Un-hackable? How can you say your system is un-hackable? EVERYTHING IS HACKABLE!
That is true. Given enough computing power and time, theoretically, everything is hackable.
The un-hackable claim rests on two important aspects.
First, the use of QR codes for access. It is, of course, possible to spoof/replace a QR code with another or to create a QR code that will redirect to malicious content. However, because our secure ballots are distribution-controlled from the printer to your hands, the QR codes under the scratch materials have NEVER been seen before they are used by YOU. Trying to spoof a QR code that has never been seen would be akin to trying to accurately guess the exact weight of a rock on the first try when the size range is somewhere between a grain of sand and the sun.
Secondly, each individual QR code contains a unique one-way secure hash algorithm (SHA) shared only by the other three QR codes on that ballot. SHA is a mathematical algorithm that converts an input string of an arbitrary length to an output string of a fixed length. Think of it as a universally unique value that cannot be reversed like normal encryption. The individual voter’s identity is cryptographically disassociated from their ballot when registration is confirmed. After that, the system recognizes only legitimate transactions for the activated ballot itself. The ballot is verified, secure, and irreversibly anonymous.
Given enough computing power and time, theoretically, everything is hackable. To hack into even one voter transaction encrypted with one-way SHA encryption, you would need the computing power of a modern nation state and more time than the universe has been in existence.