Skip to main content

How it works

The election lifecycle

1. Setup

The administrator logs into the admin panel, creates the event, and configures ballots, sessions, and contests. The voter registry is imported and verified. This phase happens while the event is in Draft stage; no changes are possible after the election starts.

2. Trustee key generation

Before voting begins, each trustee receives an email with a secure link. They generate a cryptographic key pair in their browser, download both keys, and upload the public key back to Electobox. The private key never leaves their device. As a final step, trustees re-upload their private key file to verify they have saved it correctly.

All trustees must complete this before the election can start.

3. Voting

The administrator clicks Start. Electobox generates a unique one-time voting link for every eligible voter and delivers it by email or SMS.

Voters click their link, optionally verify their identity, make their selections, review them, and confirm submission. Their ballot is encrypted on their device before it is transmitted.

The administrator can monitor participation in real-time, send reminders, pause and resume voting, and handle individual voter issues throughout this phase.

4. Closing and anonymization

When the administrator closes the election, Electobox immediately anonymizes all submitted ballots. This is a cryptographic process that permanently severs the link between each ballot and the voter who cast it. After anonymization, it is impossible to determine who voted for what.

5. Trustee decryption

Each trustee receives a decryption email. They open the secure link, upload their private key file, and their browser performs partial decryption locally. The key never leaves their device. Once every trustee has submitted their partial decryption, the results are unlocked.

6. Results

The administrator views the final tally and can export results as a PDF, a voter participation list, and a full anonymized ballot export for independent audit.

Why trustees?

The trustee model ensures that no single party can access election results unilaterally:

  • Electobox holds encrypted votes but cannot decrypt them alone
  • Each trustee holds one portion of the decryption key but cannot decrypt alone
  • Only the combined action of all trustees produces the result

This means the electoral committee, not the software vendor, controls the outcome.