E
Election ObserversElection ProtocolsElectronic Voting LawsEmail VotingEnd-to-End Encryption
Show all topics
Technology & Security

End-to-End Encryption

Content

End-to-end encryption (E2E) in online voting ensures that a ballot is encrypted on the voter's device and remains encrypted throughout transmission and storage, only being decrypted during the final tallying process. This means that no server, administrator, or intermediary can read or modify individual votes at any point in the process.

What is end-to-end encryption?

End-to-end encryption is a security method where data is encrypted at its origin and only decrypted at its intended destination. In the context of online voting, the "origin" is the voter's device and the "destination" is the tallying process. Unlike transport-layer encryption (such as HTTPS), E2E encryption protects data even if the server infrastructure is compromised.

How E2E encryption works in online voting

The process follows a structured sequence:

  1. Key generation: Before the election, cryptographic keys are generated and distributed among multiple trustees
  2. Ballot encryption: The voter's device encrypts the ballot using the election's public key
  3. Transmission: The encrypted ballot is transmitted to the voting server
  4. Storage: Votes are stored in encrypted form — the server never sees plaintext ballots
  5. Tallying: Trustees combine their key shares to decrypt and count votes collectively

The encryption lifecycle of a vote

From the moment a voter makes their selection to the final result, the vote passes through several cryptographic stages. Each stage is designed to protect ballot secrecy while enabling verification. The encrypted ballot is signed, timestamped, and stored alongside cryptographic proofs that allow anyone to verify the election's integrity.

Key management and distribution

Secure key management is the foundation of E2E encrypted voting. The decryption key is typically split among multiple trustees using threshold cryptography. This means that no single person can decrypt votes alone — a predefined number of trustees must cooperate. This distributed approach prevents insider attacks and builds trust in the system.

NemoVote uses AES-256 encryption for all data transmission and storage, combined with cryptographic vote separation that ensures voter identity and ballot data are strictly separated — keeping votes confidential and tamper-proof.

Homomorphic encryption in voting

Homomorphic encryption allows mathematical operations on encrypted data without decrypting it. In voting, this means encrypted ballots can be aggregated to produce an encrypted total, which is then decrypted only once to reveal the final result. Individual votes are never decrypted, providing an additional layer of privacy protection.

Verifiability and encryption

E2E encryption enables two critical forms of verifiability:

  • Individual verifiability: Voters can confirm that their vote was recorded correctly using a verification code
  • Universal verifiability: Anyone can verify that all recorded votes were counted correctly using publicly available cryptographic proofs

This dual verifiability ensures that encryption enhances rather than undermines transparency.

Protection against server-side attacks

One of the primary advantages of E2E encryption is protection against server compromises. Even if an attacker gains full access to the voting server, they cannot read individual votes because the server never possesses the decryption key. This fundamentally changes the security model compared to systems that rely solely on server-side protections.

E2E encryption vs. transport encryption

Transport encryption (TLS/HTTPS) only protects data while it is in transit between the voter's device and the server. Once data reaches the server, it is decrypted and stored in plaintext. E2E encryption is strictly superior for voting because it protects data at rest on the server as well. Organizations should ensure their voting platform uses true E2E encryption, not just transport-layer security.

Performance and scalability

E2E encryption introduces computational overhead that must be managed carefully. Modern implementations optimize performance through efficient cryptographic algorithms and parallel processing, client-side encryption that distributes the computational load, batched tallying processes, and pre-computation of cryptographic parameters before the election begins.

Regulatory requirements

Data protection regulations such as the GDPR encourage encryption as a technical measure to protect personal data. In the context of GDPR-compliant voting, E2E encryption helps organizations meet their obligations to protect voter data through appropriate technical and organizational measures.