Methodology

To allow the votes, the vote server hosts an internet site carrying out two distinct operations:

• It allows downloading locally a javascript/java application in order to express the vote and to code it (seal).
• It enables the elector to prove his identity in order to transmit his vote for the election.

a) Use of the local application

Anyone connecting to the vote server can download the application enabling the vote. The vote server does not know the identity of the elector at that moment and more generally of the connecting person.

Once the choice is made, the local application seals the ballot paper, i.e. the ballot paper is coded. It is important to notice here that the coding (sealing) is performed locally without any connection to the server. The server cannot “spy” the elector and record his choice.

Once the ballot paper is sealed, the user can audit it in order to check that the coding was performed correctly. In this purpose, he is invited to connect to a third independent site, and to supply his ballot document in clear and the coding he got. The third party codes the ballot document transmitted in clear and compares the result with the coded ballot paper transmitted by the user. It is clear that this paper cannot be used to vote any more (as its content was revealed to the third party). Nevertheless, it the result of the comparison is positive, the user is confirmed the coding operation does not modify the choice of the user.

b) Dispatch of the sealed ballot paper

A the end of the process, all the information related to the choice of the user are erased from his computer and the vote application asks the user to introduce his ballot identification in order to dispatch his sealed ballot paper to the server. It is only then that a new connection to the vote server is made. The server then validates the ballot identification and records the sealed ballot paper.

It is to be noted that the vote software is not compulsory to submit a vote. Indeed, anyone can connect to the server and transmit a ballot paper together with his ballot identification. It is perfectly conceivable that a user who do not trust the application decides to create his own sealed ballot paper (with a proper use of cryptography and the public keys of the election). In this case, the vote server accepts the ballot paper at the sole condition that the elector supplies a valid identification.