine building a Formula 1 car to drive to the grocery store. It’s impressive, but completely unnecessary and impractical for this use case. FHE remains too slow and too expensive for real world elections. It requires massive computational resources for every single vote.
That’s why our team (and other teams such as Secure Internet Voting (SIV) and DAVINCI) focused instead on ElGamal homomorphic encryption. The concept is simple. There’s no need to perform every possible calculation on encrypted votes because the only thing that’s needed is a final, accurate vote count.
When ElGamal encryption is combined with modern zero-knowledge proofs and threshold encryption, we create something remarkable. The votes remain encrypted forever, but anyone can verify that the final tally is mathematically correct. It's like being able to count ballots inside sealed envelopes without ever opening them.
How the Technology Works
Shutter’s Permanent Shielded Voting system secures votes using ElGamal homomorphic encryption. This is a special type of encryption that allows votes to be added together while still encrypted. The election authority never needs to decrypt individual votes to count them. They simply add all the encrypted votes together and decrypt only the final sum.
The logical follow up question then is: couldn’t encrypted votes contain anything, like invalid choices or multiple votes by a single voter? That’s where zero-knowledge proofs come in. When you submit your encrypted vote, you also submit a mathematical proof that demonstrates your vote is valid without ever revealing your vote. The proofs are tied to the unique voter identity, ensuring that each eligible voter can only submit one valid proof per election. If someone tries to vote twice, the system will detect that a proof from that voter already exists and reject the duplicate. The system rejects any vote without a valid proof and any duplicate submissions, making both ballot stuffing and double voting impossible.
The decryption process uses threshold cryptography, where the decryption key is split among multiple independent parties like election monitors, civic organizations and international observers. A predetermined number of these parties (for example, three out of five) must cooperate to decrypt the final tally, since no single entity can decrypt votes alone. This distributed approach eliminates the need for a central authority that made previous digital voting systems vulnerable.
The result? A system that's permanently private, publicly verifiable, and practically scalable to millions of voters.
Why This Matters Now More Than Ever
Trust in elections is collapsing globally. The 2024 Venezuelan election joins a growing list of contested results. A Gallup poll found that 43% of Americans were either “not too confident” or “not confident at all” in the accuracy of U.S. Presidential elections. Social media amplifies every irregularity into a conspiracy. In Nepal, youth protesters chose their interim prime minister through Discord, a gaming platform, after losing faith in traditional institutions, marking the first time a world leader was elected via virtual poll. Paper ballots were once the gold standard, but are now dismissed as easily manipulated.
The sad reality is that an attempt at transparency can expose voters to coercion, and secrecy ends up breeding suspicion. Mail-in ballots can be bought or coerced because voters can prove how they voted. Electronic voting machines are black boxes that voters must blindly trust. Even paper systems have to be manually handled - that rightfully creates doubt.
A Better System is Finally Possible
Shutter's Permanent Shielded Voting system eliminates these trade-offs. It's permanently private. It's also publicly auditable, which means anyone can verify the results without trusting a single authority.
Systems that once required centralized servers vulnerable to hacking can now run on standard smartphones which eliminates single points of attack because there's no central server to compromise.
Shutter's Permanent Shielded Voting system works through simple APIs, meaning any existing election platform could integrate it without rebuilding from scratch. Countries using electronic voting machines could add the system as a privacy and verification layer. Even paper-ballot systems could use it for overseas and military voters who currently face the worst trade-offs between accessibility and security.
It also makes sense from a cost perspective as well, because the computational cost grows linearly with voter numbers, and not exponentially. Verifying 100 million votes is not significantly more expensive than verifying 1,000 votes. At a time when election costs soar past $2 billion in the US alone, this technology could dramatically reduce expenses while actually improving security.
This technology could also seamlessly combine with digital identity verification systems, like cryptographic passports. It could create end-to-end secure voting from identity verification to final tally (which is currently being done by Freedom Tool by Rarimo). This provides a solution that’s remarkably better than physical voting, because it has privacy, it can be audited confidently, and it is bribery resistant.
One remaining challenge is that even though all the code is open, most voters aren’t technically savvy enough to realistically check the zero knowledge proofs that show the election was counted correctly. They still rely on others to do that work. The good news is that anyone with the right skills can review these proofs and share their findings, which creates trust through many independent checks instead of a single authority. And as personal AI coding assistants become widespread, the average voter could soon use tools like ChatGPT to verify the results on their own.
Digital Voting at Scale is Now Ready to Launch
After decades of failed attempts, half-measures, and theoretical papers, the impossible has become inevitable. Shutter’s Permanent Shielded Voting system, and work done by others, show that private and verifiable digital elections are no longer theoretical and are ready for scale.
We now have voting technology that's mathematically guaranteed to be fair, permanently private, and completely verifiable.
The future of democracy is here.
