Seal poll results while voting is open

Hide tallies, nullifiers, and commitments from the results endpoint
while a poll is active. Only vote count is exposed. Prevents
observers from diffing the tally after each vote to correlate
timing and de-anonymize voters.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: stackdump

internal/server/polls.go

@@ -488,15 +488,27 @@ func (s *Server) handlePollResults(w http.ResponseWriter, r *http.Request) {
 	}
 
 	result := map[string]interface{}{
-		"pollId":      pollID,
-		"title":       poll.Title,
-		"choices":     poll.Choices,
-		"voteCount":   len(votes),
-		"nullifiers":  nullifiers,
-		"commitments": commitments,
-		"status":      poll.Status,
+		"pollId":  pollID,
+		"title":   poll.Title,
+		"choices": poll.Choices,
+		"status":  poll.Status,
 	}
 
+	// While active, only expose vote count — no tallies, nullifiers, or
+	// commitments.  Revealing per-vote data while voting is open lets an
+	// observer diff the tally after each vote and de-anonymize voters.
+	if poll.Status == "active" {
+		result["voteCount"] = len(votes)
+		w.Header().Set("Content-Type", "application/json")
+		json.NewEncoder(w).Encode(result)
+		return
+	}
+
+	// Poll is closed — full results are safe to expose.
+	result["voteCount"] = len(votes)
+	result["nullifiers"] = nullifiers
+	result["commitments"] = commitments
+
 	// Derive tallies from the Petri net event log (event sourcing)
 	events, _ := s.store.ReadEvents(pollID)
 	if len(events) > 0 {

public/index.html

@@ -99,7 +99,7 @@ <h3>Prove</h3>
                     </svg>
                 </div>
                 <h3>Tally</h3>
-                <p>Results aggregate on-chain in real time. The final tally is publicly verifiable &mdash; anyone can audit the proofs without accessing individual ballots.</p>
+                <p>Results stay sealed until the poll closes. Once closed, the final tally is publicly verifiable &mdash; anyone can audit the proofs without accessing individual ballots.</p>
             </div>
         </div>
     </section>

public/poll.js

@@ -456,12 +456,33 @@ async function loadResults(pollId) {
 
         const choices = data.choices || [];
         const voteCount = data.voteCount || 0;
+        const barsDiv = document.getElementById('results-bars');
+
+        if (data.status === 'active') {
+            // Poll is still open — tallies are hidden to prevent vote correlation
+            barsDiv.innerHTML = choices.map(c => `
+                <div class="result-bar">
+                    <div class="result-label">
+                        <span>${esc(c)}</span>
+                        <span style="color:var(--text-muted);">sealed</span>
+                    </div>
+                    <div class="result-track">
+                        <div class="result-fill" style="width:0%"></div>
+                    </div>
+                </div>
+            `).join('');
+            document.getElementById('results-total').textContent =
+                `${voteCount} vote${voteCount !== 1 ? 's' : ''} cast \u00b7 results sealed until poll closes`;
+            document.getElementById('results-nullifiers').textContent =
+                'Nullifiers hidden while poll is active.';
+            return;
+        }
+
+        // Poll is closed — show full results
         const tallies = data.tallies || null;
         const talliedCount = data.talliedCount || 0;
-        const barsDiv = document.getElementById('results-bars');
 
         if (tallies && talliedCount > 0) {
-            // Show real tallies from revealed votes
             const maxVotes = Math.max(...tallies, 1);
             barsDiv.innerHTML = choices.map((c, i) => {
                 const count = tallies[i] || 0;
@@ -479,12 +500,11 @@ async function loadResults(pollId) {
                 `;
             }).join('');
         } else {
-            // No reveals yet — show placeholders
             barsDiv.innerHTML = choices.map(c => `
                 <div class="result-bar">
                     <div class="result-label">
                         <span>${esc(c)}</span>
-                        <span style="color:var(--text-muted);">hidden</span>
+                        <span style="color:var(--text-muted);">no tallied votes</span>
                     </div>
                     <div class="result-track">
                         <div class="result-fill" style="width:0%"></div>