(Part 4 of a 5-part series starting here)
In 2021 the Swiss government commissioned several in-depth technical studies of the Swiss Post E-voting system, by independent experts from academia and private consulting firms. They sought to assess, does the protocol as documented guarantee the security called for by Swiss law (the “ordinance on electronic voting”, OEV)? Does the system as implemented in software correctly correspond to the protocol as documented? Are the networks and systems, on which the system is deployed, adequately secure?
Before the reports even answer those questions, they point out: “the engineers who build the system need to do a better job of documenting how the software, line by line, corresponds to the protocol it’s supposed to be implementing.” That is, this kind of assessment can’t work on an impenetrable black-box system; the Swiss Post developers have made good progress in “showing their work” so that it can be assessed, but they need to keep improving.
And this is a very complex protocol, and system, because it’s attempting to solve a very difficult problem: conduct an election securely even though some of the servers and most of the client computers may be under the control of an adversary. The server-side solution is to split the trust among several servers using a cryptographic consensus protocol. The client-side solution is what I described in the previous post: even if the client computer is hacked, it’s not supposed to be able to succeed in cheating because there are