FAQ Answers to frequently asked questions and definition of terms
As part of the e-voting community programme, Swiss Post is disclosing the source code, specifications and documentation of the e-voting system. The aim is to make access to the system as simple as possible for independent experts and to constantly improve the system. Disclosure facilitates an in-depth examination and dialogue between specialists and with the Swiss Post e-voting team. Swiss Post is gradually developing the system further, taking confirmed findings into consideration. Disclosure therefore serves to enhance the security of the e-voting system.
Initially, the cryptographic protocol will be provided for review. The specifications, documentation and source code will be disclosed at a later stage.
The rules for participation in the e-voting community programme are established in a Code of Conduct. For Swiss Post, the secure implementation of the democratic process is of paramount concern, with the priority on ensuring a secure voting process and guaranteeing a secret ballot. Reports from experts represent a key contribution to improving the security of the system. Swiss Post respects the academic freedom of researchers.
Yes. Findings can be published. In the case of findings classified as high or critical, we require a maximum time frame of 90 days to analyze a report and check it with the other stakeholders (in particular the cantons). As soon as our analysis is complete, even a critical finding can be disclosed by the person who reported it. For its part, Swiss Post discloses all confirmed findings. More information can be found under Reporting a finding.
Yes, at a later point in time. Swiss Post believes that bug bounty programmes help to improve IT systems. It has therefore already focused on bug bounties as part of its information security strategy. It is gradually expanding its bug bounty programme for e-voting. It will launch the public bug bounty programme for e-voting in the second half of 2021. Interested parties can register here.
Swiss Post will disclose the new e-voting system in stages. Initially, the cryptographic protocol will be provided for review. During the course of the year, the specifications, verifier, documentation and source code will also be disclosed. The exact date cannot be given yet.
Swiss Post previously cooperated with Scytl, a company specializing in electronic voting. In spring 2020, Swiss Post acquired all rights to the source code necessary for independent development of the system. Since then, Swiss Post has continued developing the system with its own team in Switzerland, working in close cooperation with external specialists (see also the blog article of 22.06.2019).
Swiss Post discloses its new e-voting system, provides a compilable system and thus allows independent experts to check the system and the implementation of voting procedures. By doing so, it constantly improves the system and meets the transparency requirements of the open source approach. Some components of the e-voting system are provided by Swiss Post with an open source licence. These include the disclosed cryptographic primitives.
The date when the new e-voting system will be available to the cantons depends on various factors, such as the legal bases for e-voting, which are being redefined, and the feedback that Swiss Post receives from the specialist community during the disclosure. Our goal is for the system to be ready for use in the cantons in the course of 2022.
This document describes the Swiss Post e-voting system in mathematical form. It demonstrates that the cryptographic elements ensure voting secrecy as well as individual and universal verifiability. Putting the different cryptographic elements together produces the cryptographic protocol. This document is intended to describe the security goals and trust assumptions of the e-voting system and, building on this, to prove that these are satisfied by means of mathematical methods. This formal demonstration is a key element of modern cryptography and is required by the Federal Chancellery for e-voting.
The library released by Swiss Post contains key cryptographic algorithms, known as cryptographic primitives. These are used in both the e-voting system and the separate verification software. A key element of the cryptographic primitives that are currently available is the algorithms used in the mix network. Additional algorithms will be integrated in later phases of the disclosure.
The specifications for the cryptographic primitives are also available.
The mix network is the basis for the complete verifiability of Swiss Post’s e-voting system. It consists of mixers that mix and re-encrypt the votes after the electronic ballot box has been closed on the Election/Voting Sunday. The mix network prevents the individual and the vote they have cast from being linked to each other and ensures that voting secrecy is protected. Additionally, the mix network provides evidence that no votes were changed, deleted or added. The algorithms used in the mix network are available in the published open-source library of cryptographic primitives. Swiss Post has completely rewritten these algorithms. Swiss Post’s e-voting system is based on the Bayer-Groth mix network.
The specification provides a detailed description of the cryptographic protocol. It describes the process from the configuration of the electronic contest to the casting and counting of votes. It contains codes known as pseudocodes, which serve to illustrate algorithms. The specification describes the more general algorithms and some of the underlying components.
The infrastructure whitepaper describes the e-voting infrastructure and all the security aspects that have been implemented. This includes information about data centers and the structure and application of the infrastructure and the databases. The various security measures are also outlined.
The architecture documentation details the overall structure of the e-voting system: from the legal framework to the actual e-voting solution with its various components and interfaces, the principles of the architecture and decisions related to it, and the quality requirements specified for the system.
Swiss Post is developing the e-voting system using agile project management. This document describes the software development, gives an overview of which tools were used and demonstrates how the various quality specifications are followed during development and how they are checked. The procedure for the regular source code disclosure is also explained.
Tests are carried out at various levels as part of the development of the e-voting system. The software is checked for conformity with the requirements set out in the Federal Chancellery Ordinance on Electronic Voting (OEV) and Post CH Ltd’s internal specifications in accordance with the ISO 25010 standard. The test concept describes the entire procedure, including the test objects, the infrastructure used, the reporting and the test organization.
Thanks to universal verifiability, electoral authorities can verify the votes during counting to see whether they have been manipulated in the electronic ballot box. The check is comparable to the recounting of physical ballots. Universal verifiability enables independent control and verification of the ballot by the cantons. For universal verifiability, separate software is required, which is referred to as a verifier.
In the case of individual verifiability, voters receive choice return codes on paper together with their election or voting documents. When they cast their vote, they compare the codes with the codes shown on the screen and can thus be sure that their vote has arrived correctly in the ballot box.