A secure online primary for President

After the first Presidential debate, we sprinted for two weeks to pull together the Democratic primary that should have happened much earlier. It used modern cryptography to allow people to vote from home, for free, with minimal fraud risk, and with publically auditable results.

This was the voting flow:

Final results

The primary ran for only a few days before Joe Biden stepped down and demand evaporated. In total, 230 votes were cast, with 11% (25) completing full passport verification.

Ranked Robin Voting System

We used a ranked-choice voting system called Ranked Robin. Voters ranked everyone in order of preference instead of just voting for just one. To figure out who won, all the candidates are compared in 1-1 match-ups against each other to see who was ranked higher by the most voters. Whoever wins the most match-ups is declared the winner.

This system allows you to vote for your true preferences without worrying about "wasting" your vote. You can put a less well-known candidate as your top choice and still have your vote count towards more popular candidates if your first choice doesn't win. This encourages honest voting and removes the risk of one candidate "spoiling" the votes of another, while ensuring your vote always has an impact on the final outcome. For a detailed analysis of this voting system, see why the Equal Vote Coalition strongly recommends it.

1-1 Matchup wins

Candidate	Matchups Won
👑 Gretchen Whitmer	9
Pete Buttigieg	8
Gavin Newsom	7
Dean Phillips	6
Kamala Harris	5
Bernie Sanders	4
Joe Biden	3
Elizabeth Warren	2
Robert Kennedy Jr	1
Marianne Williamson	0

All 230 VotesVerified Only

Gretchen Whitmer was ranked above everyone else

It doesn't always happen this way, but in our case Gretchen Whitmer was actually preferred over each other option by a majority of voters. This doesn't mean everyone ranked her first, it just means that on average, she was higher on voters' ballots than each other candidate.

GW win

Tie

GW loss

Gretchen Whitmer

64%

32%

Pete Buttigieg

Gretchen Whitmer

64%

36%

Gavin Newsom

Gretchen Whitmer

72%

20%

Dean Phillips

Gretchen Whitmer

80%

16%

Kamala Harris

Gretchen Whitmer

76%

20%

Bernie Sanders

Gretchen Whitmer

80%

16%

Joe Biden

Gretchen Whitmer

92%

Elizabeth Warren

Gretchen Whitmer

84%

16%

Robert Kennedy Jr

Gretchen Whitmer

84%

Marianne Williamson

All 230 VotesVerified Only

Joe Biden vs. The World

How did people rank Joe Biden relative to other candidates? Or in other words, how much did voters want Joe Biden to step down in favor of someone else?

JB higher

Tie

JB lower

Joe Biden

16%

80%

Gretchen Whitmer

Joe Biden

88%

Pete Buttigieg

Joe Biden

84%

Gavin Newsom

Joe Biden

20%

12%

68%

Dean Phillips

Joe Biden

28%

12%

60%

Kamala Harris

Joe Biden

40%

12%

48%

Bernie Sanders

Joe Biden

44%

16%

40%

Elizabeth Warren

Joe Biden

48%

12%

40%

Robert Kennedy Jr

Joe Biden

64%

16%

20%

Marianne Williamson

All 230 VotesVerified Only

All head-to-head matchups, win percentage

Of the people who expressed a preference between each pair, what percent of the time was the person on the left ranked above the person at the bottom?

⬆️ beats ➡️	Gretchen Whitmer	Pete Buttigieg	Gavin Newsom	Dean Phillips	Kamala Harris	Bernie Sanders	Joe Biden	Elizabeth Warren	Robert Kennedy Jr	Marianne Williamson
Gretchen Whitmer (9 wins)	-	67%	64%	78%	83%	79%	83%	96%	84%	91%
Pete Buttigieg (8 wins)	33%	-	63%	78%	67%	83%	96%	83%	83%	91%
Gavin Newsom (7 wins)	36%	38%	-	58%	67%	75%	91%	88%	83%	87%
Dean Phillips (6 wins)	22%	22%	42%	-	57%	57%	77%	68%	81%	84%
Kamala Harris (5 wins)	17%	33%	33%	43%	-	62%	68%	71%	65%	81%
Bernie Sanders (4 wins)	21%	17%	25%	43%	38%	-	55%	57%	62%	79%
Joe Biden (3 wins)	17%	4%	9%	23%	32%	45%	-	52%	55%	76%
Elizabeth Warren (2 wins)	4%	17%	13%	32%	29%	43%	48%	-	62%	65%
Robert Kennedy Jr (1 win)	16%	17%	17%	19%	35%	38%	45%	38%	-	53%
Marianne Williamson (0 wins)	9%	9%	13%	16%	19%	21%	24%	35%	47%	-

Audit these results yourself

If you're surprised by the result, you don't have to take our word for it—thanks to Proof of Passport and SIV, we have a privacy-preserving paper trail so you can verify for yourself that all of these votes came from unique US citizens.

