Skip to content

Election of the Laboratory Council

English version here

Election address

https://e-vote.limos.fr

For instructions provided by the Belenios software editor, you can visit the belenios.org website.

Instructions for the voter

Before the start of the election, the voter receives an email with their vote code and the election URL. The election page displays the opening time when it is not yet open.

During the election, the voter can visit the election page and vote as follows:

  • the voter enters their vote code. This step can be done automatically if the election URL received by the voter has been customized with the vote code (case of sending vote codes by the server in particular).
  • they then have access to the election questions and select their candidates
  • the computer encrypts their choices (using a JavaScript program) and displays a tracking number to the voter, which is a hash of the ballot. This tracking number is also sent by email when the voter has finished voting.
  • once the voter has verified their choices, they are prompted to authenticate. They then receive a temporary password at their email address, which they enter into the voting interface. Other authentication methods are possible (for example, prior sending of a password depending on the elections).
  • note: a voter can vote again. Only the last vote is taken into account.

A video tutorial is available online.

The Belenios voting system is verifiable.

  • the voter can ensure that their ballot is properly recorded by checking that their tracking number appears in the ballot box, by consulting the view accepted ballots page on the election homepage. They must protest if this is not the case. If the voter votes multiple times, only their last tracking number appears.

  • the voter must also strongly protest if they receive a confirmation email without having voted or if they receive a confirmation email with a tracking number different from the one displayed on the screen during the voting phase. Someone may have succeeded in adding a ballot in their name. This could be, for example, an indication of an attack by a system administrator with access to the voter's email if the password and vote code are sent to the same address.

A voter can also verify the entire voting process. That is, instead of simply checking the presence of their ballot in the ballot box, they can verify the compliance of all ballots, monitor the ballot box to ensure that no ballot disappears, and finally ensure that the proclaimed result corresponds to the ballots in the ballot box. To do this, they must follow the instructions for the auditor.

Instructions for the electoral commission

At a minimum, the electoral commission consults the election homepage as soon as it is open and verifies that:

  • the number of voters displayed matches the electoral list;
  • the Electoral list hash value displayed matches the hash of the voters.txt electoral list provided (by the IT system or the election administrator). The hash can be calculated using one of the commands described here.
  • the voters.txt electoral list correctly corresponds to legitimate voters, with the number of votes associated in the case of a weighted vote.
  • the list of questions and answers corresponds to what was determined for this election. The questions and answers appear in the $UUID.bel file. This file can be obtained by clicking on public data in the banner at the bottom of the election homepage.

Ideally, the electoral commission also performs the auditor's work or assigns someone to do it (for example, IT services).

Instructions for the auditor

Anyone who knows the election URL can be an auditor. The URL of an election is of the form PREFIX/elections/UUID/, where, for example, PREFIX=https://e-vote.limos.fr and UUID=8GVH85AoSyweXG.

An auditor will, in particular, ensure that:

  • the election data (public keys, list of public vote codes, etc.) is consistent and does not change over time;
  • the ballot box, which contains the encrypted votes, evolves coherently: no ballot is removed unless it is a ballot with the same vote code (this corresponds to a revote);
  • the ballot box only contains well-formed ballots (with valid zero-knowledge proofs and a valid vote code);
  • the integrity of the active files (HTML, JavaScript, etc.) used by voters and authorities is preserved;
  • the election result corresponds to the encrypted ballots, thanks to the zero-knowledge proofs of correct decryption produced by the decryption authorities.

The security of Belenios relies on the fact that the checks described below are performed by at least one honest person.

Note: these checks are also performed automatically by our servers for elections set up with the highest security level (external vote code authority and at least two external decryption authorities).

Preparation To perform these tests, software is required. Here we describe how to run the checks using belenios-tool, whose sources are available from the Inria GitLab and which can be installed on Linux Debian/Ubuntu with sudo apt install belenios-tool. The auditor must then create a working directory workdir where the election audit data will be saved as downloads, in the form of a git repository.

