Tool for individual vote verification at Internet enabled parliament elections in Estonia. Since we are allowed to verify our vote only up to 15 minutes after casting, we have to make this time really special, don't we?
Usage:
./kryptogramm.py (<QR-CODE.jpg> | <VOTE.json>) [--force-download]
Estonian Internet voting uses individual vote verification up to 15 minutes from casting the vote. Technically, this is done by downloading cryptogram from vote storage server and decrypting it with ElGamal ephemeral key created during encryption at the voting phase. Vote identificator and keys needed for decryption are passed on to secondary device by QR code. Usually you don't get the cryptogram out of proprietary voting application but by default also not from the verification application. With this tool you will get to:
- Decode the QR code encapsulating ElGamal key and vote ID
- Download encrypted ballot for keeping for as long as you want
- Decrypt your encrypted ballot and see who you voted for
- Inspect vote container, signature, registration receipts etc
- Convert downloaded vote into valid digitally signed container
- Transparency of human readable/editable Python 300-liner
- Get to understand better how Internet voting works
Election servers also limit verification by three attempts per ballot. By using the tool you can control and audit your voting process and make it fit your personal preferences or requirements of digital democracy. Currently that kind of hands on auditing is possible only for very limited parts of the processes.
See the details about vote verification on Estonian electoral commission web page (documentation mostly in Estonian) or check out source code of the official verification tool.
You can use sample data from three elections to give the tool a test run.
git clone https://github.com/infoaed/kryptogramm.git
cd kryptogramm
pip install -r requirements.txt
You also need libzbar with its Python bindings:
sudo apt-get install python3-zbar
And if you'd like to run this as a command line tool:
hatch build
pip install dist/kryptogramm-0.2.1.tar.gz
Depending on your style you might need to create virtual environment or --break-system-packages.
In combination with the voting application prototype the tool was used to conduct close inspection of voting protocol during parliamentary elections and appeared useful for detecting and reporting anomalies as well as demonstrating vote secrecy breach.
There is also a draft report "Votes without ballots: e‑voting at 2023 elections in Estonia", which was under title "Should e-voting experience of Estonia be copied?" presented at the Chaos Communication Congress 2023. The report is still edited and is easiest to approach through summary of the findings.
You may get better picture of my projects by having look at this unfinished netizen index of e-voting requirements and civil society organisation Fair Elections Estonia, advocating for observability of e-voting.
If you like this tool, you may also want to check out Pseudovote, another of my digital democracy tools.
