MENU
Professor Rajeeva Karandikar discusses the evolution from paper ballots to EVMs and proposes a revolutionary cryptographic solution for corporate digital voting that could transform electoral verification worldwide.
Rajeeva Karandikar is an Indian mathematician, statistician and psephologist. He served as the director of Chennai Mathematical Institute (CMI) from 2010 until 2021 and now he is Professor Emeritus at CMI. He is a Fellow of the Indian Academy of Sciences and Indian National Science Academy. He is also the Chairman of the National Statistical Commission, Government of India. Prof. Karandikar is widely known for his three decades of work on probability theory as well as applications of mathematics and statistics to real world questions. He was also a Member of the Committee constituted by Election Commission (EC) of India to advice EC on the sampling scheme for EVM-VVPAT verification.
India's transition to electronic voting machines (EVMs) in 2004 marked a significant shift from paper-based elections, but digital voting has quietly expanded far beyond parliamentary elections into corporate boardrooms and professional societies. Professor Rajiva Karandikar reveals how COVID-19 accelerated the adoption of electronic voting for annual general meetings and corporate governance, creating new challenges around verification and trust that current systems cannot adequately address.
The conversation explores a fundamental problem with current digital voting systems: while they eliminate the logistical nightmares of paper ballots, they create new vulnerabilities where trust must be placed entirely in the hands of the software companies conducting the polls. Karandikar proposes an innovative cryptographic solution inspired by the VVPAT (Voter Verifiable Paper Audit Trail) system used with EVMs, called User Verifiable Digital Audit Trail (UVDAT), which could enable courts to verify election results without compromising voter privacy.
This technical discussion reveals how India could lead a global transformation in digital democracy by applying lessons from international cryptography competitions to create open-source, verifiable voting systems that maintain both security and transparency.
Rajeeva Karandikar. “A Verifiable Voting Architecture for Corporate India.” Episode 72 of Big Ideas. May 18, 2026. Podcast, video, 0:26:40. https://www.xkdr.org/viewpoints/a-verifiable-voting-architecture-for-corporate-india-big-ideas-ep-72
India's adoption of electronic voting machines stemmed from a practical crisis that was becoming increasingly unmanageable. The sheer volume of paper required for elections was reaching astronomical proportions, creating logistical nightmares for election officials across the country.
Karandikar explains the timeline:
"Actually 2004 is the election when the EVMs were introduced for the entire parliamentary election. Earlier there were some state elections, but really people memory is about the parliamentary election and that was 2004."
The transition was initially welcomed by media and the public because the alternative had become untenable. The printing, distribution, and collection of paper ballots for hundreds of millions of voters was creating bottlenecks that threatened the democratic process itself. While EVMs have faced criticism in recent years, their practical necessity was undeniable.
The success of EVMs in parliamentary elections created a template that would later influence voting systems in other sectors, though the mechanisms would prove to be entirely different.
While public attention focused on parliamentary EVMs, a parallel digital voting revolution was quietly transforming corporate governance. The challenge began with annual general meetings, where shareholders scattered across the country needed to approve major policy decisions and statutory changes.
The traditional system relied on absentee paper ballots sent through the postal system. Shareholders would receive documents, sign them, and mail them back. As Karandikar notes, this system suffered from low participation rates and practical limitations.
The initial digital solution involved sending ballots via email, which became feasible as email adoption spread among the general public around 2010. However, this approach quickly revealed serious security vulnerabilities.
Karandikar describes the fundamental problem:
"Because by then, it was very clear that email could be very easily spoofed. Or I receive an email, there is no verification. I can change. You may have voted for A, but I can edit A to B and it may appear that you have voted for B."
This realization forced companies to develop more sophisticated electronic voting systems that moved beyond simple email exchanges. Several entities in India created verification systems that could authenticate received votes, at least according to their own standards.
COVID-19 transformed this gradual adoption into an urgent necessity. Physical AGMs became impossible, making electronic voting the only viable option for corporate governance to continue functioning.
Current corporate electronic voting systems have created a sophisticated but problematic structure. Multiple agencies compete to conduct polls for companies, with the winning bidder handling the entire electronic voting process. The system includes electronic signatures and various verification methods, but maintains voter privacy by only revealing vote totals to the client company.
However, this creates what Karandikar identifies as a critical vulnerability. While individual vote choices remain private, the conducting agency retains access to all the underlying data. This creates an unavoidable trust dependency.
Karandikar was approached by entities asking him to evaluate these systems:
"During the COVID era, one or two entities approached me saying that since we know you have been involved with EVM, VVPAT, do you think this one is good as good as that? Is it secure?"
His assessment revealed the core problem:
"Yes, it seems to be, but we are now leaving it in the hand of the entity which has built the machine. Built the software."
