How it works
Before The Election
Before an election commences, the election authority generates a set of pairwise distinct tracking codes. These tracking codes are then hidden (via encryption) and the set is mixed. For each registered voter, an encrypted tracking code is randomly assigned, and as this code is encrypted, no one can determine which tracking code is assigned to any particular voter. Besides, the secret data required to reveal the tracking code is computed and kept hidden by the authorities. All calculations are verified by external auditors. It is important to perform these steps before an election begins, in order to ensure that each voter has been assigned a unique tracking code.
How To Vote
When an election begins, you may access the voting page and choose a candidate. After you confirm your choice, your vote is first encrypted before being sent over the network to the election server. From there, the encrypted vote is tied to your account in the database, and to its encrypted tracking code.
The Tallying Process
When the election ends, the tallying process can commence. The election authority retrieves all encrypted pairs consisting of trackers and their respective votes. The election authority then performs a verifiable shuffle on these pairs and decrypts and reveals the trackers and the votes that correspond to them. These pairs are displayed in the clear. Again, these calculations are audited in order to ensure that they were carried out correctly. At this point, no one knows his\her tracking code. The voter is now faced with two options as explained below.
Option 1: Verify Your Vote
After all votes have been published with their tracking codes, the election authority needs to give you the secret data computed in step 1, to let you retrieve your tracking code. As a reminder, before the election starts, the secret information required to open the tracker on your side was computed and kept hidden. This information can now be sent over to you. This data can only be used by you to compute your own unique tracking code. You can now compute this code and check if your vote has been recorded correctly.
Option 2: Deny Your Vote
If someone is asking you to reveal your vote for any reason (coercion, vote buying), it is possible for you to deny your vote. Indeed, as the list of trackers and votes are available after the tallying process, you may choose any tracking code that will please the coercer and ask to be notified with this tracking code instead of your code. Selene will compute fake secret data which will open to the tracking code of your choice.
Privacy
We care about your privacy. As explained above:
- Your vote is encrypted before being sent to the server,
- We store your encrypted vote and we mix it before decryption to remove links to your identity,
- Only you have access to your unique tracking code, and you may produce a fake one in case of coercion.
Selene was devised at the APSIA research group of the SnT interdisciplinary center at the University of Luxembourg.
