VxScan Unique Identifiers

VxScan supports generating a unique audit identifier for each cast paper ballot. During a post-election audit, auditors can use a ballot’s audit ID to match a ballot to its corresponding cast vote record.

Overall Process

  1. A serial number is added to each hand-marked paper ballot. This serial number is encoded in the ballot's metadata QR code.

  2. VxScan generates a random secret key when configured with an election package.

  3. When a ballot is cast, VxScan generates a unique audit ID for the ballot by encrypting the ballot’s serial number using AES-256. It adds the encrypted audit ID to the CVR.

  4. After polls are closed, an election manager saves the secret key from VxScan.

  5. During a post-election audit, auditors use the secret key along with a decryption tool provided by VotingWorks to decrypt the audit IDs in the CVRs.

  6. Auditors compare the decrypted serial number to the serial number encoded in the ballot QR code when selecting ballots in a ballot-comparison audit.

Ballot Serial Numbers

At the point of election definition and ballot design, the QR code on each paper ballot is encoded with an optional Ballot ID value as defined in Ballot Config Encoding.

If using VxDesign as the source ballot creation system, one can automatically generate unique ballot PDFs with sequential serial numbers encoded in each QR code. Before exporting an election package and ballots, check the box labeled "Generate audit IDs for ballots" and enter the number of audit IDs or serial numbers to generate.

Encrypted Unique IDs

When configured with an election definition, VxScan generates a random secret key that it uses to encrypt the ballot serial numbers as unique identifiers in the cast vote record. When ballots are cast and cast vote records are created, VxScan encrypts the ballot's serial number using AES-256 and adds this encrypted unique ID to the BallotAuditID field in the CVR. See Cast Vote Recordsfor the complete CVR file format.

Saving VxScan Secret Key

An Election Manager can save the VxScan secret key to a USB drive through the following steps:

  1. Authenticate using an Election Manager smart card

  2. Navigate to the CVRs and Logs screen in the Election Manager Menu

  3. Select Save Ballot Audit ID Secret Key

Decrypting Audit IDs in CVRs

The unique IDs generated by VxScan can be decrypted using standard AES-256 decryption with the secret key and CVRs generated from the same VxScan.

VotingWorks provides a simple open-source decrypt-cvr-ballot-audit-ids script available for use here. This script has the following parameters:

Usage: decrypt-cvr-ballot-audit-ids input-cvr-directory secret-key-file output-directory

When run, the script will output a copy of each CVR file with the decrypted ballot serial number as the file name. For example, the CVR for ballot serial number 1 will be the file 1.json .

Comparing Decrypted IDs to Physical Ballots

Auditors can use the the public Ballot QR Code Data Formatto identify the original serial number encoded on a given paper ballot and map that to the CVR for that ballot based on filename. The ballot selections on the physical ballot can then be compared to the selections recorded in the CVR.

Last updated