Home / Technology / Cryptography
Technology Deep Dive

Multi-Layer Cryptography

Military-grade encryption, post-quantum security, and zero-knowledge proofs protecting every vote

Defense in Depth

Our Cryptographic Stack

VoteSecured employs a defense-in-depth cryptographic architecture with six distinct layers, each serving a specific security purpose:

Layer 1: Encryption

AES-256-GCM for vote encryption at rest and TLS 1.3 for transmission

Layer 2: Zero-Knowledge

zkSNARK proofs verify vote validity without revealing content

Layer 3: Post-Quantum

Kyber-1024 and Dilithium-87 protect against quantum computers

Layer 4: Integrity

SHA-256/384 hashing and Merkle trees ensure data hasn't been tampered with

Layer 5: Immutability

Blockchain anchoring provides permanent tamper-proof audit trail

Layer 6: Key Management

Hardware Security Modules (HSM) protect cryptographic keys

Encryption

Encryption: AES-256-GCM

What Gets Encrypted

  • Ballot choices: Your vote selections
  • Voter credentials: Authentication tokens
  • Audit logs: System activity records
  • Database records: All stored data

Why AES-256-GCM?

  • NIST Approved: Used by U.S. government for TOP SECRET data
  • NSA Suite B: Approved for national security systems
  • Galois/Counter Mode: Provides both encryption and authentication
  • Hardware accelerated: Fast performance on modern CPUs

Algorithm Details

Algorithm
AES-256-GCM
Key Size
256 bits
Security
Top Secret
Time to Break
Billions of years

How It Works

1. Vote Casting: Voter selects "Candidate B"

2. Encryption: AES-256-GCM encrypts vote → 0x7f3c2a9b...

3. Storage: Encrypted blob stored in database

4. Transmission: Wrapped in TLS 1.3 tunnel for network security

5. Decryption: Only during tallying, with multi-party key ceremony

Future-Proof

Post-Quantum Cryptography

The Quantum Threat

Quantum computers (when they exist at scale) will break current cryptography:

  • RSA: Vulnerable to Shor's algorithm
  • Elliptic Curve: Also broken by quantum
  • Diffie-Hellman: Quantum-vulnerable

Our Solution: NIST Post-Quantum Standards

Kyber-1024

Purpose: Key encapsulation (secure key exchange)

Security: 256-bit post-quantum security

Status: NIST finalist (to be standardized 2024)

Used for: Secure session key establishment

Dilithium-87

Purpose: Digital signatures

Security: 256-bit post-quantum security

Status: NIST finalist

Used for: Vote signing, blockchain transactions

Hybrid Approach

We use BOTH traditional and post-quantum algorithms for defense-in-depth:

  • Today's security: ECDSA (Elliptic Curve) + Dilithium
  • Future security: If quantum breaks ECDSA, Dilithium still protects
  • Backwards compatible: Works with current systems
Data Integrity

Hashing: SHA-256 & SHA-384

What Hashing Does

A hash function converts data into a fixed-size "fingerprint":

  • Input: "I vote for Candidate B in Election 2024"
  • Output: 7a3b2c9f8e1d0a4c... (64 characters)

Properties

  • One-way: Can't reverse hash to get original data
  • Deterministic: Same input always produces same hash
  • Avalanche effect: Tiny change in input completely changes hash
  • Collision-resistant: Nearly impossible to find two inputs with same hash

Where We Use Hashing

  • Vote integrity: Detect if vote has been tampered with
  • Blockchain anchoring: Store vote "fingerprints" on blockchain
  • Password storage: Never store passwords, only hashes
  • Merkle trees: Efficient verification of large datasets

Example: Tamper Detection

Original vote: "Candidate A" → Hash: 3a7b4c...

Hacker changes to: "Candidate B" → Hash: 9f2c1d...

Verification: Hashes don't match → Tampering detected

Verification

Merkle Trees

What's a Merkle Tree?

