EAV – detailed information

The development of the VEC’s electronic voting system has been the result of significant research and collaboration from a number of academic and commercial organisations. The VEC has contracted out the development of a number of components of the system as well as undertaking its own development project. The system has also been subject to a significant peer review and technical assessment during its development lifecycle. Details are provided below.

suVote

suVote has been written under contract for VEC by the University of Surrey, England and is the subject of the following peer-reviewed publications which include design documentation and an original prototype of the system

The documents below are also public documents but were not peer reviewed

Ximix

Ximix has been written under contract for VEC by Crypto Workshop. Cryptoworkshop are the authors and maintainer of the Bouncy Castle open source Java cryptographic API on which Ximix depends. Ximix is a Randomised Partial Checking (RPC) mixnet specifically written to process tuples.

For introductory material please see

Ximix implements RPC based on the following papers

  • "Making Mix Nets Robust For Electronic Voting By Randomized Partial Checking" Markus Jakobsson, Ari Juels, Ronald L. Rivest, 11th USENIX Security Symposium, 2002.
  • "A Secure and Optimally Efficient Multi-Authority Election Scheme" R. Cramer, R. Gennaro, B. Schoenmakers, CGS Journal, October, 1997.
  • “Secure Distributed Key Generation for Discrete-Log Based Cryptosystems” R. Gennaro, S Jarecki, H. Krawczyk, T. Rabin, Journal of Cryptology, 2007.
  • "A Threhold Cryptosystem without a Trusted Party (Extended Abstract)" T. P. Perdersen, Springer-Verlag, 1998.
  • “How to share a secret” A. Shamir, Communications of the ACM, November, 1979.
  • "Short signatures from the Weil pairing" D. Boneh, B. Lynn, and H. Shacham, AsiaCrypt 2001.
  • The Java Pairing Based Cryptography Library (jPBC) http://sourceforge.net/projects/jpbc/, Downloaded November 2013.
  • "How not to Prove Yourself: Pitfalls of the Fiat-Shamir Heuristic and Applications to Helios" D.Bernhard, O. Pereira, B, Warinschi, volume 7658 of Lecture Notes in Computer Science, pages 626-643. 2012.
  • "Efficient Cryptographic Protocol Design Based on Distributed El Gamal Encryption" F. Brandt, Proceeding ICISC'05 Proceedings of the 8th international conference on Information Security and Cryptology, Pages 32-47 Springer-Verlag. 2006.

VPS, EVM and VVA

VPS, EVM and VVA were written internally at the VEC. VPS is an HTML/Javascript application which provides VEC staff with a means to print a candidate list for an elector. A candidate list is an artefact of the voting protocol which provides a secret randomisation of the ballot candidates.

EVM is an HTML/Javascript application which provides the elector’s voting environment with audio and visual voting interfaces. The EVM prints the receipt of the vote for the elector as well as providing a machine-base read-back facility for voicing the content of verification slips.

Both EVM and VPS reply on suVote client proxies to perform signing and verification actions and to communicate with central suVote services.

VVA is a .NET application with code dependencies in the VEC election management system. VVA enables VEC to set up e-voting and it automates some data processing. However, all security, integrity and privacy control of the e-voting rests with suVote and Ximix components.

Third party system and protocol examination

This system was examined by the Danish expert group DemTech. A report was written concerning vVote and includes commentary from all the VEC contracted development teams on details of the implementation. The report is available here DemTech Report

To provide feedback or for any questions about vVote please e-mail SourceCodeFeedback@vec.vic.gov.au

Please rate this page from 1 to 5 where 1 is unhelpful and 5 is very helpful