FAQ Answers to frequently asked questions and definition of terms
As part of the e-voting community programme, Swiss Post is disclosing the source code, specifications and documentation of the e-voting system. The aim is to make access to the system as simple as possible for independent experts and to constantly improve the system. Disclosure facilitates an in-depth examination and dialogue between specialists and with the Swiss Post e-voting team. Swiss Post is gradually developing the system further, taking confirmed findings into consideration. Disclosure therefore serves to enhance the security of the e-voting system.
Initially, the cryptographic protocol will be provided for review. The specifications, documentation and source code will be disclosed at a later stage.
The rules for participation in the e-voting community programme are established in a Code of Conduct. For Swiss Post, the secure implementation of the democratic process is of paramount concern, with the priority on ensuring a secure voting process and guaranteeing a secret ballot. Reports from experts represent a key contribution to improving the security of the system. Swiss Post respects the academic freedom of researchers.
Yes. Findings can be published. In the case of findings classified as high or critical, we require a maximum time frame of 90 days to analyze a report and check it with the other stakeholders (in particular the cantons). As soon as our analysis is complete, even a critical finding can be disclosed by the person who reported it. For its part, Swiss Post discloses all confirmed findings. More information can be found under Reporting a finding.
Swiss Post believes that bug bounty programmes help improve IT systems. It has therefore already focused on bug bounties as part of its information security strategy. The framework conditions for a public bug bounty programme for e-voting are currently being developed: The Confederation, together with the cantons, is setting out a catalogue of requirements for this (see Final report on the reorganization and resumption of trials, measures C.3, in French).
Based on the Confederation’s future directives, its own experiences and coordination with the partner cantons, Swiss Post will be conducting a public bug bounty programme on e-voting at a date yet to be determined.
Swiss Post will disclose the new e-voting system in stages. Initially, the cryptographic protocol will be provided for review. During the course of the year, the specifications, verifier, documentation and source code will also be disclosed. The exact date cannot be given yet.
Swiss Post previously cooperated with Scytl, a company specializing in electronic voting. In spring 2020, Swiss Post acquired all rights to the source code necessary for independent development of the system. Since then, Swiss Post has continued developing the system with its own team in Switzerland, working in close cooperation with external specialists (see also the blog article of 22.06.2019).
Swiss Post discloses its new e-voting system, provides a compilable system and thus allows independent experts to check the system and the implementation of voting procedures. By doing so, it constantly improves the system and meets the transparency requirements of the open source approach. Beyond this, Swiss Post is currently checking whether components of the e-voting system can be released under an open source licence.
The date when the new e-voting system will be available to the cantons depends on various factors, such as the statutory framework for e-voting that the Confederation is redefining as well as the feedback that Swiss Post receives from the specialist community in the course of the disclosure.
This document describes the Swiss Post e-voting system in mathematical form. It demonstrates that the cryptographic elements ensure voting secrecy as well as individual and universal verifiability. Putting the different cryptographic elements together produces the cryptographic protocol. This document is intended to describe the security goals and trust assumptions of the e-voting system and, building on this, to prove that these are satisfied by means of mathematical methods. This formal demonstration is a key element of modern cryptography and is required by the Federal Chancellery for e-voting.
The library released by Swiss Post contains key cryptographic algorithms, known as cryptographic primitives. These are used in both the e-voting system and the separate verification software. A key element of the cryptographic primitives that are currently available is the algorithms used in the mix network. Additional algorithms will be integrated in later phases of the disclosure.
The specifications for the cryptographic primitives are also available.
The mix network is the basis for the complete verifiability of Swiss Post’s e-voting system. It consists of mixers that mix and re-encrypt the votes after the electronic ballot box has been closed on the Election/Voting Sunday. The mix network prevents the individual and the vote they have cast from being linked to each other and ensures that voting secrecy is protected. Additionally, the mix network provides evidence that no votes were changed, deleted or added. The algorithms used in the mix network are available in the published open-source library of cryptographic primitives. Swiss Post has completely rewritten these algorithms. Swiss Post’s e-voting system is based on the Bayer-Groth mix network.
Thanks to universal verifiability, electoral authorities can verify the votes during counting to see whether they have been manipulated in the electronic ballot box. The check is comparable to the recounting of physical ballots. Universal verifiability enables independent control and verification of the ballot by the cantons. For universal verifiability, separate software is required, which is referred to as a verifier.
In the case of individual verifiability, voters receive choice return codes on paper together with their election or voting documents. When they cast their vote, they compare the codes with the codes shown on the screen and can thus be sure that their vote has arrived correctly in the ballot box.