Paper 2021/391

New Standards for E-Voting Systems: Reflections on Source Code Examinations

Thomas Haines and Peter Roenne

Abstract

There is a difference between a system having no known attacks and the system being secure---as cryptographers know all too well. Once we begin talking about the implementations of systems this issue becomes even more prominent since the amount of material which needs to be scrutinised skyrockets. Historically, lack of transparency and low standards for e-voting system implementations have resulted in a culture where open source code is seen as a gold standard; however, this ignores the issue of the comprehensibility of that code. In this work we make concrete empirical recommendations based on our, and others, experiences and findings from examining the source code of e-voting systems. We highlight that any solution used for significant elections should be well designed, carefully analysed, deftly built, accurately documented and expertly maintained. Until e-voting system implementations are clear, comprehensible, and open to public scrutiny security standards are unlikely to improve.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. VOTING'21
Keywords
VotingImplementationStandards
Contact author(s)
thomas haines @ ntnu no
History
2021-04-12: revised
2021-03-27: received
See all versions
Short URL
https://ia.cr/2021/391
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2021/391,
      author = {Thomas Haines and Peter Roenne},
      title = {New Standards for E-Voting Systems: Reflections on Source Code Examinations},
      howpublished = {Cryptology ePrint Archive, Paper 2021/391},
      year = {2021},
      note = {\url{https://eprint.iacr.org/2021/391}},
      url = {https://eprint.iacr.org/2021/391}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.