Blockchain voting architecture for national elections: resilience architecture

. The conclusion was clear: the encryption parameters were so weak that it was possible to decrypt voters' ballots in real time in twenty minutes using a standard laptop and publicly available software Gaudry, Golovnev, 2019. It wasn't a hack — it was a mathematical solution to a problem that the system's developers apparently thought would be unsolvable within a reasonable timeframe. The encryption key was based on 256-bit ElGamal parameters: with such a key size, the discrete logarithm problem can be solved in minutes on an ordinary laptop.

Godri published the result, notified the developers, and pointed to a specific fix: switch to parameters of at least 2048 bits or, preferably, use elliptic curves with equivalent security at a smaller key size. The vulnerability was closed within hours. But the very fact of its existence points not to a mistake made by a single engineer — parameters that an experienced cryptographer would recognize as weak at first glance passed through all stages of the design, development, and pre-launch testing of a national-scale system. At no stage of the development and approval process was there an independent check on this, separate from the developers' team. Both flaws were found by external researchers — on their own initiative, before the voting began.

The context in which this occurs is very important. Edelman Trust Barometer records the same trend over the last decade: trust in government institutions, especially politicians and officials, is declining in almost all regions of the world — in both democracies and authoritarian regimes alike. In 2025, governments remain the least trusted of the four key institutions, trailing behind business, NGOs, and media. In several countries with elections, trust in authorities drops particularly sharply, creating the impression that political institutions — from parliaments to ruling parties — do not reflect citizens' interests. It is against this backdrop that the question arises, which blockchain formulates: what if the counting architecture were transparent, secure, and to some extent independent of the operator?

Between 2018 and 2021, eight countries deployed blockchain voting systems or conducted public experiments with them. By 2024, none of them had reached the level of national parliamentary elections with independent mathematical verification. Analyzing why each stopped where it did reveals a pattern: in eight completely different contexts, failures occur at one of three levels — the technical foundation, institutional conditions, and political readiness. These three levels — technical, institutional, and political — are observed in all eight cases, in different combinations and with varying consequences.

Cryptographic Foundation

Democratic voting requires the simultaneous fulfillment of two properties that, in the classical database architecture, are mutually exclusive.

The secrecy of the vote — in a democratic reading of this principle — is not just about confidentiality. It is fundamentally important that the voter themselves cannot prove to a third party how they voted. This property is called receipt-freeness — the absence of a receipt. A system without it is vulnerable to coercion. This is why physical booths are used, which protect not because they are securely guarded, but because they structurally eliminate the very possibility of recording a choice.

Verification requires the opposite: each vote must be verifiable. The voter must be able to confirm that their vote was included in the final tally. Any observer should be able to independently reproduce the results — without access to the contents of individual votes.

Jean-Jacques Rousseau insisted that the sovereign will of the people is delegated to no one — it must be expressed directly. Three centuries later, the very act of counting is delegated to servers and organizations whose proper functioning the citizen cannot verify or cryptographically challenge. Philip Pettit, in the theory of republican non-domination, defined freedom structurally: one is free who is not subject to arbitrary power — power that can be exercised, even if it is not exercised now. A state that technically can alter the outcome of a vote already possesses that power — regardless of whether it uses it.

A mathematical solution to the paradox appeared long before blockchain. In 1981, David Chaum published the work “Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms”, where he introduced the definition:

“A digital pseudonym is a public key for verifying signatures of the anonymous holder of the corresponding private key. A registry of such pseudonyms is created by an authoritative entity that decides whose requests to approve, but the entity itself cannot trace the pseudonyms in the final list.”

Already in the following year, 1982, he brought the idea to a practical mechanism in his work "Blind Signatures for Untraceable Payments", explaining the principle of "blind signature" through a precise analogy: "It is like a notary certifying a signature on a closed envelope, without knowing its contents" — meaning the signer only sees the mathematical hash, but not the message itself. This tandem of two works — digital pseudonyms plus blind signatures — became the cryptographic foundation for all subsequent anonymous electronics: from DigiCash to end-to-end verifiable voting systems such as Punchscan and Scantegrity, where the voter receives confirmation of their vote being counted, without revealing their choice.

Modern implementations rely on two tools:

Zero-Knowledge Proof (ZKP). Proof of knowledge without disclosure: the voter proves that their encrypted vote contains a correct value (0 or 1) without revealing which one. Imagine: you want to prove to the election commission that you cast exactly one vote — not zero, not two — but without disclosing for whom. ZKP allows you to provide a mathematical proof of correctness: "in this encrypted ballot, there is exactly one choice." The system accepts the proof and counts the vote. Who exactly voted for whom is not revealed to either party.

