Skip to content

Deliver pseudonyms to a list of e-mails and collect the votes on a public bulletin board

License

Notifications You must be signed in to change notification settings

infoaed/pseudovote

Repository files navigation

Pseudovote

Simple voting machine providing privacy preserving yet auditable polls/elections on the Internet. Making use of e-mail, pseudonymity and public bulletin boards, voting takes place as a three step process:

  1. Deliver dedicated pseudonyms to a list of e-mails;
  2. Collect the votes on a public bulletin board;
  3. Count the result in a reasonably secret ballot.

The voter is provided immediate auditability of the ballot box by submitting a pseudonymous ballot on a public bulletin board registering/displaying incoming votes from other voters in real time. Ideally pseudonyms should be delivered to voters by a separate service, but for most practical cases and educational use you can trust the web service at Pseudovote.net to deliver them for you.

Pseudovote implements a variation of a "more sophisticated" protocol from "End-end-verifiability" by Benaloh et al (2015). Full source code of the service is disclosed according to its AGPL license and more details can be found on documentation pages.

Running your own

1. Download the source code

git clone https://github.com/infoaed/pseudovote.git
cd pseudovote
pip install -r requirements.txt

2. Set up the database

sudo apt install postgresql
sudo -u postgres psql < database.sql

3. Run the bulletin board

uvicorn pseudovote.service:app

The web service should be running at localhost:8000.

If you prefer running a container, you get the same result by executing docker compose up after downloading the source code.

Auditable polls on Internet

It gets complicated very quickly. Usually you just trust a service to run a poll for you, but not so much for citizens' assemblies, shareholder meetings etc. At a certain point people feel they need some proofs and transparency. Like we have using the paper ballots.

You will be told there is proof, but you have to know mathematics. After researching into options you end up choosing even more expensive service to trust, but still don't have much of a proof. For most of us the cryptography behind state of art voting systems is too complicated to understand.

Pseudovote helps to take the opposite route, building on e-mail and pseudonyms -- well known tools already from the early days of Internet. Collecting pseudonymous ballots on a public bulletin board is an addition you might still need to get used to. But it is probably closest you get to collecting pieces of paper in a transparent ballot box.

By providing only a core end-to-end auditable process, the voting commission has to work out trust assumptions specific to a particular vote.

Oldest and most experienced online communities tend to conduct their elections in a similar manner.

There is a write-up explaining the historical context of the project and slides from a 2020 presentation for a local computer security crowd.

In real life

Preliminary forms of Pseudovote have been used at:

Initial experiments have indeed resulted in an educational yet fully functional web service demonstrating the process conceived at Uduloor.