Signed ballots. A hash-chained log. A final receipt that lets anyone re-tally from the raw votes and get the same result. For board decisions, committee votes, and community polls — not national elections.
Each voter signs their choice with their Ed25519 key. Embedded: poll-id, choice, nonce, timestamp. Changing a ballot is fine; only the latest-signed counts, but both remain in the log.
The organizer appends every signed ballot as a row in the log. Each row commits to its predecessor's hash. No row can be edited or silently removed.
Organizer emits a final receipt signed with their key, embedding the log's terminal hash and the count. Anyone with the log and the receipt can re-run the tally and compare.
# Open a poll verita poll open \ --question "Approve Q3 budget amendment?" \ --closes 2026-05-01T18:00Z # Cast a ballot (voter's machine) verita poll vote \ --poll q3-budget-amendment \ --choice yes # Close, tally, publish verita poll close q3-budget-amendment # Anyone: re-verify the result from the log verita poll verify q3-budget-amendment.log q3-budget-amendment.receipt # ✓ 47 signed ballots, all from eligible voters # ✓ log hash chain intact # ✓ tally matches receipt: yes=31, no=12, abstain=4
Meeting minutes that embed a signed tally. "7 of 9 directors approved the motion" becomes a verifiable artifact, not just a line in the minutes.
Open-source project governance, co-op decisions, DAO-style quorum votes. Signed votes from eligibility-bound members (often backed by VeritaBadge).
"Everyone on the team agrees this was the root cause." Post-incident sign-offs where the count matters for compliance or audit.
Shareholder consents and LLC resolutions where the tally + signatures + timestamp need to survive discovery years later.
VeritaPoll is a group-decision tool. Votes are signed and non-anonymous by default; the assumption is that everyone accepts their vote will be visible to the other participants, in exchange for making the count trivially verifiable.
Coercion resistance, receipt-freeness, universal verifiability under nation-state adversaries. These are solved problems in systems like Helios and ElectionGuard, which do a lot of careful work to achieve them. VeritaPoll does not — and you should not use it as if it does.
If you need anonymous-but-auditable polls, a blind-signature mode is on the roadmap (organizer signs eligibility tokens without seeing who is eligible; voters cast with tokens). That narrows the anonymity gap but still doesn't make VeritaPoll an election system.
Every sibling shares the same Ed25519 identity, the same hash-chained log shape, and the same offline verifier. A VeritaPoll log is a VeritaBase log at the format level; a VeritaPoll eligibility list is often a set of VeritaBadge holders.