This parallel the early challenges with parliamentary EVMs, where trust had to be placed entirely in the system designers. The introduction of VVPAT (Voter Verifiable Paper Audit Trail) for parliamentary elections addressed this concern by creating a verification mechanism that could be audited if challenged.
Corporate electronic voting lacks any equivalent verification system, creating potential legal vulnerabilities if election results are disputed in court.
Karandikar's proposed solution draws inspiration from how banking systems handle similar verification challenges. Every digital transaction requires not only accuracy but also the ability to prove authenticity in court if disputed.
The banking system demonstrates this principle in action:
"Just like OTP, right? You make a transaction, you say that I want to pay so and so, so much. And the bank transfers the money and later you say, I have not said. So they have to have a say that no, you have said it. Right? So it's not only have to be correct, they have to be able to the bank has to be able to prove to the court if required that it was your instruction."
This system relies on cryptography to create an audit trail that can be verified by courts without compromising transaction security. The same principles could be applied to voting systems.
Karandikar has coined the term "User Verifiable Digital Audit Trail" (UVDAT) as a digital equivalent to the paper-based VVPAT system. This would enable polling agencies to provide accurate vote totals while maintaining the ability to prove their accuracy in court if challenged.
The mathematical foundation already exists in established cryptographic methods. The challenge lies in adapting these methods specifically for voting applications and ensuring they meet legal standards for evidence.
Karandikar points to the Advanced Encryption Standard (AES) competition as a model for developing trustworthy cryptographic systems. This international process, launched around 2000, demonstrates how transparent competition can produce superior security standards.
The AES selection process involved rigorous evaluation stages:
"Out of the proposals the experts chose some maybe 20 or something like that, held a first conference that all these 20 had to come and present and like a question and answer session, others could question them, why this, why not this, etc. And based on that amongst the entire group of experts, they picked five."
The winning algorithm from Belgium became the global standard, with one crucial requirement that made the entire system trustworthy:
"One of the conditions was that anybody can submit a proposal, but they had to commit that if their algorithm is chosen as the best one and becomes AES, they have to write off all rights on it. They will not get any money. It is public. It's open source."
This open-source requirement prevented any single entity from controlling the encryption standard that would be used worldwide. The same principle could apply to voting systems, ensuring no single company or organization controls the verification process.
The Belgian professors who won didn't lose financially from giving up their rights. Instead, they gained international recognition and became leading figures in cryptography, demonstrating that open-source contributions can provide substantial career benefits even without direct licensing revenue.
Karandikar outlines several potential approaches for implementing UVDAT in India. The government could play a direct role through entities like the Ministry of Corporate Affairs, which could issue calls for proposals and evaluate submissions using teams of cryptography experts.
Alternatively, the process could be managed by the Cryptology Research Society of India (CRSI), which has been organizing annual conferences for 25 years and has the expertise to evaluate technical proposals.
The costs would be minimal compared to the potential benefits:
"The total cost involved is not much, but the big win is there. Getting the digital framework that bringing India as it is people know, but bringing it to forefront that yeah, India analysis that because this is a even in a I mean for example, at CMI, we have a lot of visitors coming from European and US and so on."
International applications already exist. Karandikar mentions that French academic institutions face similar challenges with electronic voting for their governing boards, where secret ballots can produce different results than public hand-raising.
The competition model could be international from the start, following the AES precedent. This would position India as a leader in democratic technology while ensuring the resulting system meets global standards.
The conversation reveals how cryptography has evolved from its origins in military communications to become essential infrastructure for modern life. Banking systems depend entirely on cryptographic protection, as evidenced by the requirement for HTTPS connections for financial transactions.
Karandikar explains the significance:
"If somebody is snooping on the entire communication between your computer and the bank's server, they will still not be able to make head or tail of what you have done. Because if they can, they can spoof you and instead of transferring 1,000, they can transfer 1 lakh."
This same protective capability can be applied to voting systems, ensuring that even if communications are intercepted, the integrity of the voting process remains intact.
The progression from defense to banking to elections represents a natural evolution of cryptographic applications. Corporate voting systems represent the next frontier, with the potential to eventually influence parliamentary elections as well.
The key insight is that cryptography isn't just about preventing unauthorized access—it's about creating verifiable proof that systems are working correctly. This verification capability is what distinguishes truly secure voting systems from those that merely appear secure.
India's leadership in this area could influence global democratic processes, much as the country's digital payment innovations have attracted international attention. The combination of technical expertise, practical need, and regulatory willingness to innovate creates an opportunity for India to set global standards in democratic technology.
Development of the Advanced Encryption Standard, Journal of Research of the National Institute of Standards and Technology
The complete transcript file is available to download below.
2024, XKDR | GSTIN: 27AAACX3640C1ZN
by Sane Difference
