Community programme Key points at a glance
In 2019, Swiss Post disclosed the source code of an earlier version of its e-voting system with complete verifiability. Since then, we have continued to develop the system, while improving the documentation and auditability. The feedback from those who took part provided us with a key basis for designing the ongoing programme, in particular with regard to the options for cooperating with interested parties. The system is being disclosed continually and transparently. Dialogue with experts is a core component of the e-voting community programme. Even after the initial authorization has been granted, Swiss Post will continue to develop the system, drawing on the expertise of specialists from around the world.
Over the course of 2021, Swiss Post published all the relevant components and documents of its future e-voting system. These will be permanently available for public review. The items are listed and described below. They can be viewed on GitLabTarget not accessible without prior registration.
Test scope e-voting system
The specification provides a detailed description of the cryptographic protocol. It describes the process from the configuration of the electronic contest to the casting and counting of votes. It contains codes known as pseudocodes, which serve to illustrate algorithms. The specification describes the more general algorithms and some of the underlying components.
The architecture documentation details the overall structure of the e-voting system: from the legal framework to the actual e-voting solution with its various components and interfaces, the principles of the architecture and decisions related to it, and the quality requirements specified for the system.
System source code
A source code is a text written in a particular programming language. It sets out the specific rules and requirements used to create a piece of software. The e-voting system’s source code contains the elements of the entire software through which the requirements of the cryptographic protocol are implemented.
The published source code for the e-voting system is prepared in such a way that it can be compiled, tested and simulated with ease.
(auditors’ technical aids)
Swiss Post’s new e-voting system provides complete verifiability. Cantonal electoral authorities can use this system to check all electronically cast votes after the ballot box has been closed and determine any irregularities. The verification software is available to the auditors for these checks. This software, which is independent of the system and not connected to any network, provides proof of whether the generated cryptographic evidence has been registered correctly. If all evidence is correct, the authenticity of all electronically cast votes and their counting is confirmed. Among other things, the software detects if the server on which the provider is running the system has been infiltrated.
Swiss Post will publish the verification software under an expansive open-source licence.
On this basis, third parties with or without commercial objectives can test and redevelop the software, and place it on the market as an independent product. Swiss Post’s aim is to enable the use of third-party verification software.
This scientific document describes the Swiss Post e-voting system in mathematical form. It demonstrates that the cryptographic elements protect voting secrecy and guarantee individual and universal verifiability.
The changes made to the cryptographic protocol since 2019 are described in supporting documentation, which is also available on GitLab.
The symbolic analysis supplements the cryptographic evidence as verification that Swiss Post’s e-voting system maintains voting secrecy and complies with individual and universal verifiability. The symbolic analysis is written in the ProVerif programming language. Its accuracy can be checked automatically using suitable software.
The library released by Swiss Post contains key cryptographic algorithms, known as cryptographic primitives. These are used in both the e-voting system and the separate verification software. A key element of the cryptographic primitives that are currently available is the algorithms used in the mix network. Additional algorithms will be integrated in later phases of the disclosure.
The specifications for the cryptographic primitives are also available.
From 8 to 31 July, Swiss Post conducted a public intrusion test in which ethical hackers were able to attempt to access the e-voting infrastructure. The intrusion test is a recurring measure as part of the e-voting system checks as well as a legal requirement of the Swiss Confederation. This means there is a third test option in addition to the static test (document analysis) and the dynamic test (running the system on your own computer). Swiss Post will continue to carry out public intrusion tests.
System documentation (“infrastructure whitepaper”)
The infrastructure whitepaper describes the e-voting infrastructure and all the security aspects that have been implemented. This includes information about data centers and the structure and application of the infrastructure and the databases. The various security measures are also outlined.
Operation Whitepaper describes the e-voting operational processes and all the security aspects that have been implemented. This includes information on the business organization, support provisions, modifications and maintenance, and also back-up and restoration processes.
Description of the development process
Swiss Post is developing the e-voting system using agile project management. This document describes the software development, gives an overview of which tools were used and demonstrates how the various quality specifications are followed during development and how they are checked. The procedure for the regular source code disclosure is also explained.
The Trusted Build is a reliable, verifiable software compilation used to ensure that the executable release is created using verified components. Procedural and organizational measures are carried out to meet the requirements of the OEV.
Tests are carried out at various levels as part of the development of the e-voting system. The software is checked for compliance with the requirements set out in the Federal Chancellery’s Ordinance on Electronic Voting (OEV) and Post CH Ltd’s internal specifications in accordance with the ISO 25010 standard. The test concept describes the entire procedure, including the test objects, the infrastructure used, the reporting and the test organization.
What you can expect
What awaits you when your participate in the e-voting community programme? The key points can be found at a glance below:
E-voting system 2019
In 2019, Swiss Post disclosed the source code of an earlier version of its e-voting system with complete verifiability. These documents are also available on GitLab.