Selectio Helvetica

Selectio Helvetica is a broad internet voting project based out of Switzerland. This wiki page currently focuses on two of their protocols, the general one outlined in "Selectio Helvetica" and the more nuanced one outlined in "Secure Internet Voting on Limited Devices with Anonymized DSA Public Keys".

Infrastructure attack protection
All internet voting systems are vulnerable to denial-of-service attacks. There are defenses against these kind of attacks, but they can't stand up to an adversary given sufficient computing power. In the event of such a situation voters would have to vote in person (or by mail)

Outsider hacking protection
All internet voting systems are, at least potentially, vulnerable to outside attack on the servers running the software. Yet there is a high degree of protection against such attempts because of the public bulletin board. Auditors and individuals will notice if information gets deleted from the board for no apparent reason, or if anything is edited. The server doing the tallying must remain secure, but the tallying can be re-done if the bulletin board stays online.

Malware and virus protection
This is a problem. If the voters' computers run viruses, they might display corrupt information at verification and mislead voters. Still, users can verify their votes online by checking the public bulletin board. It's also possible that there could be a utility to allow them to verify their vote using another channel (like SMS), or they could just use another machine. If they have any doubt about the integrity of their vote, they can re-vote in person or online.

Man in the middle attack protection
This is mitigated by the fact that the man in the middle doesn't know the content of the vote that is being transmitted. The voter could check to ensure that his or her vote went through the system as well before the election ends.

Insider attack protection
This hasn't been addressed because this system is theoretical. This is a big issue however. It can be partially addressed by 1) open source software and 2) security of the systems themselves - at least there are less machines to deal with compared with DREs.

Coercion resistance
This is a problem. Because voters can verify their votes, they can prove to vote buyers how they voted. This is partially solved because they can change their vote at a polling station, or online (though this may not help when an adversary demands the voter's username and password.)

Ensuring one person, one vote
As Dubuis et. al write, "To prove eligibility, voters must use the [given] credential to digitally sign the encrypted vote." Thus, only registered voters can vote. The bulletin board ensures that only the last vote counts.

Counting and tallying accuracy
The system should accurately count and record votes. Dubuis et al write that "the integrity can... be ensured by letting voters digitally sign their votes cast." Verifiability helps ensure this - anyone can ensure that their vote has been included in the final tally. Auditors monitoring the system can identify suspicious activity (i.e. if ballots are being deleted)

Voter anonymity
When the election is tallied, "no link between the input and output of the mix-net can be established, which ... guarantees the anonymity of the vote." This depends on regulatory authorities being honest here but there are significantly less things to regulate when compared to other means of voting. Yet there's a caveat that may or may not be significant: given enough time it's likely that you'll know how people (say, 100 years ago) voted because all the data on the bulletin board is public information. Whether that's important or not is something that must be resolved before implementing this approach.

Voter verifiability
"Verifiability is... achieved by publishing all votes cast (together with... cryptographic proofs) on a public bulletin board." This could be checked automatically. Voters can't delete/change anything and can verify that their vote was counted.

Immediate results protection
So long as there are multiple key shares split among several independent tally authorities, then no election results should be obtainable before the voting period ends.

Ease of performing a recount
Theoretically anyone with the data should be able to tally it themselves provided that they have all the necessary decryption keys. Some may object to this type of recount, however. In particular, if the bulletin board is running the wrong software (assuming this goes undetected which isn't likely) then this kind of recount seems to beg the question. Ultimately, this question seems to not have been explored as to whether recounting the data on the bulletin board would solve back all of the potential harms that could appear during the voting process.

Usability
The exact usability of the system isn't fully known because while there have been uses of a modified Selectio Helvetca protocol there isnt much on the way of how easy it was to register and vote this way. However, it likely wasn't too difficult.

Infrastructure attack protection
All internet voting systems are vulnerable to denial-of-service attacks. There are defenses against these kind of attacks, but they can't stand up to an adversary given sufficient computing power. In the event of such a situation voters would have to vote in person (or by mail)

Outsider hacking protection
All internet voting systems are, at least potentially, vulnerable to outside attack on the servers running the software. Yet there is a high degree of protection against such attempts because of the public bulletin board. Auditors and individuals will notice if information gets deleted from the board for no apparent reason, or if anything is edited. The server doing the tallying must remain secure, but the tallying can be re-done if the bulletin board stays online.

Malware and virus protection
This is a problem. If the voters' computers run viruses, they might display corrupt information at verification and mislead voters. Still, users can verify their votes online by checking the public bulletin board. It's also possible that there could be a utility to allow them to verify their vote using another channel (like SMS), or they could just use another machine. If they have any doubt about the integrity of their vote, they can re-vote in person or online.

Man in the middle attack protection
This is mitigated by the fact that the man in the middle doesn't know the content of the vote that is being transmitted. The voter could check to ensure that his or her vote went through the system as well before the election ends.

Insider attack protection
This hasn't been addressed because this system is theoretical. This is a big issue however. It can be partially addressed by 1) open source software and 2) security of the systems themselves - at least there are less machines to deal with compared with DREs.

Coercion resistance
Hanni and Spycher admit that their protocol isn't receipt-free, thus it provides minimal defense against vote selling and coercion. After voting, the voter possesses his private key which can be combined with his encrypted ballot on the bulletin board to prove to any adversary how he voted. This is partially solved because they can change their vote at a polling station, or online (though this may not help when an adversary demands the voter's username and password.)

Ensuring one person, one vote
Like in Selectio Helvetica, voters must sign their votes. As the authors write, "multiple ballots from the same eligible voter contain the same anonymous key and are therefore detected during the tallying phase."

Counting and tallying accuracy
The system should accurately count and record votes. For Selectio Helvetica (but applicable here) Dubuis et al write that "the integrity can... be ensured by letting voters digitally sign their votes cast." Verifiability helps ensure this - anyone can ensure that their vote has been included in the final tally. Auditors monitoring the system can identify suspicious activity (i.e. if ballots are being deleted)

Voter anonymity
The protocol provides a high degree of privacy. As Haenni and Spycher write, "Every plaintext vote is unambiguously linked to an anonymous key, but linking the anonymous key back to its owner is prohibited by the anonymous channel and the unlinkability property of the public key shuffling procedure." This also prevents an adversary from finding out whether a particular voter has voted. The anonymous channel discussed "may be hard to implement," but use of mix nets before vote encryption could solve this.

Voter verifiability
As the authors wrote for Selectio Helvetica (though applicable here) "Verifiability is... achieved by publishing all votes cast (together with... cryptographic proofs) on a public bulletin board." This could be checked automatically. Voters can't delete/change anything and can verify that their vote was counted.

Immediate results protection
So long as there are multiple key shares split among several independent tally authorities then no election results should be obtainable before the voting period ends.

Ease of performing a recount
Theoretically anyone with the data should be able to tally it themselves provided that they have all the necessary decryption keys. Some may object to this type of recount, however. In particular, if the bulletin board is running the wrong software (assuming this goes undetected which isn't likely) then this kind of recount seems to beg the question. Ultimately, this question seems to not have been explored as to whether recounting the data on the bulletin board would solve back all of the potential harms that could appear during the voting process.

Usability
The exact usability of the system isn't fully known because this system is more of a general protocol at this stage rather than something that has been implemented and tested.