PDF version    PDF article    PDF white paper   

Pnyx.VM provides redundancy, enhanced auditability and voter-verifiability to poll-site electronic voting terminals (i.e., DREs) without having to generate a paper trail. By means of a simple easy-to-audit external module connected to the DRE (the Verification Module), Pnyx.VM enables voters to verify their votes before they are cast and recorded. Pnyx.VM also provides redundancy to the voting system through a double-register of the votes. All the procedures are carried out and verified in this Verification Module and, therefore, its audit and certification are sufficient to ensure a secure and reliable election.

Pnyx.VM ensures:

• Individual voter verification that the vote is cast and recorded as intended.
  
• Protection of the integrity of the votes by cryptographic means.
  
• Redundancy through a double-register of the votes.
  
• Possibility of a parallel recount of the votes
  independent from the results of the DRE.
  
• Easy to integrate with any DRE manufacturer.
  
• Verification process accessible to everyone, including blind and visually impaired voters.
  
• Simplification of the audit and certification of the voting system.
  
• User-friendly verification interface, fully adaptable to people with disabilities.
  
• Enhancement of the auditability of the election through the use of cryptographic tools.

Pnyx.VM guarantees secure, accessible and auditable elections

What is Pnyx.VM?

• Pnyx.VM derives from scytl's 10 years of research and development experience in security solutions for the electronic voting industry and is protected by international patents.
• Pnyx.VM is based on an independent module (Verification Module) connected to the DRE.
  The Verification Module has two components:
  - A hardware device with a screen, an audio port and two buttons.
  - Cryptographic software that runs in the
  hardware device to protect the votes.
• The Verification Module represents a secure and reliable environment because:
  - It is independent from the manufacturer
  of the DRE.
  - It is based on open-source software and on software that is open to audits.
  - It is very simple since it only performs a limited number of functions.
  - It is very easy to audit and certify by election authorities.
  Pnyx.VM also provides election authorities with cryptographic tools (e.g., one-way accumulators) to check the integrity of every single vote.
  Pnyx.VM can be easily integrated with any manufacturer's electronic voting machines.
  

How is the voting process?
1. The voter makes the selection of the desired voting
options in the DRE.
2. The selected voting options are transferred from the
DRE to the Verification Module.
3. The voter verifies in the Verification Module
(via screen and/or through headphones) the selected
options and accepts them.
4. The verified options are encrypted and digitally
signed in the Verification Module in order to protect
every single ballot from internal and external
attacks.
5. The protected ballot is stored in the Verification
Module and a positive verification message is sent to
the DRE where the ballot is stored in the usual format.

How is the audit process?
1. The election authorities retrieve the votes from
the DRE.
2. The election authorities retrieve the Integrity Record
from the Verification Module. This Integrity Record
was generated in a secure environment based on
every single voter-verified vote.
3. The election authorities check that the set of votes
retrieved from the DRE matches the value of the
Integrity Record from the Verification Module.
4. If the check fails, the election authorities can
retrieve the back-up votes (which are the
cryptographically-protected voter-verified votes)
from the Verification Module and implement a
parallel recount.