With the e-voting community programme, Swiss Post is disclosing its new system for electronic voting in elections and votes so that independent experts can critically examine it and report potential vulnerabilities. This procedure is implemented to increase the security of IT systems. By taking this approach, Swiss Post wants to foster dialogue with external e-voting specialists.
In the first step of the disclosure, the draft of the cryptographic protocol will be available to be checked. This document describes Swiss Post‘s e-voting system in mathematical form. It demonstrates that the cryptographic elements ensure voting secrecy is preserved, as well as guaranteeing individual and universal verifiability. Swiss Post published the protocol for a previous system version in 2019. Since then, the completely verifiable system has been revised. Factors including the valuable feedback provided by experts were taken into account when making changes. Accompanying documentation for the protocol, which is also available online, explains what changes have been implemented since 2019, what limitations exist and what improvements still need to be made.
“We want to make it as easy as possible for independent experts to get involved and, in turn, to suggest improvements,” says Denis Morel, Head of E-Government at Swiss Post.
For this reason, Swiss Post is making a website available to experts with information about the community programme. On the page, direct access to the published materials and all relevant information about the disclosure can be found, such as the process for reporting findings. This website will be gradually updated and added to. All technical data is available on the specialist GitLab platform. Initially, only the cryptographic protocol can be found there. Confirmed findings will also be made publicly accessible on GitLab.
Specifications, documentation and the source code for the system will follow in stages at later dates. The disclosure in phases is intended to allow checks and specialist discussions.
It is still unclear when the system will be developed to such a degree that it meets the requirements of the Confederation and is ready to be deployed by the cantons. This depends, on the one hand, on the implementation of the new legal framework for e-voting and, on the other hand, on the feedback that Swiss Post receives from the specialist community in the course of the disclosure.
More information on the e-voting community programme