Cryptology ePrint Archive: Report 2021/391

New Standards for E-Voting Systems: Reflections on Source Code Examinations

Thomas Haines and Peter Roenne

Abstract: There is a difference between a system having no known attacks and the system being secure---as cryptographers know all too well. Once we begin talking about the implementations of systems this issue becomes even more prominent since the amount of material which needs to be scrutinised skyrockets. Historically, lack of transparency and low standards for e-voting system implementations have resulted in a culture where open source code is seen as a gold standard; however, this ignores the issue of the comprehensibility of that code.

In this work we make concrete empirical recommendations based on our, and others, experiences and findings from examining the source code of e-voting systems. We highlight that any solution used for significant elections should be well designed, carefully analysed, deftly built, accurately documented and expertly maintained. Until e-voting system implementations are clear, comprehensible, and open to public scrutiny security standards are unlikely to improve.

Category / Keywords: applications / Voting, Implementation, Standards

Original Publication (in the same form): VOTING'21

Date: received 24 Mar 2021, last revised 12 Apr 2021

Contact author: thomas haines at ntnu no

Available format(s): PDF | BibTeX Citation

Version: 20210412:171918 (All versions of this report)

Short URL: ia.cr/2021/391