1. Only unique US citizens were counted

Try creating a fake proof by editing the data, and see if it passes verification. Edit the verification code to see for yourself what's happening under the hood. Refresh the page to reset the data.

Verification Code

async function verifyProofs(proofData) {
  // external values used: snarkjs, verifyDSCValidity, splitToWords, n_dsc, k_dsc, numberToString, node_forge, vkey_register
  // inspect the source here: https://www.npmjs.com/package/@proofofpassport/sdk/v/1.3.9?activeTab=code
  const proof = proofData.localProof;
  const dscCertificate_stringified = proofData.dscCertificate;

// helper functions
  const getDSCModulus = (proof) => proof.publicSignals.slice(1, 18);
  const areArraysEqual = (arr1, arr2) =>
    arr1.length === arr2.length &&
    arr1.every((value, index) => value === arr2[index]);
  const getRegistrationID = (proof) =>
    numberToString(BigInt(proof.publicSignals[18])).replace(/\u0000/g, "").trim().slice(-10);

// verify the proof that dscCertificate signed the passport data saying they are a US citizen
  const verified_register = await snarkjs.groth16.verify(
    vkey_register,
    proof.publicSignals,
    proof.proof,
  );
  if (!verified_register) throw Error("zk proof is invalid");

// verify that this certificate is itself is valid and signed by the US government
  const dscCertificate = node_forge.pki.certificateFromPem(
    dscCertificate_stringified,
  );
  const verified_certificate = verifyDSCValidity(dscCertificate);
  if (!verified_certificate) throw Error("dscCertificate is invalid");

// confirm that the valid certificate matches the one claimed in the proof
  const dsc_modulus = BigInt(dscCertificate.publicKey.n);
  const dsc_modulus_words = splitToWords(
    dsc_modulus,
    BigInt(n_dsc),
    BigInt(k_dsc),
  );
  const modulus_from_proof = getDSCModulus(proof);
  const verified_modulus = areArraysEqual(
    dsc_modulus_words,
    modulus_from_proof,
  );
  if (!verified_modulus) throw Error("certificates do not match");

// from the now valid proof, return the voter registration id and the passport nullifier to check for double voting
  return {
    registrationId: getRegistrationID(proof),
    nullifier: proof.publicSignals[0],
  };
}

This code confirms two key things:

This voter has passport data with the claimed Nullifier, and they intended to verify on behalf of the claimed Registration ID. (explained below)
That passport data was digitally signed by the US Government.

