Technical documents about the e-vote solution

Technical documents about the e-vote solution

Technical documents about the e-vote solution will bee published here as soon as they are available.

 

Source code audit of the Norwegian electronic voting system

The Norwegian Ministry of Local Government and Regional Development hired mnemonic to perform a “third party review of those parts of the [electronic voting system] that implement cryptographic primitives and generate keys”, to verify that this is done securely and correctly. The report was finised in august 2013 and you can read it below:

Description of the cryptographic protocol for the Internet voting

The e-vote 2011-project has, in co-operation with Scytl Secure Electronic Voting and Kristian Gjøsteen from the Norwegian University of Science and Technology (NTNU), developed at security mechanism that by use of cryptographic techniques allows the voter to confirm that her vote has been recorded correctly. This is done without revealing the contents of the ballot to anyone but the voter. Cryptography is used in several ways to protect the integrity of the ballot and the election.

Kristian Gjøsteen, from NTNU, has described the cryptografhic protocol that will be used in the trial with internet voting in the 2011 local government elections.

A simplified version of the cryptographic protocol was published 09.03.2010:

 

Security objectives for the e-vote solution

This document forms the cornerstone of the e-vote 2011 security documentation. It was written in march/april 2009 and draws up the security objectives which the e-voting system must fulfill.

The document is divided into three parts:

  • Chapter 2 contains a high level security domain model, describing what parts of the system must be secured against different threats.
  • Chapter 3 contains a threat analysis describing what actors may attack the system with what motivation and means.
  • Chapter 4 contains the security objectives for the system. These objectives are drawn up based on the security domain model, threat analysis etc. and aim to formulate technology independent, high level requirements for a secure, transparent and auditable e-voting system.