Enterprise Blockchain Consulting Solutions for Secure Voting Systems

---

Why this matters now

The past five years have really driven home one important point: we need public elections to be built on voter-verifiable paper and accompanied by thorough audits. And let’s not forget that distributed ledgers can seriously amp up transparency, identity verification, and the governance processes tied to voting. If you're in a decision-making position, it’s crucial to sift through the safe, standards-compliant blockchain applications and steer clear of the hype that can lead you astray.

Below, we’ve put together some practical solutions we've seen work for governments, businesses, and membership organizations--covering what’s ready to hit the ground running, what’s worth experimenting with, and what you should definitely avoid. Check it out! (nationalacademies.org)

---

Reality check: What regulators and scientists say about online voting

• According to guidance from the National Academies from 2018 (which is still relevant today), it's a good idea to hold off on sending marked ballots online until we can really guarantee secrecy, security, and verifiability. Unfortunately, we don’t have the tech that checks all those boxes just yet. (nationalacademies.org)
• CISA, EAC, FBI, and NIST pointed out in their 2020 risk assessment (which got a refresh in 2024) that returning ballots electronically comes with a “high risk” regarding confidentiality, integrity, and availability. Their advice? Stick with good old paper returns for now. (cisa.gov)
• On the certification side for voting systems in the U.S.: VVSG 2.0 now lays down the law for new federal certifications. The first system to be certified under VVSG 2.0 popped up in 2025, while the older VVSG 1.0 and 1.1 have been retired for new certifications. (eac.gov)
• When it comes to what’s happening in the states, it’s a bit of a patchwork: 31 states plus D.C. allow some limited electronic ballot returns for UOCAVA and disability voters (through email, fax, or online portals), but 19 states are sticking strictly to mail-in ballots. So yeah, the policies are definitely all over the place. (ncsl.org)

Bottom line: When we're talking about government elections in the U.S., online ballot casting just isn’t the way to go. Instead, let’s channel our efforts into using blockchain where it really makes a difference--like for identity verification, auditability, and transparency. (nationalacademies.org)

---

Where blockchain adds value today (without online ballot return)

1) End-to-End Transparency for Audits and Results

• Let's kick things off by publishing cryptographic commitments (or hashes) for Cast Vote Records (CVRs), tabulation reports, and audit manifests on a secure, time-stamped ledger that you can't mess with. To keep things smooth for exports and ballot-level comparison audits, you can use NIST’s CVR Common Data Format (SP 1500‑103). You can take a look at it here.
• Next, we're diving into risk-limiting audits (RLAs). The ledger will hold the artifacts (not the ballots), allowing auditors to check the results using the paper ballots statistically. This approach fits seamlessly with the SHANGRLA/IRV audit methods and significantly boosts how the public can verify everything. If you want to learn more, check it out here.

2) Digital Identity, Eligibility, and Credential Lifecycle

• We're all about making the process of issuing and verifying voter or member eligibility credentials smoother with Verifiable Credentials 2.0 (yup, that’s the W3C Recommendation from May 15, 2025). This update is packed with cool features like selective disclosure and revocation lists. On top of that, we're syncing our issuance flows with OID4VCI 1.0, which wrapped up in September 2025. This ensures wallet interoperability and keeps us in check with all the necessary policies. Want to know more? Check it out here.
• We've got to get our assurance practices in sync with the NIST Digital Identity Guidelines (SP 800-63-4, which replaces 63-3 starting August 1, 2025). This will let us define clear goals for Identity Assurance Level (IAL) and Authentication Assurance Level (AAL), and it’ll also help us create audit trails that your compliance teams can easily follow. You can find more details here.

3) Chain-of-Custody and Configuration Management

• Keeping tabs on election equipment configuration baselines, software hashes, and custody events is crucial. The best way to do this is by jotting everything down on a permissioned ledger, complete with role-based access. This approach not only makes it easier to spot anomalies quickly but also provides tamper-evident logs that are in line with the VVSG 2.0 principles--think integrity and detection/monitoring. If you want to dive deeper, check out the EAC guidelines.

4) Results Reporting Bulletin Board

• Consider using a public or permissioned blockchain as a sort of notarized bulletin board for precinct reports and canvass milestones. This method doesn’t interfere with the tabulation process; it simply boosts transparency and keeps the audit timeline neat and clear.