To verify that the HTML/JavaScript codes used by voters, decryption authorities, and the vote code authority are not modified by a corrupted server, the auditor must find the “correct” code of all these programs. They must then ensure that the server provides these files faithfully. First, a reference file must be created. To do this, copy the one from the Belenios sources:

cp path/to/sources/belenios/contrib/reference_template.json workdir/hashref

Next, there are several solutions to ensure that the files served by the server are valid when auditing the election identified by UUID:

  • either the auditor simply trusts the files downloaded the first time and checks that they do not change over time (TOFU principle). Then the audit command is as follows: ./monitor_elections.py --url PREFIX --wdir workdir --checkhash yes --hashref workdir/hashref --outputref workdir/hashref --uuid UUID

  • Each time a file changes (including the first execution), this will display an alert message.

  • or the auditor retrieves the sources, recompiles the code, starts a local server, and uses the previous command to fill the workdir/hashref file with trusted data. They can then copy this file as a reference for auditing the real election hosted on the external server. The command is then the same as above.

  • or the auditor trusts an identified person who has published a signed version with gpg of the reference file. In this case, additional arguments must be passed to the audit program: the URL of this signed version, as well as a gpg keyring containing the person's public key as a trusted key. In the case of our voting platform, such a file is provided by the main developer of Belenios, Stéphane Glondu. We provide the corresponding command line, which must be adapted for another server or another trusted person: ./monitor_elections.py --url https://vote.belenios.org/ --wdir workdir --checkhash yes --hashref workdir/hashref --outputref workdir/hashref --sighashref https://vote.belenios.org/monitoring-reference/reference.json.gpg --keyring workdir/trustdb.gpg --uuid UUID

In all cases, the auditor will regularly run an audit command we will call monitor_elections. It is possible to redirect messages with the --logfile option. Then, only abnormal behaviors will be reported on stdout/stderr, making it possible to run the command from a crontab and be alerted in case of a problem.

Voting phase. During the election, the auditor is expected to:

  • if the auditor has access to the voters.txt electoral list (which is the case for the electoral commission), check that the number of voters displayed on the main election page matches the electoral list, as well as the total weight of the election, if it is a weighted election, and that the hash of the electoral list matches the one saved previously, for example using one of the commands suggested here;

  • if the auditor does not have access to the electoral list, check that the number of voters and the total weight of the election displayed on the main election page match the official data.

  • frequently run monitor_elections. Ideally, this should be done at unpredictable times, from various IP addresses reflecting the diversity of voters and authorities. The goal is to prevent a corrupted server from guessing whether the requests come from an auditor, a voter, or an authority. Here are some recommendations for an auditor to blend in with regular users:

  • as already mentioned, requests to the server should be frequent but not at regular or predictable intervals;
  • not only should IP addresses vary, but also browser configuration information (browser type and version, system, active extensions, time zone, language, screen resolution, etc.), based on a large number of configurations actually used by humans;
  • IP addresses should reflect the varied locations and internet service providers of the voter population;
  • the order in which files are requested from the server should reflect the order of a typical visit by voters and authorities, with a plausible (but unpredictable) delay between each request.

Note that the script provided by belenios-tool does not support all of this.

After the election. After the election, the auditor is expected to:

  • run monitor_elections again. The election page now contains a result.json file, and this command will verify the cryptographic proofs associated with the election result;
  • verify that the result mentioned in the result.json file matches the result published on the main election page. This verification must be done manually.

Note: If the belenios-tool command-line tool is used, trust in the tests performed partly relies on trust in the tool itself. It is possible to implement your own verification software based on the Belenios specifications, available here.

How to calculate the hash of a file?

To calculate the hash of a file, you must use the same hash function as the one used in Belenios. Here we propose several solutions to calculate this hash from the command line. We use the voters.txt file as an example, but you can of course replace it with another file.

sha256sum voters.txt | xxd -p -r | base64 | tr -d "="

(or shasum -a256 instead of sha256sum, for example on MacOS)

or:

cat voters.txt | python3 -c "import hashlib,base64,sys;m=hashlib.sha256();m.update(sys.stdin.read().encode());print(base64.b64encode(m.digest()).decode().strip('='))"

You can also use the online tool provided by Belenios.