Get started
Start with the root package. It exposes the supported public ceremony: honest-majority GJKR, one explicit global manifest scoreRange, ballot-close, and full ceremony verification.
Start with these rules
Section titled “Start with these rules”- The public manifest shape is
rosterHash,optionList, andscoreRange. - The library derives the threshold from the accepted registration roster as
k = ceil(n / 2). - Ballots are complete and must stay inside the manifest-declared score range.
- The organizer closes counting with one signed
ballot-closepayload. - Each trustee prepares the accepted aggregate with
prepareAggregateForDecryption(...), computes a partial reveal withcreateDecryptionShare(...), proves it withcreateDLEQProof(...), and then signscreateDecryptionSharePayload(...), all from the root package. - Tally verification must be done against the close-selected ballot set, not against a server-supplied aggregate.
Choose the workflow you need
Section titled “Choose the workflow you need”- If you are building browser clients or worker code that creates payloads, start with Browser and worker usage.
- If you want the full phase-by-phase ceremony story, read Honest-majority voting flow.
- If you need exact JSON wire shapes, start with Published payload examples.
- If you already have a complete public board bundle, start with Verifying a public board.
Verification quickstart
Section titled “Verification quickstart”import { tryVerifyElectionCeremony, type VerifyElectionCeremonyInput,} from "threshold-elgamal";
const bundle: VerifyElectionCeremonyInput = { manifest, sessionId, dkgTranscript, ballotPayloads, ballotClosePayloads: [ballotClosePayload], decryptionSharePayloads, tallyPublications,};
const result = await tryVerifyElectionCeremony(bundle);
if (!result.ok) { console.error(result.error.stage, result.error.code, result.error.reason);} else { console.log(result.verified.qualifiedParticipantIndices); console.log(result.verified.countedParticipantIndices); console.log(result.verified.perOptionTallies); console.log(result.verified.boardAudit.overall.fingerprint);}Use verifyElectionCeremony(...) when you want the same checks but prefer exceptions over a structured result. Pass the full published ballot-close slot in ballotClosePayloads, even when that slot only contains one organizer payload.
What to persist in your application
Section titled “What to persist in your application”- Keep
rosterHash,manifest,manifestHash, andsessionIdtogether. They define the public ceremony context. - Persist the signed board payloads exactly as published. The verifier expects the original
{ payload, signature }objects. - If you store verifier output, convert
bigintvalues such as tallies to strings first.
Related pages
Section titled “Related pages”- For installation and the top-level package overview, read README.md.
- For runtime prerequisites and platform assumptions, read Runtime and compatibility.
- For browser-native setup and worker patterns, read Browser and worker usage.
- For the supported ceremony path, read Honest-majority voting flow.
- For concrete JSON payload shapes, read Published payload examples.
- For verifier usage and stable failure handling, read Verifying a public board.
- For the security boundary, read Security and non-goals.
- For a production-threat-model verdict, read Production voting safety review.
- The API docs list exact signatures and exported types.