A Nonprofit Civic Voting Platform
CastLedger produces mathematical proof of election integrity at every stage — from voter identity through final tally. No party, including CastLedger, can alter an outcome without detection.
The Problem
When elections are contested today, the honest answer is often: we cannot know with certainty what happened. Current systems require voters and losing candidates to trust a chain of officials, machines, and processes — any link of which could fail, be compromised, or simply be perceived as compromised.
A system that cannot prove its own integrity will always be vulnerable to doubt — regardless of how carefully it is administered. That doubt is corrosive. It doesn't require fraud to cause real harm. It only requires the absence of proof.
"The impact of election fraud cannot be determined under the current system. That is the problem CastLedger exists to solve."
CastLedger is not a detection system. It is a prevention system — designed so that fraud cannot happen silently, and so that integrity can be proven, not assumed.
How It Works
The CastLedger architecture is end-to-end verifiable — every stage produces evidence that can be independently checked by parties with no connection to CastLedger.
LAYER 01
Each voter is verified at the terminal using facial biometric matching against government-issued ID records. Matching happens at the edge — raw biometric data is discarded after the session. Identity confirmed. Vote anonymous.
LAYER 02
Votes are encrypted at the terminal before recording. No vote is ever stored in plain text. Each voter receives a personal receipt key to verify their ballot appears unchanged in the final tally.
LAYER 03
Encrypted ballots are recorded to a permissioned blockchain distributed across geographic nodes. No single party — including CastLedger — can unilaterally alter the ledger.
LAYER 04
The final tally is computed directly on encrypted ballots using homomorphic encryption — built on ElectionGuard, Microsoft Research's open-source cryptographic toolkit. Votes are never decrypted individually. The tally and its proof are publicly verifiable.
Design Principles
CastLedger owns and operates every voting terminal. For voters who require it, accessible plug-in stations allow personal assistive devices to connect — but no personal device is ever used to cast a vote.
Decryption keys are split among independent parties. CastLedger alone cannot decrypt votes or alter a tally.
The cryptographic tallying layer is built on ElectionGuard — open-source, independently verifiable by anyone.
Facial matching confirms identity. Raw biometric data is discarded after the session. No biometric database.
CastLedger exists to serve democratic integrity. The nonprofit model is not incidental — it is the point.
The platform, its board, and every operational decision are evaluated against genuine nonpartisanship.
The Model
Jurisdictions pay a per-election service fee. CastLedger owns, deploys, operates, and maintains all hardware. No capital expenditure. No technology lifecycle to manage. No system you didn't build.
A fully operated, end-to-end verifiable election — hardware, software, biometric verification, blockchain infrastructure, tally publication, and post-election audit support — for a fixed per-election fee.
Full ownership and operational accountability for all hardware and software. Responsibility for pre-election integrity testing, deployment logistics, and post-election audit publication.
CastLedger is targeting a 2027 municipal launch. If you're an election official, researcher, or someone who believes this problem is worth solving — we want to hear from you.
No spam. Unsubscribe anytime.