|
|
|
The main characteristics of the system are:
- Easy of use
-
The system has been designed to be easy to use and compatible with all current web browser; no particular
training is requested for the voter to use the system.
- Anonymicity/Privacy
-
The system has been designed with the goal of privacy in mind: for this reason there are two web servers,
the first to authenticate the voter and the second to cast the ballot. All accesses to the Vote Server
must pass through a anonymizer system.
- Flexibility
-
The system has been designed to be flexible, so to be easily adapted to different votes, from yes/no
to multi-ballots, with different options and features like group-voting or individual-double-credentials,
username+password or client digital certificates etc.
- Scalability
-
The system has been designed to be scalable, so that it can be used for simple ballot within small groups or
large ballots for thousands of people. The software and hardware requested can be easily scaled for very large
ballots.
- Modularity
-
To achieve Flexibility and Scalability, the system is composed by modules which interacts but are largely
independent. In this way, new features or new technologies can be easily incorporated.
- Unreusability
-
Voters are given a Secret Token which can be used only once so that each voter can cast only one
ballot. Enforcement of this is realized with advanced cryptographical and system security procedures which
make it impossible to delete from the system a Secret Token marked as already used.
- Individual Verifiability
-
After casting a vote, each voter is given a Verification Code which permits to verify that
the vote has been accounted correctly in the final published results, thus the accuracy of the results is always
guaranteed.
- Separation of Duties
-
The protocols are based on the strict separation of duties among the managers of the web servers and the officials
who supervise the ballot. Only the fraudolent collaboration of 2 or more of them could, in some circumstances and
by modifying the systems,
allow them to violate the privacy of the voters, whereas the accuracy of the results is always guaranteed.
- Security
-
The protocols, algorithms and code are public and based on scientific results. Security has been the starting
point of this system which was born as a university research project in computer security. The implementation
adopts well known and trusted cryptographical algorithms, protocols and programs, and the security of the web servers
and the solutions adopted for the most critical features are based on the most advanced security features
of today operating systems.
- Weak Eligibility
-
The cryptographical Voting Authorization is given only to eligible voters. The eligibility of the voters is verified by the
Authentication Server whereas the Vote Server verifies the authenticity of the Voting Authorization, not the
identity of the voters. A fraudolent voter could pass her Voting Authorization to another person who would vote instead
of her, and could then sell her vote in this way. For this reason our protocol guarantees only a weak form of Eligibility
and cannot be used for political and similar elections.
No easy solution to this problem is known for digital web voting. Instead to implement a
protocol of doubtful security, we prefer to renounce to some requirements but to be sure of the features we offer.
- NO Receipt-freeness
-
Voters are given a receipt so to be able to check that their votes have been accounted correctly and that the results
of the ballot are trustworthy. But voters can use the receipt to prove to a third person for whom they have voted,
making it thus possible to sell their votes. For this reasons our protocol cannot be used for political and
similar elections. No easy solution to this problem is known for digital web voting. Instead to implement a
protocol of doubtful security, we prefer to renounce to some requirements but to be sure of the features we offer.
|
|
