In physical transactions, the challenges of identification, authentication, and privacy are solved with physical marks, such as seals or signatures. In electronic transactions, the equivalent of a seal must be coded into the information itself. By checking that the electronic "seal" is present and has not been broken, the recipient can confirm the identity of the message sender and ensure that the message content was not altered in transit. To create an electronic equivalent of physical security, goVote uses advanced cryptography.

Single key cryptography is the way that most secret messages have been sent over the centuries. In single key cryptography, there is a unique code (or key) for both encrypting and decrypting messages. Single key cryptography works as follows:

Suppose Bob has one secret key. If Alice wants to send Bob a secret message:

1. Bob sends Alice a copy of his secret key
2. Alice encrypts a message with Bob's secret key
3. Bob decrypts the message with his secret key

Unfortunately, this method has several problems. First, Bob must find a secure method of getting his secret key to Alice. If the secret key is intercepted, all of Bob's communications are compromised. Second, Bob needs to trust Alice. If Alice is a double agent, she may give Bob's secret key to his enemies. Or, she may read Bob's other private messages or even imitate Bob. Finally, if you have an organization with people who need to exchange secret messages, you will either need to have thousands (if not millions) of secret keys, or you will need to rely on a smaller number of keys, which opens the door to compromise.

goVote employs the more advanced public-key cryptography, which does not involve the sharing of secret keys. Rather than using the same key to both encrypt and decrypt data, a Server ID uses a matched pair of keys that uniquely complement each other. When a message is encrypted by one key, only the other key can decrypt it.

We have a "private key" installed on our server; and nobody else has access to it. Our matching "public key", in contrast, is automatically sent to your browser as part of our Server ID. Respondents who want to communicate with us privately can use the public key in our Server ID to encrypt information before sending it to us. Only goVote can decrypt the information, because only goVote has the corresponding private key.

Do you want to know more?
For an even more detailed explanation of Public Key Infrastructure and cryptography, go to https://www.verisign.com/freeGuides.html.