Main content area

Swiss Post’s e-voting solution

Electronic voting and elections for Switzerland

Swiss Post offers the cantons and municipalities a simple and flexible solution for introducing e-voting for Swiss citizens living both in Switzerland and abroad. As the trustworthy carrier of more than 20 million consignments containing voting documents and postal votes every year, Swiss Post is also the natural choice for ensuring the safe and confidential transmission of votes cast electronically with its e-voting solution. Its solution has been used since 2016.

Certified for up to 50% of the electorate

Swiss Post’s system is the first and only Swiss e-voting solution certified for 50% of the electorate and will be expanded to certification for 100% of voters by the end of 2018.
Certified accessibility

Swiss Post’s e-voting solution is fully accessible. This has also been confirmed through certification by the “Access for All” foundation.

www.access-for-all.ch

Information site

Open collapsible container Close collapsible container

E-voting blog

Open collapsible container Close collapsible container

Public intrusion test and source code

Open collapsible container Close collapsible container

E-voting news

Swiss Post’s voting system put through its paces by hackers

Swiss Post is subjecting its e-voting system to a public hacker test from 25 February until 24 March 2019. This will fulfil the directives issued by the Swiss Confederation and cantons. The test – known as a public intrusion test – will allow registered IT specialists to put the system through its paces by attempting to manipulate the result of a fictitious ballot contest. Swiss Post will incorporate the results of the hacker test into the development of its e-voting system. On 7 February, Swiss Post also published the source code to its system, which independent experts can scrutinize to prepare thoroughly for the public intrusion test.

Federal Chancellery press release
Details and schedule for intrusion test
Registration and further information on the public intrusion test

Disclosure of source code

Swiss Post believes that only a transparent and politically neutral e-voting solution can be successful in the long term. It is therefore publishing the source code of its solution.

Transparency and publications

Open collapsible container Close collapsible container

Swiss Post believes that only a transparent and politically neutral solution for e-voting can be successful in the long term. This is why Swiss Post publishes a certain number of documents and concepts for experts.

The following documents describe in detail how the Swiss Post e-voting platform works. Experts in the e-voting and cybersecurity sector are the target audience.

If you have any questions, you can address them to Swiss Post at evoting@swisspost.ch.

Presentation of available documents

Basic principles

The Pillars of End-to-End Online Voting (PDF, 815.8 KB)Document is unavailable.
Using a table, this document succinctly describes the principal pillars of security for secured end-to-end e-voting.

Protocol for the system with universal verifiability

Complete Verifiability Security Proof Report (PDF, 1.1 MB)Document is unavailable.
In this document, we are introducing the paper that provides the cryptographic proof of complete verifiability of Scytl sVote Voting Protocol, according to the complete abstract model defined in the VEleS ordinance.

Privacy Security Proof Report (PDF, 1.1 MB)Document is unavailable.
In this document, we are introducing the paper that provides the cryptographic proof of voter privacy of Scytl sVote Voting Protocol, according to the complete abstract model defined in the VEleS ordinance.

Complete Verifiability Formal Proof Report (PDF, 1.3 MB)Document is unavailable.
In this document, we are introducing the paper that provides the symbolic proof of complete Verifiability of Scytl sVote Voting Protocol, according to the complete abstract model defined in the VEleS ordinance.

Privacy Formal Proof Report (PDF, 841.8 KB)Document is unavailable.
In this document, we are introducing the paper that provides the symbolic proof of voter privacy of Scytl sVote Voting Protocol, according to the complete abstract model defined in the VEleS ordinance.

Protocol for the system without universal verifiability

The following documents are only valid for the 50% version of Swiss Post’s e-voting solution.

Swiss Post Electronic Voting Protocol (PDF, 956.6 KB)Document is unavailable.
This scientific specialist article describes which protocol will come into effect in Swiss Post’s e-voting system. A general overview of the protocol and its most important participants will be given. It also contains syntactical and symbolic descriptions which could be useful for other protocols that use return codes as well as for a symbolic analysis of the security of such concepts. Details on the implementation are given in the document.

Individual verifiability: the protocol explained (PDF, 1.3 MB)Document is unavailable.
This document contains a general description of the individual verifiability of the protocol, which Swiss Post uses in their e-voting system.

Cryptographic evidence of the individual verifiability (PDF, 620.7 KB)Document is unavailable.
Description of the protocol for the e-voting system used in Switzerland for up to 50% of the cantonal electorate.

Analysis of Cast-as-Intended Verifiability and Ballot Privacy (PDF, 640.5 KB)Document is unavailable.
Report on the automatic proof of individual verifiability and voting secrecy for the protocol using ProVerif.

Software

E-voting system documentation (PDF, 1.6 MB)Document is unavailable.
This document describes how Swiss Post has established a secure infrastructure for their electronic voting. It outlines the most important security measures against cyber attacks.

Note: the following additional documents were published with the source code and can be viewed at GitLab.com (go to registration):

Cryptographic protocol specification
Architecture of the e-voting solution
Scytl sVote Auditability with Control Components

Note: documents specific to the 50% certification of the system are available on request.

Audit certificates and reports

Open collapsible container Close collapsible container

The Confederation stipulates the administrative and technical specifications for e-voting. Compliance with these specifications must be verified by external bodies during an audit. If 30% of the cantonal electorate is exceeded, certification is also required. The documents and certificates are prerequisites for the approval of electronic voting in the cantons. The final audit reports also generally cover the improvement measures implemented over the course of the audit and those yet to be implemented.

On this page you will find various audit certificates and reports concerning Swiss Post’s system.

List of documentation

Verification of the cryptographic protocol without universal verifiability (PDF, 607.4 KB)Document is unavailable. (English version)
This document is only valid for the 50% version of Swiss Post’s e-voting solution (system without universal verifiability). The cryptographic protocol describes the individual cryptographic security elements and their use. The protocol must then be analysed to ascertain whether it corresponds to the Federal Chancellery’s requirements. Mathematical evidence has been provided as proof of this. The accuracy of this proof was analysed during the verification. This link provides you with a summary of the certification inspection to enable the system to be used by up to 50% of the electorate (“50% certification”). More information on conformity of the cryptographic protocol can be found in the Swiss Post e-voting blog.

Verification of functionality (PDF, 608 KB)Document is unavailable. (German version)
During the verification of functionality, tests are carried out to check whether the cryptographic protocol, other security measures and user processes are implemented in the system. The end-to-end encryption which ensures voting secrecy is also audited as part of this.

Verification of infrastructure and operation (PDF, 779.4 KB)Document is unavailable. (German version)
The verification of infrastructure and operation concerns the implementation of the security requirements with respect to applications, operating systems, databases, security and network components, and the premises available for secure technical operation.

Verification of protection against attempts to infiltrate the infrastructure (PDF, 565.9 KB)Document is unavailable. (German version)
In order to test infrastructure protection, the specialists tasked with doing so attempt to infiltrate the infrastructure as part of a penetration test.

Note: documents specific to the 50% certification of the system are available on request.