Secure, Transparent, Fair

Our voting system supports ranked choice voting and is built on cryptographic principles and open-source transparency to ensure every vote counts and can be verified.

Security First

Military-grade cryptography protects every vote from tampering and unauthorized access.

Full Transparency

Open-source code and public audit logs mean anyone can verify the integrity of the election.

Fair Elections

Role-based access, audit trails, and verified voter lists ensure only eligible students can vote once.

How We Ensure Security

HMAC-Protected Vote Hashing
Tamper-Proof

Every vote is converted into a unique cryptographic hash using HMAC-SHA256 (Hash-based Message Authentication Code), a military-grade algorithm that provides both integrity and authenticity verification.

Hash = HMAC-SHA256(electionId | ballotId | voteData | voterId | timestamp, SECRET_KEY)

This deterministic hash acts as a digital fingerprint. Even the slightest change to vote data produces a completely different hash, making tampering immediately detectable.

Protection Against Database Manipulation: The HMAC secret key is never stored in the database or shared with the database hosting provider. This means even if someone has full database access, they cannot modify votes and recalculate valid hashes—any tampering will be immediately detected during verification.

Database Field Encryption
AES-256-GCM

Sensitive personally identifiable information is encrypted at rest using AES-256-GCM encryption, the same standard used by governments and financial institutions worldwide.

  • Student IDs are encrypted in the database, protecting against data breaches and unauthorized access
  • Transparent encryption: Data is automatically encrypted when stored and decrypted when retrieved by the application
  • Database host cannot read encrypted fields without the encryption key, which is never shared with them
  • Meets compliance requirements for GDPR, FERPA, and other data protection regulations

Defense in depth: Even if someone gains unauthorized access to the database, encrypted fields remain protected. The encryption keys are managed separately and never stored in the database itself.

Merkle Tree Proofs
Mathematical Verification

After an election closes, all vote hashes are organized into a Merkle tree—a cryptographic data structure invented by computer scientist Ralph Merkle in 1979. This mathematical framework is used to verify large datasets efficiently and securely, including in distributed systems, secure file storage (IPFS), and version control systems like Git.

  • The tree creates a single root hash that mathematically represents all votes in the election
  • You can verify your vote is included without revealing how you voted
  • Anyone can verify that no votes were added, removed, or modified after the election closed
  • Verification requires only log₂(n) hashes, making it efficient even for elections with thousands of votes

How it works: After voting, you receive a receipt with your vote hash. You can use this hash on the verification page to generate a cryptographic proof that your vote is included in the Merkle tree, without revealing your choices. The mathematical properties of hash functions ensure this proof cannot be forged.

Multi-Layer Tamper Protection
Database-Agnostic Security

Our system employs multiple layers of protection to detect any vote tampering, even by database administrators:

  • HMAC Protection: Vote hashes require a secret key to generate—database admins cannot recalculate valid hashes if they modify vote data
  • Field Encryption: Student IDs are encrypted in the database using AES-256-GCM, protecting personally identifiable information
  • Deterministic Verification: The same vote data always produces the same hash—if data is altered, the hash won't match
  • Students can verify their own vote integrity by providing their student ID on the verification page
Comprehensive Audit Logging

Every action in the system is logged with tamper-proof records:

Logged Events Include:

  • • Election creation and modifications
  • • Ballot and candidate additions
  • • Vote submissions
  • • Voter list uploads
  • • Deadline extensions
  • • Results finalization

Each Log Contains:

  • • User ID and role
  • • Exact timestamp
  • • Action performed
  • • IP address
  • • Changed data (before/after)

Chief Returning Officers can review complete audit trails to investigate any concerns about election integrity.

Transparency & Fairness

Eligible Voter Verification
  • Elections are restricted to verified student lists (typically imported via CSV)
  • Each student can vote exactly once per election (enforced by the database)
  • Vote submissions are validated against the eligible voter list in real-time
  • Supports ranked choice voting with instant runoff algorithm for multi-candidate races
Public Results & Verification
  • Election results are publicly viewable after the CRO finalizes them
  • Detailed vote counts, percentages, and winner determination are transparent (including round-by-round breakdowns for ranked choice races)
  • Anyone can verify votes using the public verification tools—no login required
Open Source & Community Driven
Apache 2.0 Licensed

This voting system is completely open source and available on GitHub. This means:

  • Full Code Transparency: Anyone can review the source code to verify there are no backdoors or vulnerabilities
  • Security Audits: Security researchers and developers can audit the cryptographic implementation
  • Community Contributions: Improvements and bug fixes can be submitted by anyone via pull requests
  • Other Organizations Can Use It: Any student government or organization can deploy their own instance

View the code: github.com/csaguelph/voting

Questions about election security? Contact the Chief Returning Officer or view the source code on GitHub.