Hybrid Blockchain E-Voting with Face-Verified Registration and On-Chain Tallying

Abstract

Electronic voting demos often split into two awk- ward halves: either a polished web form with a spreadsheet behind it, or a blockchain prototype that ignores who is eligible to vote. We built something in-between for a final-year project— a Flask web application that gates registration behind live face recognition, stores credentials in SQLite for session login, and records each accepted ballot as a Solidity smart-contract transaction on a local Ethereum node (Ganache). The contract maintains candidates, increments vote counts atomically, and maps voter string IDs so duplicates revert on- chain. Signing stays server-side—centralizing trust but matching introductory lab setups. Results cover manual regressions, timing bands, and limitations, not cryptographic proofs of electoral integrity.

Introduction

The text describes a prototype hybrid e-voting system that combines biometric verification, web authentication, and blockchain-based vote counting to improve transparency and prevent tampering in digital voting demonstrations.

The system uses a Flask web application with SQLite for voter registration and login, where users are verified through a webcam-based face recognition step (OpenCV + face embeddings) before being allowed to register. Once authenticated, each voter is assigned a unique ID and can cast only one vote.

Vote recording and counting are handled using a Solidity smart contract deployed on a local Ethereum emulator (Ganache). The blockchain ensures that votes are stored immutably and results can be publicly verified through on-chain state, while preventing duplicate voting through a voter mapping.

The architecture separates responsibilities: biometric verification and user management occur off-chain (Python/SQLite), while vote tallying occurs on-chain (Solidity/Web3.py). Communication between components is managed via JSON-RPC, with Flask acting as the central interface.

The system is designed primarily for educational and laboratory use, not production deployment. It acknowledges security limitations such as lack of liveness detection, weak biometric security, and reliance on trusted local assumptions.

Conclusion

We stitched Flask biometric enrollment, SQLite sessions, Ganache-hosted Solidity tallying into one reproducible code- base. Ledger gains apply after identity questions are squared away [2]; biometric UX surfaces privacy sensitivities sooner than spreadsheets [3]. A. Future work roadmap 1) Migrate secrets to OS environment vars; rotate Flask secret_key; 2) Bcrypt or Argon2 password storage quoting Provos/Mazie`res style discipline [10]; 3) Add challenge-response or blink liveness cues before honoring embeddings; 4) Optional Sepolia deployments with faucet-funded keys per student; 5) Wire continuous integration smoke tests invoking Ganache programmatically.

References

[1] N. Kshetri and J. Voas, “Blockchain-enabled e-voting,” IEEE Softw., vol. 35, no. 4, pp. 95–99, Jul./Aug. 2018. [2] Z. Zhao et al., “Towards secure blockchain-enabled voting systems,” in Proc. ACM Conf. Companion World Wide Web (WWW Companion), Lyon, France, 2018, pp. 1185–1186. [3] A. K. Jain, K. Nandakumar, and A. Nagar, “Biometric spoof detection,” [4] ACM Comput. Surv., vol. 51, no. 5, pp. 1–39, 2018. [5] G. Wood, “Ethereum: A secure decentralised generalised transaction ledger,” Ethereum Yellow Paper, 2014. [Online]. Available: https:// ethereum.github.io/yellowpaper/paper.pdf [6] Python Software Foundation, “Flask Documentation,” 2025. [Online]. Available: https://flask.palletsprojects.com/ [7] Web3.py Maintainers, “Web3.py Documentation,” 2025. [Online]. Avail- able: https://web3py.readthedocs.io/ [8] Truffle Suite, “Ganache,” 2025. [Online]. Available: https://trufflesuite. com/ganache/ [9] Solidity Team, “Solidity Language Documentation,” 2025. [Online]. Available: https://docs.soliditylang.org/ [10] A. Rosebrock, “Face recognition with OpenCV, Python, and deep learn- ing,” PyImageSearch, 2021. [Online]. Available: https://pyimagesearch. com/ [11] N. Provos and D. Mazie`res, “A future-adaptable password scheme,” in [12] Proc. USENIX Annu. Tech. Conf., 1999, pp. 81–91. [13] SQLite Consortium, “SQLite Documentation,” 2025. [Online]. Avail- able: https://sqlite.org/docs.html [14] J. Nielsen, “Response times: The 3 important limits,” Nielsen Norman Group, 1993. [Online]. Available: https://www.nngroup.com/articles/ response-times-3-important-limits/

Copyright

Copyright © 2026 Aakashram M, Karthick K, N. Ananda Kumar, Dhaunsh K, Akash B. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.