Following the requirements of the Confederation and Cantons, Swiss Post and Scytl recently published the source code and cryptographic protocols of the e-voting system used in Switzerland, in order to allow researchers and other stakeholders with interest to share constructive feedback on the code and protocol design.
The source code of the Swiss e-voting system has been published in an official repository managed by Swiss Post in Gitlab, which also offers an official channel to provide feedback. However, Scytl has detected parallel unofficial repositories of presumably the same source code that also triggered the creation of other discussions threads. In such cases, it is impossible to guarantee the integrity and authenticity of any source code hosted in unofficial repositories as well as the validity of their related comments.
In addition, over the last days, several comments were made by some individuals outside the official channel, claiming that the cryptographic protocols were not secure and making general comments on the quality of the code. Comments made in unofficial threads do not allow to build a comprehensive and constructive dialogue on the source code, and do not serve the security community or the citizens interest. These criticisms are mainly based on misunderstandings related to the cryptographic mechanisms, which have already been clarified and solved in the official repository.
The cryptographic protocols are the result of the research carried out since the foundation of Scytl in 2001, which has been made available to the public through ongoing academic publications. They have successfully passed the scrutiny of 3rd party cryptographic experts. It is indeed because the cryptographic protocols have achieved complete verifiability that the source code has been published, with the confidence that no attack might compromise the secrecy of the ballot box and the integrity of the election results.
To get access to the full statement, please click here.