Anonymous ID for voting system

Maybe I should clear things up with telling a little more about the project.

The voting system would be used for elections (such as new president of a country). But as you know, no one can ever possibly now who you voted for unless you tell someone.

Workflow: -> User logs in -> User selects the election and gets on a page with details (candidates, end date, status, ...) -> User presses the 'vote' button and gets to the page where he can vote on his favorite candidate. -> Once the user voted, this is saved in the DB but no one should be able to know what he voted for (not even the admin). -> The user can only vote once so the DB should save if the user has voted. -> Let's say the user wants to check if he voted correctly he can make a request to the DB to get the information what he voted for.

As far as I know there should be a way to hash the data. And then unhash it when the user makes the request. I just don't know how to approach this situation. I really want it to work like this because it's a real challenge (for me atleast) and a step towards a great functioning application.

*note A user can vote on diffrent elections, so a boolean 'hasVoted' can not work (I think?)

Hey Aurelio,

I've been thinking about this one, but I haven't been able to come up with a way that the whoever built and maintains the site and database couldn't figure out who voted for who. Even if you hashed say the id of the candidate that person voted for, whoever built/maintained the site could see the has, and manually unhash it.

Because you need the website to be able to show the logged in user who they voted for, it ultimately means the person who created/maintains the site can undo anything you do to protect the votes.

The ONLY way I've been able to come up with an idea is to store something on the user side, that the website admin wouldn't have access to, maybe a key in the user's browser local storage, but this obviously creates a whole list of more problems - and I'm not sure I'd recommend that.

I'm sorry, I've thought about using geolocation, IP address, etc, but with every solution, I can think of a way around it as well.

So I'm really not sure. I'm not sure it's possible. Makes me think though that if you mailed in an election ballot, whoever processes the ballots could know who voted for who, so I also wonder how critical this is.

The only think I can think of is that whoever has access to the database, which may contain random id's and/or hashes of votes, could in no way have access to the code that might have hints as to what the id/hash matches to, and the one who maintained the code couldn't have access to the database - which would be a bit unusual.

Either way, I wish you the best of luck - let me know if you do find a better solution. This is a legit problem you have lol

Hey Kevin, I haven't come up with a better solution yet. Your suggestion is probably the closest I can get. There should be a way to do this tho... but it's probably too advanced and only DB engineers could come up with it perhaps? Anyway i'll give you a vote up for the time and effort to help me out and once I find a better way i'll surely let you know!