In several stages from the beginning of 2021, Swiss Post has published the key documents and components for the beta version of its future e-voting system with universal verifiability on the specialist platform GitLab. Experts from around the world have since taken part in the review and reported improvements to the system, which Swiss Post has implemented. The latest information on the findings is always available on this blog.
In July 2021, the Federal Chancellery also commissioned several expert groups to examine the system in the areas of cryptography, software, infrastructure and operations as well as to perform penetration testing. This independent examination is a requirement for the use of a system in accordance with the future legal basis. Swiss Post was in contact with the experts during the examination. Swiss Post analysed the audit reports in detail and provided response reports that outlined how the reported findings are to be resolved.
Work on resolving the reported findings is already under way. In the most recent system release, Swiss Post has already taken action to resolve some of the findings from the audit reports. The resolved findings are listed by system component on the specialist platform GitLab (source code system, cryptographic primitives, cryptographic protocol).
Other improvements are soon to be implemented. Swiss Post has developed an action plan for resolving the outstanding findings and communicated it to the Federal Chancellery and the cantons involved. This work is centred on aspects of the cryptographic protocol and its implementation in the software. Swiss Post is making clarifications, implementing targeted improvements and recoding, with particular regard to the cryptographic evidence and the findings relating to voting secrecy and individual verifiability.
Swiss Post will not make the ready-for-use system available to the cantons until the work outlined in the action plan is complete. The interested cantons should be able to introduce e-voting within the context of the legally determined trial operation during the course of 2023.
The audit reports created by the experts are available on the Federal Chancellery website. The response reports from Swiss Post can be found below.
| Expert group | Examination scope(s) | Antwortbericht/e der Post (englisch) |
|---|---|---|
| Adamiste Stephane (SCRT) | Operations and organization | Response to SCRT Scope 3 |
| Basin David (Contego Laboratories) | Cryptographic protocol | Response to Basin Scope 1 |
| Dubuis Eric, Haenni Rolf, Koenig Reto and Locher Philipp (BFH) | Cryptographic protocol; Software | |
| Essex Aleksander (Western University Canada) | Cryptographic protocol | Response to Essex Scope 1 |
| Ford Bryan (EPFL) | Cryptographic protocol; Software; Operations and organization | Response to Ford Scopes 1, 2 & 3 |
| Fontes Antonio (SCRT) | Operations and organization | Response to SCRT Scope 2a |
| Haines Thomas (Australian National University), Pereira Olivier (Université catholique Louvain), Teague Vanessa (Thinking Cybersecurity) | Cryptographic protocol; Software | Response to Haines, Pereira, Teague Scopes 1 & 2T |
| Mowat Alain (SCRT) | Penetration test | Response to SCRT Scope 4 |
| Perrig Adrian (ETHZ) | Penetration test | Response to ETHZ Scope 4 |