Homomorphic encryption ElGamal. Imagine: each voter has a sealed envelope with a number inside: 1 for one candidate, 0 for another. The ElGamal scheme, 1985 allows the numbers in all the envelopes to be summed into one final number, without opening any envelope individually. Everyone sees the total — 847 votes for A, 653 for B. No specific choice is revealed. This mathematics is the basis for verifiable secret voting. And it collapses when the wrong parameters are chosen: Godri showed that with a 256-bit key, "decrypting" each envelope takes twenty minutes on a standard laptop.

Blockchain in this architecture serves one function: it acts as a public ledger, into which nothing can be added or altered after the voting has closed. Adding votes retroactively is a classic attack vector on centralized systems. The academic systems Helios and Belenios solved this issue through a trusted server. Blockchain removes the very concept of "trusted": the rules for maintaining the ledger are embedded in the protocol, not in the integrity of the operator.

Level One: Technical Foundation

Moscow DEG. The remote electronic voting system launched for the 2019 Moscow City Duma elections initially solved a pragmatic task: reducing the burden on polling stations and allowing those who could not attend in person to vote. A private type blockchain was chosen—a closed network under government control, in which it was impossible to participate as an independent node. However, just weeks before the election, the system’s code was published on GitHub: anyone could check the implementation and get rewarded for finding vulnerabilities. It was through this public repository that Godri gained access to the code.

The ElGamal scheme was proposed by Taher El-Gamal in 1985 based on the computational capabilities of that time. By 2019, the parameters that experts considered acceptable forty years ago had long been recognized as insufficient: NIST recommends at least 2048 bits for discrete logarithmic schemes. The Moscow system used 256-bit parameters—a level of protection that, by modern standards, can be cracked in minutes.

Godri reported the issue and suggested a concrete minimum: at least 2048 bits, or switching to elliptic curves (Curve25519), where comparable strength is achieved with a smaller key size. The developers increased the parameters to 1024 bits. After that, Harvard mathematician Alexander Golovnev discovered a second vulnerability in the fixed version: one bit of data leaked from the encrypted votes, which were published in real-time, allowing the intermediate count of votes for candidates to be tracked. Both flaws were fixed before the voting began.

Voatz (West Virginia / Denver, 2018–2020). A mobile voting application for military personnel abroad. MIT researchers discovered a fundamental architectural problem: the identity of the voter and their specific choice could be traced through the company's servers. Identity verification and vote registration occurred through a single node controlled by Voatz — a traceable link between the voter and their choice was maintained. The application’s code was closed before launch. Audit logs were stored there as well — with the operator. Blockchain was present, but only for storing transaction hashes: it recorded the fact of votes being cast, but did not protect their contents. Cryptographic protection of the secrecy of the vote at the application level simply did not exist.

Helios (2008 → today). Ben Adida's system has been used in real elections since 2008 — Catholic University of Leuven, International Association for Cryptologic Research (IACR), and several universities worldwide. Full implementation of ZKP + homomorphic encryption: the voter verifies that their vote made it to the public ballot; any observer verifies the correctness of the final tally. However, Helios uses a trusted web server as the registry — not a public blockchain. For small organizations, this is acceptable: the stakes are low, and institutional trust in the university is sufficient.

Level Two: Institutional Conditions

Agora / Sierra Leone (2018). The company conducted a parallel count in the parliamentary elections without the authorization of the election commission. The results matched the official ones and were recorded in the blockchain. Technically, it appears to be correct. The Sierra Leone Election Commission responded firmly: Agora is not an authorized participant in the process, and the data holds no legal force; the statement about "the first blockchain elections" is misleading. The technology worked. But elections are not just about correct counting. It is an act with legal consequences, and participants can only be involved by decision of the relevant institution. Reproducing the electoral procedure externally means conducting a different procedure, even if the math is the same.

Tsukuba, Japan (2018). The first case where the national ID system — Japan's My Number — was used for authorization in blockchain voting on urban development issues. Full institutional authorization by the municipality, existing legal framework. The pilot demonstrated the viability of integrating digital identification and blockchain. The limitation that immediately became apparent was not technical: My Number did not cover the entire population, and part of the citizens were structurally excluded from voting. A solution exists and is applied in other contexts: a phased transition, where the digital system complements traditional voting for those included in it, without replacing it for everyone else. Tsukuba showed that the integration of the national ID system with the blockchain registry works technically — the issue of coverage is more about inclusion policy than platform capabilities.

Voatz (continued). The same system reveals a second kind of failure: not the absence of authorization, but the lack of independent audit as a mandatory requirement. There is no unified federal standard for remote electronic voting in the U.S. West Virginia granted Voatz access to real voting in 2018 without prior independent verification. The MIT analysis became possible only in 2020 — not at the request of the regulator, but by public demand. The example of Voatz demonstrates that technical and institutional levels do not replace each other: formal authorization does not protect against architectural vulnerabilities, and even correct architecture does not compensate for the lack of mandatory audit. Both violations are independent — and each of them is sufficient to compromise the system.

