/kryptogramm

Independent vote verification tool for IVXV protocol of Estonian e-voting (2023 and 2024 elections)

Primary LanguagePythonGNU General Public License v3.0GPL-3.0

kryptogramm

Tool for individual vote verification at Internet enabled parliament elections in Estonia. Since we are allowed to verify our vote only up to 30 minutes after casting, we have to make this time really special, don't we?

Usage:

./kryptogramm.py (<QR-CODE.jpg> | <VOTE.json>) [--force-download]

Running the tool

What you get

Estonian Internet voting uses individual vote verification up to 30 minutes from casting the vote. Technically, this is done by downloading cryptogram from vote storage server and decrypting it with ElGamal ephemeral key created during encryption at the voting phase. Vote identificator and keys needed for decryption are passed on to secondary device by QR code. Usually you don't get the cryptogram out of proprietary voting application but by default also not from the verification application. With this tool you will get to:

  • Decode the QR code encapsulating ElGamal key and vote ID
  • Download encrypted ballot for keeping for as long as you want
  • Decrypt your encrypted ballot and see who you voted for
  • Inspect vote container, signature, registration receipts etc
  • Convert downloaded vote into valid digitally signed container
  • Transparency of human readable/editable Python 300-liner
  • Get to understand better how Internet voting works

Election servers also limit verification by three attempts per ballot. By using the tool you get full control of the democratic process, you can audit every part of it and make it fit your personal preferences or requirements of digital democracy. Currently that kind of hands on auditing is possible only for very limited parts of the election process.

See the details about vote verification on Estonian electoral commission web page (documentation mostly in Estonian) or check out source code of the official verification tool.

You can use sample data from two elections to give the tool a test run.

Installation instructions

git clone https://github.com/infoaed/kryptogramm.git
cd kryptogramm
pip install -r requirements.txt

You might also need:

sudo apt-get install libzbar0

But you might also go directly:

sudo apt-get install python3-zbar

And if you'd like to run this as a command line tool:

hatch build
pip install dist/kryptogramm-0.1.1.tar.gz

But why?

In combination with the voting application prototype the tool was used to conduct close inspection of voting protocol during parliamentary elections and appeared useful for detecting and reporting anomalies as well as demonstrating vote secrecy breach.

There is also a draft report "Votes without ballots: e‑voting at 2023 elections in Estonia", which was under title "Should e-voting experience of Estonia be copied?" presented at the Chaos Communication Congress 2023. The report is still edited and is easiest to approach through summary of the findings.

You may get better picture of my projects by having look at this unfinished netizen index of e-voting requirements and civil society organisation Fair Elections Estonia, advocating for observability of e-voting.

If you like this tool, you may also want to check out Pseudovote, another of my digital democracy tools.