Privacy in secret-ballot elections has traditionally been attained by using a ballot box or voting booth to disassociate voters from ballots. Although such a system might achieve privacy, there is often little confidence in the accuracy of the announced tally. This thesis describes a practical scheme for conducting secret-ballot elections in which the outcome of an election is verifiable by all participants and even by non-participating observers. All communications are public, yet under a suitable number-theoretic assumption, the privacy of votes remains intact. The tools developed here to conduct such elections have additional independent applications. Cryptographic capsules allow a prover to convince verifiers that either statement A or statement B is true without revealing substantial information as to which. Secret sharing homomorphisms enable computation on shared (secret) data and give a method of distributing shares of a secret such that each shareholder can verify the validity of all shares.