Level Three: Political Readiness

Zurich, Switzerland (2018). A canton with a tradition of direct democracy and consultative voting at the community level. The first vote on the public Ethereum blockchain was not a technological experiment layered over an existing practice—it was a continuation of it. A smart contract was deployed on the public network: after publication, no one, including the canton, can alter the contract rules. Adding a vote after the ballot box is closed is impossible due to the network protocol. Zurich is the only case where all three levels are implemented at least at the municipal level: correct cryptography, full institutional authorization, and political willingness to accept the result.

Seoul, S-Coin (2019). A platform for civic participation in the distribution of the district budget. Blockchain for transparent tracking of votes on urban development issues. The system still operates today—precisely because the stakes are manageable, and an institutional corridor has been predetermined: S-Coin does not aim to replace representative elections. Where political consequences are predictable and limited, it is much easier to accept an unadjusted result.

Three Levels: Designing a Resilient System

Eight cases describe the same structure from different angles. From this, a common architecture emerges:

Technical foundation—these are specific engineering solutions that are independently verified before launch.

Cryptographic minimum: ZKP for validating each vote without revealing its content; additively homomorphic encryption for counting without decryption; parameters conforming to current durability standards. Godfrey's recommendation is specific: for classic ElGamal—at least 2048 bits; for modern implementations—elliptic curves (Curve25519, P-256), where 256 bits provide sufficient durability with much less computational weight.

Architectural minimum: Verification of voter identity and encryption of their vote—two independent steps with a cryptographic gap between them. No link between a specific person and their vote should exist at any node in the system after the vote is encrypted. Voatz violated this principle—and this is what made de-anonymization possible.

Openness of code and parameters prior to deployment is not a signal of transparency for PR, but a condition for independent verification. Closed code on an open blockchain creates an illusion of verifiability.

Institutional conditions are the structure that makes independent verification mandatory, not merely possible.

Legal authorization of the system as an official voting tool is a necessary condition for the legal validity of the result. Agora demonstrated this by contradiction: a mathematically correct result without authorization does not exist as an electoral act.

A mandatory independent audit before launch—conducted by a structure with no financial or institutional ties to the operator—is a systemic requirement, not an option. Its absence in the approval chain is precisely what allowed a 256-bit parameter to pass through all stages of development. If such an audit is not required by the regulatory framework, it will not be conducted—both cases with critical vulnerabilities demonstrate this.

A public blockchain, not a private one controlled by the operator: the consensus rules are independent of any single participant. This is a fundamental choice—not of technical architecture, but of purpose. A private blockchain under government control solves the problem of protection against external attacks. It does not solve the problem of independent verification—because the operator still controls the rules.

Political readiness is a level that cannot be engineered technically.

Zug works not only because it has the right cryptography. It works because the cantonal political culture—a tradition of direct democracy, consultative referendums, and horizontal self-governance—has created an environment in which accepting an unadjusted result is the norm, not a sacrifice. S-Coin in Seoul is stable because it operates in a pre-limited space: the stakes are manageable, and there is sufficient political will for this scale.

What a working system is made of and why it does not yet exist

The matrix shows not only where each system stopped — it shows where each of them was closest to a solution. Zug completed the political and institutional levels but operates at the municipal scale. Helios and Belenios completed the cryptographic level and proved its functionality in real elections. Tsukuba showed how the state ID system can be integrated with a blockchain registry at the authorization level. S-Coin demonstrated how to scale gradually, avoiding high political stakes immediately.

None of the systems combined these blocks — not because it is architecturally impossible, but because in each case, one of the levels remained incomplete. Moscow’s DEG ran into the absence of independent auditing: parameters from 1985 passed all approvals unnoticed. Voatz encountered the lack of both auditing and proper identification architecture. Agora lacked institutional recognition. All three levels are independent, and failure at any one of them is sufficient.

A hypothetical system that closes all three levels looks like this. The cryptographic stack of Helios or Belenios — ZKP plus additive homomorphic encryption with correct parameters — is deployed over a public blockchain: not a private government network, but an open registry whose rules are independent of the operator. Identity verification is organized through the state ID infrastructure based on the Tsukuba model, with gradual inclusion and parallel retention of traditional voting for those whom the digital system has not yet covered. Before launch — mandatory public crypto audit with open code and parameters. Afterward — the opportunity for anyone to reproduce the final count themselves.

Thus, the implementation of blockchain voting at the national parliamentary level is not a technical, but an institutional task: a legal framework, public audit, and political willingness are needed to accept results that cannot be changed retroactively. The first step toward this could be a sustainable municipal or regional pilot based on the Tsug or Helios model, where open architecture and verifiability create the foundation for trust in elections not as an institution, but as a process.