---

When end‑to‑end verifiable e‑voting is feasible (non‑governmental and pilots)

When it comes to corporate governance, unions, co-ops, higher education, and municipal consultative votes, we always prioritize E2E verifiability. We also want you to know that we're dedicated to protecting your privacy and ensuring there are solid anti-coercion measures in place:

• Verifiable return codes and universal verifiability: Swiss Post has got something pretty cool in the works between 2023 and 2025 that’s catching quite a bit of buzz. They're rolling out a “completely verifiable” system that’s been rigorously audited and tested, though it's still in the early stages for now. This new setup features open-source verification software, independent cryptographic reviews, and public intrusion tests to keep everything above board. The big goal here is to assist Swiss voters living abroad and help pilot municipalities until 2027. If you're curious, take a look here: (bk.admin.ch).
• Anti-collusion, on-chain voting: Say hello to Minimal Anti-Collusion Infrastructure (MACI)! It's doing some impressive stuff with encrypted messages and zk-proofs. What’s great about it is that it keeps voting receipt-free and tough against bribery, making it a fantastic option for governance and funding rounds. Lots of community votes on Ethereum, Gitcoin, and other projects have picked it up. Want to dive deeper? Check it out at (maci.pse.dev).
• Corporate proxy voting: So, back in 2017-2018, some major players like Broadridge, Santander, J.P. Morgan, and Northern Trust decided to dive into the world of blockchain for proxy voting. This whole pilot project really raised the bar by making everything super transparent from start to finish and giving institutional investors a way better confirmation process. If you're curious to dig deeper into the details, check it out here: (broadridge.com).
• Nasdaq Estonia (2016): In 2016, Nasdaq Estonia embraced the future with an innovative blockchain-based e-voting system, seamlessly integrating it with the national e-Residency identity for shareholder meetings at the Tallinn exchange. It’s a pretty impressive move towards modern governance! Curious to learn more? Check it out here: (ir.nasdaq.com).

Just a quick note: mobile and online voting for public elections isn’t exactly rock-solid when it comes to security. Back in 2020, researchers from MIT and Trail of Bits found some serious issues with the Voatz app, which ultimately pushed West Virginia to pull the plug on using it. It’s super important to draw a clear distinction between pilot programs for enterprise governance and the actual policies for public elections. (news.mit.edu)

---

Reference architecture patterns we deploy

A) Government election transparency and audit ledger (no internet ballot return)

• Workflow
  • We kick things off by scanning the paper ballots and exporting the Cast Vote Records (CVRs) in the NIST SP 1500-103 format. When we can, we set up Risk Limiting Audits (RLAs) by comparing ballots at the individual level. If you want to dive deeper into that, check it out here.
  • After that, we hash the CVR bundles, audit manifests, and canvass reports. We stick to our commitments using a permissioned chain (Fabric), and if we feel like it, we can also log everything on a public chain just for timestamping.
  • Finally, we put all the artifacts out there for the public to view. Auditors can then reconcile everything using RLA tools against the paper ballots.
• Stack
  • We’re rolling with Hyperledger Fabric (v2.5+ with private data collections; and v3.1 is awesome for batching, which really amps up throughput for those high-volume writes). If you want to dive deeper, check out more details here.
  • To ensure everything's locked down, we’ve got HSM-backed code signing, WORM storage, and independent observer nodes in place to keep our integrity services super secure.

Why Fabric

With Hyperledger Fabric, election officials and auditors get the exclusive scoop on sensitive data thanks to fine-grained endorsement and private data collections--vendors, on the other hand, don’t have that luxury. It also comes with purge APIs to help meet privacy regulations while ensuring those crucial on-chain hashes stay safe and sound. If you want to dive deeper into this, take a peek here.

B) Enterprise/association e‑voting with privacy and anti‑coercion

• Workflow
  • Eligibility: We’re rolling out VC 2.0 credentials to people who get to vote, like employees, shareholders, or members, using OID4VCI. When it’s voting time, these wallets will show selective disclosures. Want to learn more? Check it out here!
  • Ballot Secrecy and Collusion Resistance: We encrypt the votes on the client-side to keep everything secure. Then, the MACI coordinator shares zk-tallies, and there are no receipts that could lead to vote-buying shenanigans. Curious about the specifics? Click this link.
  • Threshold Decryption and Universal Verifiability: The proofs we use for tallying are in the open, so anyone can take a peek. Independent observers can check everything to ensure it’s all legit.
• Stack
  • We’re using GoQuorum or Hyperledger Besu to set up a permissioned Ethereum system, along with Tessera for handling private transactions, and PSIs for managing multi-tenant private states. If you’re interested in digging into the details, head over to this page.
  • On top of that, we’ve got MACI circuits and a coordinator set up, plus an audit dashboard to cover any third-party verification needs.

Why Choose Permissioned Ethereum?

