Most online voting systems operate based on a trusted solution. This means that the security and integrity of the system is dependent on the administration team operating it. End to End Verifiable solutions are designed to remove any aspect of Administrator interference of the solution, giving the voter the ability to check the system directly. There are significant differences between the two types of solutions.
Trusted election system
Typically, an independent organisation is used to setup and manage the online election process. They can see the votes coming in, who has voted and how they have voted, they have access to all parts of the process at every stage. Those that have access to the administration of the online voting system therefore are trusted that they will not do anything that impacts the election result or the process. In the UK currently most if not all election online election process is provided as ‘Trusted’ solutions. Some organisations mention they have End to End online election systems and services, these are still trusted solutions whereby the organization has end to end control of the process, however, are not comparable to a true End to End Verifiable solution.
End-to-End Verifiable election system
Verifiable systems work independently of any administrator once setup and are locked prior to any votes being cast. At the close of the election, they can only be unlocked by those authorised to do so, and typically can include several authorised persons each with a part of the unlock key. Meaning that a number of those authorised persons must use each part of the key to unlock the results. During the election period voters, independent auditors, academia, and observers can check that the system is performing as expected using universal verification measures such as:
Cast as intended
Individual verifiability: Systems contain a mechanism for the voter to get proof the vote has not been changed during the process of casting the vote and ballot encryption process.
Registered as cast
Individual verifiability: Systems should include “append-only” publicly available bulletin board functions to allow voters to check their encrypted vote has not been altered or removed throughout the election process.
Counted as registered
Universal verifiability: The count process generates proof that certify the correctness of the calculated results. Meaning the election result corresponds to the content of all encrypted votes cast during the election process.
Systems also should offer considerable security controls to ensure not external interference occurs these at a minimum should include:
This provides verification mechanisms that assure all cast votes come from eligible voters only. In addition, digital signatures certify the fact that no votes have been tampered with during the voting process.
This ensures that, under no circumstances results can be read without the necessary key/s being used to unlock them.
A Mix-net is the virtual equivalent of a physical ballot box being shaken prior to opening to ensure the sequence in which the ballots are cast is mixed up. Also, the mixing procedure breaks any connection between a voter identity and their vote. After the mixing procedure, all votes are safely decrypted and are completely anonymised.
End to End verifiable systems are built on prominent scientific reviewed crypto algorithms, provide full documentation, transparency, and auditability from end-to-end during the election process. They remove the human administration aspect of running an election and creating the result. Consequently, they can be audited and checked during the processes ensuring trust and credibility of both the process and the result.
UK Engage are an experienced election services provider with both Trusted and End-to-End Verifiable solutions, with a dedicated team of election professionals delivering elections daily. Both postal and online services can be provided as part of our ISO9001 and ISO27001 certifications. Contact us on 0161 209 4808 or email email@example.com