The goal of this BSI study is to provide a systematic and well-founded introduction to the complex world of end-to-end verifiable online voting.

In today’s digital world, many elections are conducted online. In such elections, however, there is a risk that voters’ votes may be altered unnoticed by the voting system as they pass through electronically, and therefore the will of the voters may not be accurately reflected in the final result. End-to-end verifiability is the gold standard to address this problem. With this fundamental property, it is possible to independently verify that the final result matches the votes received, even if parts of the voting system do not work correctly.

Over the past decades, many methods for online voting have been proposed, implemented and analyzed to provide end-to-end verifiability without compromising the secrecy of the voter’s vote and overall usability. These works represent a vast body of knowledge, making it difficult to understand which of the proposed methods are the most appropriate and how they can be combined to realize end-to-end verifiable online voting.

The key findings are as follows:

• Holistic view: In order to assess whether an online voting system meets the desired characteristics, it is important to know what each method does, but ultimately it is key to look at the voting system as a whole. In particular, even if the individual methods work properly, they must be linked together correctly to provide end-to-end verifiability.

• Trust assumptions: The ultimate goal of verifiable online voting systems with vote secrecy is to reduce the required trust in the various system components as much as possible. To effectively distribute trust in practice, it must be ensured that these parties are truly independent of each other.

• Verifiable tallying: We can expect any state-of-the-art verifiable online voting system to combine a secret ballot technique with a verifiable privacy-preserving tallying technique. In this way, independent auditors can verify the correctness of the election result, without having to trust the tallying authority, while keeping individual votes secret.

• Voting device verification: There is no one-size-fits-all solution to protect against possibly corrupted voting devices. Which voting device verification mechanism is appropriate for a given election depends on various election-specific requirements.

• Everlasting privacy: In many elections, it is necessary to protect privacy not only in the foreseeable future, but also in the long run, e.g. against quantum adversaries. There are feasible approaches to guarantee this property, called everlasting privacy, towards anyone who wants to verify the election, i.e., without compromising verifiability.

This study provides developers, regulators, researchers, election officials, decision makers, and all interested parties with a powerful toolbox for end-to-end verifiable online voting.