Citizenship Proofs

Voter 1

{
  "localProof": {
    "proof": {
      "pi_a": [
        "15847710745968692313605098323684849431171623475299335455647071132309685699584",
        "2928267967273925362781139169908417793645775660534663636904702544065243165061",
        "1"
      ],
      "pi_b": [
        [
          "9942900062782708872859231326663374509705178277415376571139570832073113159924",
          "10899974230495521018603019101653305909766873150862730846327861501967958094885"
        ],
        [
          "5407150158837550245801777758199658374117833971540859349992494360976310898861",
          "3649274471804404706323257521804444487139099358114432729259966969984902311926"
        ],
        [
          "1",
          "0"
        ]
      ],
      "pi_c": [
        "21587707717565268731412599000310805966984597352817285857092688643688364237036",
        "20591731989406116550400443338548285556821722387811647090112325585036472065592",
        "1"
      ],
      "protocol": "groth16",
      "curve": "bn128"
    },
    "publicSignals": [
      "20681415922095154348142223118313990790898003253200366360008852709513269296023",
      "1782382303269401346270149271389890471",
      "1533797744867565646851247770614127932",
      "1817743761837124893879337177140220761",
      "2380812458281033508584285525388933003",
      "104186193602965874237024397057032418",
      "251389726652594761667241241388423729",
      "2610118011135026304327905699776202026",
      "1064069054523500646205493958948161714",
      "760715712868330683525959614853471582",
      "1258704325773372398813716163663739194",
      "2385479798927828099083366598029934895",
      "1543978258791334644725096559352643474",
      "1659005204466356305322943579523016014",
      "98552110361172169892025256751790831",
      "42902963999456897038124154281007665",
      "285122806796426852874801255216592402",
      "3787095495210355308503818737147743",
      "49053098097048049050098049053"
    ]
  },
  "dscCertificate": "-----BEGIN CERTIFICATE-----MIIGTDCCBDSgAwIBAgIETjJrTTANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1UuUy4gR292ZXJubWVudDEcMBoGA1UECwwTRGVwYXJ0bWVudCBvZiBTdGF0ZTENMAsGA1UECwwETVJURDEiMCAGA1UECwwZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEpMCcGA1UECwwgVS5TLiBEZXBhcnRtZW50IG9mIFN0YXRlIE1SVEQgQ0EwHhcNMTcwNTEwMjE0MDEwWhcNMzIwOTEwMDQwMDAwWjCBiTELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1UuUy4gR292ZXJubWVudDEcMBoGA1UECwwTRGVwYXJ0bWVudCBvZiBTdGF0ZTENMAsGA1UECwwETVJURDEZMBcGA1UECwwQRG9jdW1lbnQgU2lnbmVyczEYMBYGA1UEAwwPRFMgMjAxNzA1MTAxNzU4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAurfdg4ZguU88XZWZ318bdNHiPVp8kQnpWDaoGwkCENHiUlpR7EwdRbyrBoxCX1/QYR5V3DLNP2+cP13z+DRY7LJDt/k38mspplTpSuALHpyWEuXLqwebE/yXLbTwOnf5/y08AvWXhAS95NXUSGC6TpUlXxscR3J0koIuLIUjjm98Segflt1eZndT0g+8Mb42W78GOARZfawwOl2XIKbHPnJ5PyFKhg1PDf5BAjsuxueC/tNGIUEMaj1BHURbZNopw3gOLlQ473z2R5CUOQsE0i28XXhWv1KzguNJwa957kNNZk7MInpoAsVEasaxr4i6eVdGO3muD0ua374G+E5npwIDAQABo4IBnjCCAZowDgYDVR0PAQH/BAQDAgeAMIIBGQYDVR0gBIIBEDCCAQwwggEIBgpghkgBZQMCAQZkMIH5MIH2BggrBgEFBQcCAjCB6TAfFhhVLlMuIERlcGFydG1lbnQgb2YgU3RhdGUwAwIBARqBxVRoaXMgcGFzc3BvcnQgYW5kIHRoZSBkaWdpdGFsIGNlcnRpZmljYXRlIG9uIGl0cyBlbWJlZGRlZCBjaGlwIGFyZSB0aGUgcHJvcGVydHkgb2YgdGhlIFVTIGdvdmVybm1lbnQuICBBbnkgdW5hdXRob3JpemVkIHVzZSBvciBhdHRlbXB0ZWQgY2hhbmdlIG9yIHRyYW5zZmVyIGlzIHByb2hpYml0ZWQgYW5kIG1heSBiZSBwdW5pc2hlZCBieSBsYXcuMCsGA1UdEAQkMCKADzIwMTcwNTEwMjE0MDEwWoEPMjAxNzA5MTIwNDAwMDBaMB8GA1UdIwQYMBaAFOYtZRb2Fahq54nugTy/Ph3CoID0MB0GA1UdDgQWBBRRaOO8CKMUWgFt/kHJJo+ojY94+zANBgkqhkiG9w0BAQsFAAOCAgEAbWM3Z/1Pr/n+fD9bh1mm2vZz8coNvy8auiCiiNfEbGt2wK8IuekCHjg11tAdX7Z2xLWWabkXzkICAW1XNnhSdPJO8fi89FDglcSma7dLyoLeeBDJyJaC+DaTQD361E5PEaiMmsq9Q8o+pBgD92NitbAM1/pN/PkrEW4iTDRYLerHtUT19ZuQh0WDNmV3hsxRw5y0VV6zBy4sWzXujQv8r3c+32WVLJjAR5E4V6lVffNT0WQQwnxwnWQXNo8+hgCb0q9EOgbemFwTlIBAsIpD0zcXLClOUaIk8IF8czov+n8ou7D470eUmpzOo2agod+GNLDmpzqLdm7LK7KOZbdrHE+XUC/GAbBLWHdTPqeGL9tx+7LEPdzn/+FQA8U50VFG+2Fc13DSRhL/kXz4w7zfR0Bnb6FuUg8ZjydU2Gprl4+eMG7y1wzRlB3xgrEgSNrK7gBrnlDRIS5R49yRorZBZ3vhm9Sg+pxGBf8vWE1j3xwBe6ciHNzj9ffoWEy+A23QpFc/CrbvwYr7W0LtqP2bQTI3jiXi92BEdGxn9tjEzIAn/ubC7rZJVkue1/vJ0J0zKMjPI9qYxxcHmEgg8aaQOUe9dfzhrXAQgyVYv9esHQX/BcLl7YD/DzdJU6iJyDLs7EprhHZJuhPt8hXnBaMeeQigf2eOt9CrxDC/wT4Jx7E=-----END CERTIFICATE-----"
}