When you're diving into permissioned Ethereum, the name of the game is strong privacy. Tools like Tessera really shine here, along with efficient consensus methods like PoA (Proof of Authority) that utilize IBFT 2.0 or QBFT. These elements work in harmony to provide dependable finality and impressive throughput, all while ensuring that data is only available to those who truly need it.

If you’re interested in diving into permissioning in your networks, check out this handy guide over at Hyperledger Besu.

C) Data availability and cost control for transparency at scale

• If you’re aiming to post some hefty public audit artifacts--think tons of CVR hash lists or ZK proofs--you should definitely take a look at Ethereum's Dencun upgrade from March 13, 2024 (EIP‑4844). This upgrade rolled out "blob" data, which really helps cut down those Layer 2 data costs. These blobs stick around for about 18 days, so don’t forget to pin any important data to more durable storage and anchor a long-term hash on Layer 1. (investopedia.com)

---

1. Corporate AGM bringing together 50,000 shareholders from 20 different locations
   Goal: streamline proxy reconciliation, improve auditability, and boost vote confirmation.

• Identity/eligibility: The issuer, or transfer agent, dishes out VC 2.0 share-ownership credentials through OID4VCI. When it’s time for voting, wallets display holder-bound proofs, ensuring that personal information stays off the blockchain. (w3.org)
• Ledger: We’re rolling with GoQuorum and Tessera; every time there’s a proxy tabulation step, a notarized event gets generated. Observers can check out read-only nodes, and we keep reconciliation proofs both on-chain and in WORM. (docs.goquorum.consensys.io)
• Confirmation UX: Shareholders receive a public, non-linkable receipt (think Merkle inclusion proof) that verifies their ballot was counted--without revealing what they voted for.
• Performance: With PoA IBFT 2.0 and some solid hardware (8 validators running on 16 cores with 64GB RAM), we’re hitting fantastic transaction finality in under 2 seconds! During dry runs, we can batch insert votes at over 500 TPS, and there’s no need for chaincode!
• Outcome: The transparency of the voting lifecycle matches the Broadridge/Santander pilots from 2017-2018, providing institutions with same-day end-to-end confirmations. (broadridge.com)

2) University-Wide Student Association Election (around 35,000 voters)

Objective: Balancing privacy and stopping bribery while ensuring everything remains open for public verification.

• Stack: We’re rolling with a Besu private network and using MACI for some sweet receipt-free voting and ZK-tallies. VCs will help us keep tabs on enrollment status, and we’ve set up an allowlist for those who can vote. Take a peek here: (maci.pse.dev).
• Anti-coercion: The awesome part? No one can prove how you voted to anyone else. The MACI coordinator generates zk-proofs that anyone can check on-chain, and auditors can independently verify the counts.
• Costing: Big news on costs! Thanks to EIP-4844 blob postings for batch proofs, the price of on-chain verification is plummeting by over 10x compared to regular calldata. We’ll drop a long-term hash to L1 and keep all the full artifacts stored safely. For more details, check it out here: (coinmarketcap.com).
• Governance: An independent election commission is on the case, running a read-only observer to keep everything in check. You can catch the results displayed on a public bulletin page along with transaction references.

3) State Election Office: Transparent Audit Pipeline (No Online Voting)

Objective: Create public confidence and streamline postelection audits.

• CVR pipeline: We're all about getting those CVRs out there in SP 1500‑103. We’re diving into ballot-level RLAs and publishing audit manifests along with round-by-round RLA outcomes, all tied together through a secure and permissioned Fabric network. Want to take a peek? Check it out here: (nist.gov)
• Observer access: Political parties and members of the media can snag observer node credentials. This helps them verify that the published artifacts match up with the paper-audit results and canvass reports. It's all about transparency!
• Timeline assurances: Each canvass milestone comes with a notarized on-chain timestamp. If anything seems off, we have a solid incident response playbook ready to kick into action, as recommended by CISA. Curious to know more? Learn more here: (cisa.gov)

---

Security and compliance controls we build in by default

• Post-quantum crypto migration plan: Let’s dive into using hybrid KEMs and signatures that blend our reliable elliptic curves with some of that shiny NIST PQC. We’re talking about FIPS 203 ML-KEM, FIPS 204 ML-DSA, and FIPS 205 SLH-DSA, which should be all squared away by 2024. Plus, we’ve got HQC ready to back us up as our go-to KEM, with its selection happening in 2025. The main idea here is to ensure that voter PII and boardroom ballots stay safe for the long run--think of it as a “harvest now, decrypt later” strategy. (csrc.nist.gov)
• Hardware roots of trust: We’re checking out HSMs to protect us during key ceremonies and signing processes. On top of that, let’s bring in threshold cryptography for our decryption trustees, and ensure our custody logs are tamper-evident and stored on-chain.
• Software supply chain: The focus here is on keeping our builds signed and reproducible. We’ve got to make sure we have SBOMs in place and embrace SLSA-aligned CI practices. And don’t forget, we should set up separate validator and API subnets. It’s also important to carve out some time for red-team and chaos testing sessions.
• Privacy by design: It's super important to limit on-chain PII, use Verifiable Credentials for selective disclosure, and ensure we’re cleaning up private data from Fabric collections while still keeping hash evidence. Check out more about it here.
• Usability and accessibility: We need to keep our focus on the usability and accessibility principles from VVSG 2.0. It’s super important to test our multilingual portals and check that they work well with assistive technology. (eac.gov)

