Community programme Key points at a glance
In 2019, Swiss Post disclosed the source code of an earlier version of its e-voting system with complete verifiability. Since then, we have continued to develop the system, while improving the documentation and auditability. The feedback from those who took part provided us with a key basis for designing the ongoing programme, in particular with regard to the options for cooperating with interested parties. We have updated and improved the procedure: the system is being disclosed step by step and transparently. Dialogue with experts is a core component of the disclosure process, which forms part of the e-voting community programme.
The disclosed items are listed and described below. Specifications, documentation and the source code will be made available for testing over the course of the year. All items can be viewed on GitLab.
This scientific document describes the Swiss Post e-voting system in mathematical form. It demonstrates that the cryptographic elements protect voting secrecy and guarantee individual and universal verifiability.
The changes made to the cryptographic protocol since 2019 are described in supporting documentation, which is also available on GitLab.
The library released by Swiss Post contains key cryptographic algorithms, known as cryptographic primitives. These are used in both the e-voting system and the separate verification software. A key element of the cryptographic primitives that are currently available is the algorithms used in the mix network. Additional algorithms will be integrated in later phases of the disclosure.
The specifications for the cryptographic primitives are also available.
The specification provides a detailed description of the cryptographic protocol. It describes the process from the configuration of the electronic contest to the casting and counting of votes. It contains codes known as pseudocodes, which serve to illustrate algorithms. The specification describes the more general algorithms and some of the underlying components.
The infrastructure whitepaper describes the e-voting infrastructure and all the security aspects that have been implemented. This includes information about data centers and the structure and application of the infrastructure and the databases. The various security measures are also outlined.
The architecture documentation details the overall structure of the e-voting system: from the legal framework to the actual e-voting solution with its various components and interfaces, the principles of the architecture and decisions related to it, and the quality requirements specified for the system.
Swiss Post is developing the e-voting system using agile project management. This document describes the software development, gives an overview of which tools were used and demonstrates how the various quality specifications are followed during development and how they are checked. The procedure for the regular source code disclosure is also explained.
Tests are carried out at various levels as part of the development of the e-voting system. The software is checked for conformity with the requirements set out in the Federal Chancellery Ordinance on Electronic Voting (OEV) and Post CH Ltd’s internal specifications in accordance with the ISO 25010 standard. The test concept describes the entire procedure, including the test objects, the infrastructure used, the reporting and the test organization.
What you can expect
What awaits you when your participate in the e-voting community programme? The key points can be found at a glance below:
Available during the course of the year
The following additional functions are available to experts in order to test the e-voting system during the course of the year.
- Many options for testing the code: it will be possible to compile and execute the source code. It can be shared with others, modified and tested. To this end, we will provide a guide and test files.
- Simulation of a voting procedure: we will provide a guide and various test files to help you simulate a voting procedure on your computer.
- Reward for confirmed vulnerabilities: Swiss Post will carry out a public bug bounty programme for e-voting in the second half of 2021.