Summary

In March 2019 Sarah Jamie Lewis of the Open Privacy Research Society, along with Vanessa Teague (University of Melbourne), and Olivier Pereira (UCLouvain) published details of critical vulnerabilities impacting evoting systems in Switzerland and Australia. These vulnerabilities were soon confirmed by the vendor Scytl, resulting in an emergency patch being installed during an election in New South Wales, and a “temporary” suspension of evoting offerings by Swiss Post.

In June the Swiss Federal Council, citing these disclosures, delayed the introduction and evoting as an official option, and shortly after SwissPost announced that it would not be offering its system for use in the October federal elections (despite having offered it in previous elections).

Papers / Notes / Mirrors

Ceci n’est pas une preuve - The use of trapdoor commitments in Bayer-Groth proofsand the implications for the verifiabilty of the Scytl-SwissPost Internet voting system. The original PoC paper published.

How not to prove your election outcome - The use of non-adaptive zero knowledge proofs in theScytl-SwissPost Internet voting system, and its implications for decryption proof soundness. A follow up paper documenting a second issue with the SwissPost/Scytl system.

Addendum to How not to prove your election outcome - a follow up to the above paper demonstrating how the same flaw can be used to impact Individual Verifiability.

Cheating Proof Transcripts from the Swiss Post / Scytl Disclosure - a repository containing proof transcripts that demonstrate flaws in the shuffle proof and decryption proof methods implemented in the SwissVote-Scytl evoting system.

How not to prove your election outcome - A full analysis of the critical cryptographic vulnerabilities present in the Scytl/SwissPost e-voting solution to be presented at 41st IEEE Symposium on Security and Privacy.

Reseach into Cryptographic Vulnerabilities impacting the Swiss Post / Scytl e-voting System. - Original Open Privacy Research Society Writeup

Knights and Knaves Run Elections: Internet Voting and Undetectable Electoral Fraud - an article providing a less technical overview of the discovered flaws and how they relate to the security of e-voting in general.

Selected Coverage

Gravierender Mangel am E-Voting-System der Post entdeckt - Republik

Researchers Find Critical Backdoor in Swiss Online Voting System - Motherboard

Le vote électronique de La Poste est suspendu jusqu’à nouvel avis - Le Temps


Home