A data structure that allows efficient verification of large datasets:

                Root Hash
               /         \
          Hash A-B     Hash C-D
         /    \        /     \
      Hash A Hash B  Hash C  Hash D
        |      |       |       |
     Vote A  Vote B  Vote C  Vote D

Merkle Proofs

Prove your vote is included without revealing other votes:

  • Your vote: Vote B
  • Proof needed: Hash A, Hash C-D, Root Hash
  • Verification: Reconstruct path from Vote B to Root
  • Result: Vote B is definitely in the election

Benefits

  • Efficiency: Verify 1 million votes with only 20 hashes
  • Privacy: Don't need to see all votes to verify one
  • Immutability: Changing one vote changes root hash
Key Protection

Key Management: HSM Integration

Hardware Security Modules

Physical devices that protect cryptographic keys:

Certification
FIPS 140-2 Level 3
Tamper Protection
Physical
Key Extraction
Impossible
Used By
Banks, Gov't

What HSMs Protect

  • Master encryption keys: Used to encrypt vote data
  • Signing keys: Create digital signatures
  • Blockchain keys: Submit transactions to blockchain
  • TLS certificates: Secure web communications

Multi-Party Key Ceremony

For maximum security, master keys are split across multiple HSMs:

  1. Key Generation: Master key split into 5 shares
  2. Distribution: Each share stored in separate HSM
  3. Threshold: Need 3 of 5 shares to decrypt
  4. Physical Security: HSMs in different secure locations
  5. Result: No single person can decrypt votes
In Transit

Transport Security: TLS 1.3

Protecting Data in Transit

  • Protocol: TLS 1.3 (latest standard)
  • Key Exchange: ECDHE (Ephemeral Elliptic Curve)
  • Cipher: AES-256-GCM
  • Forward Secrecy: Past communications secure even if key compromised

Certificate Pinning

Mobile apps verify exact certificate to prevent man-in-the-middle attacks:

  • Traditional TLS: Trust any certificate authority
  • Certificate Pinning: Only trust our specific certificate
  • Benefit: Even if CA compromised, attackers can't intercept
Certifications

Compliance & Certifications

Government Approvals

  • FIPS 140-2: Cryptographic module validation
  • NIST SP 800-53: Security controls
  • Common Criteria EAL4+: International security evaluation
  • NSA Suite B: Approved for national security

Industry Standards

  • PCI DSS: Payment card security (key management)
  • SOC 2 Type II: Security, availability, confidentiality
  • ISO 27001: Information security management

Election-Specific

  • EAC VVSG 2.0: Voting system guidelines
  • IEEE 1622: Election data interchange

Open Source & Transparency

  • GitHub: All cryptographic code publicly reviewable
  • Libraries: Industry-standard (OpenSSL, libsnark, etc.)
  • Audits: Third-party security reviews
  • Bug Bounty: Rewards for finding vulnerabilities
Benchmarks

Cryptographic Performance

Benchmark Results (Single Server)

AES Encryption
10K votes/sec
SHA-256 Hashing
50K hashes/sec
zkSNARK Proof Gen
1.2 sec/proof
zkSNARK Verify
8 ms/proof

Scalability

With load balancing across multiple servers:

  • 10 servers: 100,000 encrypted votes/second
  • Blockchain: 10,000 votes/second (Polygon capacity)
  • Bottleneck: zkSNARK proof generation (parallelizable)
Your Questions Answered

Common Questions

Today: No. Current quantum computers have ~100 qubits, need millions to break RSA.

10 years: Maybe. That's why we're implementing post-quantum NOW.

Our approach: Hybrid (traditional + post-quantum) = safe in either scenario.

Software keys: Vulnerable to hacking

HSM keys: Physically protected, tamper-evident

Our implementation: Master keys never leave HSM, split across 5 devices in different locations

Threshold: Need 3 of 5 to decrypt—compromising 2 HSMs gets attacker nothing

AES track record: 25+ years, no practical attacks

Crypto agility: Our architecture allows swapping algorithms

Defense-in-depth: Multiple layers—breaking one doesn't compromise system

Transparency

Open Source & Transparency

Why Open Source Crypto?

  • Security through transparency (no "security through obscurity")
  • Community review by cryptography experts
  • Compliance with open government requirements
  • Trust through verifiability
Related

Learn More

zkSNARK Deep Dive

Zero-knowledge proofs explained →

Blockchain Details

Immutable audit trail →

Technical Docs

Full cryptographic specifications

Academic Papers

Peer-reviewed research

Ready to Explore Our Cryptographic Architecture?

Contact our team to schedule a technical deep-dive or request a security review of our cryptographic implementation.