---

2025 “what’s new” you can use

• VVSG 2.0 has become the go-to standard for new federal certifications. It’s super important for programs to pay attention to those VVSG 2.0 test assertions and to have a solid plan for migration communications. You can take a closer look here: (eac.gov)
• Big news: Verifiable Credentials 2.0 just got the nod as a W3C Recommendation (May 2025), and OID4VCI 1.0 is officially wrapped up (Sept 2025). This means it’ll be much easier to issue credentials at scale, no matter which wallet you’re using. Check out all the details here: (w3.org)
• Keep an eye out for Ethereum EIP‑4844 coming in March 2024! It's set to reduce Layer 2 data costs. Just a quick note: blobs are temporary (lasting around 18 days), so be sure to anchor those long-retention hashes on Layer 1 or notarize them onto a permissioned ledger. You can dig deeper here: (investopedia.com)
• Switzerland is making strides with its e‑voting trials, focusing on “complete verifiability.” They've extended their licenses until 2027 and are back at it with public intrusion tests. This could serve as a fantastic reference for governance pilots on a national level, not just in U.S. elections. Find out more here: (pfp.admin.ch)

---

Pitfalls to avoid (and how we mitigate them)

• “Blockchain makes internet voting safe.” To be real, that’s just not accurate. It’s better to stick with good old paper ballots for public elections and use ledgers to keep everything transparent and provide an audit trail. (cisa.gov)
• “End‑to‑end verifiability solves coercion.” Not really. To truly tackle coercion, you need to pair E2E‑V with receipt-freeness, like what MACI offers. Plus, it’s super important to create a user experience that intentionally dodges any potential coercion channels. (maci.pse.dev)
• "Mobile voting apps are all set for U.S. elections." But independent audits tell a different story; using mobile voting to submit ballots in public elections is a big no-no. (blog.trailofbits.com)

---

How 7Block Labs engages

• Strategy and Risk Alignment
  • We should really dive into policies and make sure we’re in line with frameworks like VVSG 2.0, NIST SP 800‑63‑4, and CISA guidance. Let’s also consider governance and threat modeling while staying neutral with our vendors. You can check it out here: (eac.gov)
• Prototyping and Pilots
  • We're exploring some cool fabric-based audit bulletin boards and running pilots for private voting using Quorum/Besu with MACI. On top of that, we'll be rolling out VC/OID4VCI issuance alongside your IAM and putting red-teamable testnets to the test. If you want to learn more, check it out here: (besu.hyperledger.org)
• Secure Rollout
  • Brace yourself for HSM ceremonies, PQ-hybrid crypto, and a variety of anchoring and notarization patterns. We’re also gearing up for load tests and putting together playbooks for RLAs and public disclosure.
• Operate and Improve
  • This is where we focus on keeping an eye on things, spotting any weird behavior, and responding to incidents, drawing on CISA’s resources. We'll stay ahead of the game with regular audits and updates (think PQC standards and EVM changes). For more info, check it out here: (cisa.gov)

---

The takeaway

• For public elections in the U.S., let’s keep it simple with good old paper ballots and risk-limiting audits (RLAs). We can even throw in some blockchain technology to enhance transparency and make auditing easier. This way, we build trust without the complications of online ballot returns. Take a look here: (risklimitingaudits.org)
• For businesses and membership groups: have you thought about rolling out end-to-end verifiable, privacy-friendly e-voting on permissioned Ethereum or Fabric? With the latest identity solutions (VC 2.0 + OID4VCI) and ZK-based anti-collusion measures in play, we’re in a great position to make this happen. Check out more details here: (w3.org)

When it comes to secure voting systems, we're here to support you through every phase of the process. We’ll assist you in choosing the right pattern, create a strong proof of concept, handle those challenging security reviews, and deliver a system that you can trust completely, whether you're facing the media or standing in a courtroom.

Reach out to 7Block Labs to chat about a pilot project that perfectly aligns with your unique governance, regulatory needs, and threat landscape.