E-voting
Online voting and elections
Media image full width
Core documents
This document briefly outlines in a table the most significant security principles in end-to-end online voting.
This document describes how Swiss Post has established a secure infrastructure for its electronic voting. It outlines the most important security measures against cyber attacks.
Protocols on verifiability and voting secrecy
In this document, we are introducing the report that provides the cryptographic proof of complete verifiability of Scytl sVote Voting Protocol, according to the complete abstract model defined in the VEleS ordinance.
In this document, we are introducing the report that provides the cryptographic proof of voting secrecy of Scytl sVote Voting Protocol, according to the complete abstract model defined in the VEleS ordinance.
In this document, we are introducing the report that provides the symbolic proof of complete Verifiability of Scytl sVote Voting Protocol, according to the complete abstract model defined in the VEleS ordinance.
In this document, we are introducing the paper that provides the symbolic proof of voting secrecy of Scytl sVote Voting Protocol, according to the complete abstract model defined in the VEleS ordinance.
Protocol for the system without universal verifiability
The documents for the old version of Swiss Post’s e-voting solution (50%, without universal verifiability) are available on request.
Disclosure of source code
Swiss Post believes that only a transparent and politically neutral e-voting solution can be successful in the long term. It is therefore publishing the source code of its solution with universal verifiability (see blog “Swiss Post publishes the source code for its e-voting system”) In addition, it has published various technical documents (see “Transparency and publications”).
By publishing the source code for its e-voting solution, Swiss Post wants to build trust with the public and use feedback from knowledgeable professionals for the purposes of improvement. Source code disclosure is also a mandatory precondition of the Federal Chancellery when using advanced electronic voting systems.
Swiss Post’s disclosed source code relates to the implementation of the cryptographic protocol for complete verifiability at application level. The specification of the cryptographic protocol and the architecture of the e-voting solution are published.
A Gitlab.com account and registration with Swiss Post are required to view the source code. In addition, all users must first accept the conditions of use (PDF, 166 KB).
Audit certificates and reports
The Confederation stipulates the administrative and technical specifications (in German) for e-voting. Compliance with these specifications must be verified by external bodies during an audit. If 30% of the cantonal electorate is exceeded, certification is also required. The documents and certificates are prerequisites for the approval of electronic voting in the cantons. The final audit reports also generally contain information about the improvement measures implemented over the course of the audit and those still required.
Below you will find various audit certificates and reports concerning Swiss Post’s system. Documents that refer to the 50% certification of the system are available on request.
Verification of the cryptographic protocol without universal verifiability (English version)
This document is only valid for the 50% version of Swiss Post’s e-voting solution (system without universal verifiability). The cryptographic protocol describes the individual cryptographic security elements and their use. The protocol must then be analysed to ascertain whether it corresponds to the Federal Chancellery’s requirements. Mathematical evidence has been provided as proof of this. The accuracy of this proof was analysed during the verification. This link provides you with a summary of the certification inspection to enable the system to be used by up to 50% of the electorate (“50% certification”).
During the verification of functionality, tests are carried out to check whether the cryptographic protocol, other security measures and user processes are implemented in the system. The end-to-end encryption which ensures voting secrecy is also audited as part of this.
The verification of infrastructure and operation concerns the implementation of the security requirements with respect to applications, operating systems, databases, security and network components, and the premises available for secure technical operation.
In order to test infrastructure protection, the specialists tasked with doing so attempt to infiltrate the infrastructure.
Public intrusion test 2019
From 25 February to 24 March 2019, Swiss Post carried out a public intrusion test. IT specialists and hackers were invited to attack the system with the aim of finding vulnerabilities.
During the four-week endurance test, around 3,200 international IT experts inflicted targeted attacks on the new e-voting system. After the completion of the intrusion test, there were no manipulated votes in the electronic ballot box. The hackers did not manage to infiltrate the e-voting system. Attempts at overloading the system through DDoS attacks were unsuccessful. The hackers submitted a total of 173 findings. The Federal Chancellery, Cantons and Swiss Post confirmed 16 of them. They fall under the lowest classification level, “Best Practice”, and are thus considered non-critical. The entire assessment process for the findings was overseen by representatives of the Confederation and the cantons.
Swiss Post’s final report (PDF, 975.6 KB) summarizes the results and insights gained from the intrusion test for the Steering Committee, which consists of representatives from the Confederation and the Cantons.
The Confederation’s final report can be found here (German version).
Contact us
We would be happy to advise you about e-voting.
Write to us
Send us your query directly online.
On LinkedIn
News and information on LinkedIn
Our address
Post CH Ltd
E-voting
Wankdorfallee 4
3030 Berne
Switzerland