Voter 2▼

Voter 3▼

Voter 4▼

Voter 5▼

Voter 6▼

Voter 7▼

Voter 8▼

Voter 9▼

Voter 10▼

Voter 11▼

Voter 12▼

Voter 13▼

Voter 14▼

Voter 15▼

Voter 16▼

Voter 17▼

Voter 18▼

Voter 19▼

Voter 20▼

Voter 21▼

Voter 22▼

Voter 23▼

Voter 24▼

Voter 25▼

Nullifier: The cryptographic hash of the signature; a random number unique to every passport. This is used to prevent someone from using the same passport to verify multiple votes—we've already filtered out three duplicates that were submitted.

Registration ID: A random ID assigned to each encrypted vote.

These confirm who was in the set of voters but does not reveal their individual votes.

Note: to verify the correctness of the proof setup and circuits themselves, see this.

2. We did not tamper with any of the votes

Confirm that the Registration IDs match and add up the vote totals yourself to verify our results.

In the window below, click "Show Encrypted Submissions" to see each of the above Registration IDs associated with each person's encrypted vote (in the "auth" column). We had several independent Observers each shuffle the votes before decrypting them, so no one knows which vote is associated with which Registration ID. Each of the Observers submits more unforgeable zero-knowledge proofs that they did not modify the set of votes during their shuffle. If they had modified a vote, it would be corrupted gibberish once decrypted; if they had added a fake vote, the zk proof would fail.

If you are one of the voters, you can go back to the vote confirmation page on the device you voted from, find your secret verification #, and confirm that your vote appears in this list exactly as you cast it.

Known issues

No system is ever 100% secure. Different voting methods are vulnerable to different types of failures. In exchange for being able to vote for free, from home, with no setup, we had to take on a few shortcomings:

Passive Authentication: Anyone who has ever gotten ahold of your physical passport could have stolen the data off of it and used that to vote as you later. This is especially concerning when you consider that major airlines handle millions of passports per year, and may have a large financial interest in having them all vote the same way.
Solution: Ideally the government would issue IDs with Active Authentication, rather than the current Passive Authentication, which are not vulnerable to this failure. Instead of the ID containing basically a password that can be copied, the ID is itself a key which you must have access to at the time of voting, not just at some point in the past. A few countries already have this, and it's much more secure.

Centralized passport issuance: The government, or any employee with the ability to create valid passports, could manufacture lots of fake citizens and generate valid votes from that. This would be very hard to detect by design: we don't want anyone to be able to tell your vote apart from anyone else's.
Solution: This is quite hard to fix. At some level, the government is always trusted to honestly determine who is allowed to register to vote, and it's hard to avoid that. One policy which would help is publically broadcasting the nullifier of every new passport created, so people could notice if there's a large spike close to the election, or many more are being issued than the actual number of citizens.

Registration ID not cryptographically linked to vote: Astute readers will notice that we could have inserted fake encrypted votes next to the real verified Registration IDs. Individual voters would notice immediately because their Verification # would be missing from the results, but observers have no way to tell.
Solution: This was an oversight on our part in the rush to integrate SIV with Proof of Passport. A fix is already in progress for next time.

Takeaways for real elections

Obviously, we should not require a passport to vote in the real elections; only half of the country has one. We needed something fast, free, and 100% online, which made passports the only option available for this primary. To get the great security, transparency, and auditability we had here in a real election, we could mail every voter a unique code to take the place of the unique passport data. States already maintain the list of registered voters and their addresses, and mail out millions of (currently untraceable) ballots every year. This simple setup would be much better than the system we already use.

Last but not least, ranked choice voting allowed us to let people choose between more than two options without worrying about spoiler effects and wasted votes. Adopting Ranked Robin or STAR voting would give voters much more say, and lead to more consensus, representative outcomes.

🇺🇸 Long live the Great American Experiment! 🇺🇸