NSW iVote source code released for researchers to poke around in

Scytl has published components of the source code used by the NSW Electoral Commission following claims there were two flaws in the same system used in Switzerland.
Written by Asha Barbaschow, Contributor

Parts of the source code the New South Wales Electoral Commission (NSWEC) uses to conduct voting has been released, in a bid to prove it contains no vulnerabilities.

Scytl, who was awarded a multi-year contract to refresh the NSW online and phone voting software also known as iVote, has on Tuesday made the code available to those that register, at the request of the NSWEC.

"We have published the source code to allow independent researchers to review it in order to aid continuous improvement of the code base by finding and communicating any vulnerabilities they may find," Scytl Asia-Pacific GM Sam Campbell said.

"The terms of use are published with the source code and stipulate that any vulnerabilities discovered must be reported to Scytl and the NSW Electoral Commission."

In early March, a group of researchers found a flaw in the Swiss Internet voting system, which is the same system used by NSWEC. The flaw was found in the proof the SwissPost system uses to prevent electoral fraud.

Later that month, researchers detailed a second flaw in the electronic voting system, discovering another method that could be exploited to result in a tampered election outcome.

"We have recently discovered a second, independent method by which a proof mechanism in sVote could be subverted to prove an election outcome that has actually been manipulated," they wrote at the time.

The second flaw is similar to the first, which was essentially a trapdoor -- a flaw in the mixnet component that shuffles votes in an effort to remove the ability to link votes to individual electors.

According to the researchers, the SwissPost system offers one form of verifiability, called complete verifiability, which means that any manipulation should be detectable unless all but one part of the system colludes to cheat.

"In the SwissPost system, encrypted electronic votes are shuffled to protect individual vote privacy. Each server shuffling votes is supposed to prove that the set of input votes it gets correspond exactly to the differently-encrypted votes it outputs," they continued.

The next step after shuffling, the researchers explained, is decrypting the votes. But the cryptographic construct in place for the Swissvote System, a zero knowledge proof, was highlighted by the researchers as "not sound".

"Our research has found that this proof is not sound. It's possible to generate a proof that passes verification, but changes the contents of the encrypted vote," they said. "It's a little like leaving the ballot box observable all through polling day, yet somehow managing to slip different votes into the count."

After hearing of the second flaw, NSWEC said its system had not been affected.

"Based on its assessment of the information supplied by these academics, the NSW Electoral Commission is confident that the new issue they describe in the Swiss Post system is not relevant to the iVote system," the state government entity said.

It also previously claimed it was unaffected by the first flaw because its mixnet was not connected to any systems and was "securely housed" at the NSWEC.

Scytl this week said that a finding identified prior to the election, which arose from testing of the Scytl source code in Switzerland, was fixed with a patch provided to the NSWEC.

The company said other findings identified in the Swiss system have not been relevant to the NSW voting solution.

"Scytl supports responsible disclosure practices and encourages interested people to step forward to support this initiative and share with us any finding regarding iVote," Campbell continued.

According to Scytl, over 230,000 NSW voters successfully cast their vote through iVote in March. It said nearly 1 out of every 2 voters verified the correct casting of their vote through the official election app.


Editorial standards