glondu / belenios

Verifiable online voting system. This is a mirror of https://gitlab.inria.fr/belenios/belenios
https://www.belenios.org
GNU Affero General Public License v3.0
133 stars 21 forks source link

Provide self-contained downloadable report #74

Open ojob opened 1 year ago

ojob commented 1 year ago

Hello, Thanks a lot for this project! The background and research is appealing, and the need for an strong open-source solution is here. Indeed, I was looking for such a solution for my company, where we seldom need an online confidential voting solution.

Briefly put, we could not use Belenios, as I could not find a way to generate a poll report, that would be self-contained, with:

The idea behind is to be able to archive this report, as a sole proof that:

  1. the poll took place, including tracing the voters,
  2. the voters ballots are taken into account,
  3. the counts are correct.

Did I miss something? Is this feature already considered?

Best Regards,

glondu commented 1 year ago

When the election is archived (which is one week after tally), the administrator can download an archive. Did you notice it?

glondu commented 1 year ago

Note that the matching between each voters and their ballot fingerprint is not exported by design.

As far as I can tell, the aforementioned archive contains all the other data you're asking for. However, it does lack a report in human-readable form. Such report could be generated from the archive.

There used to be a button to manually archive an election, but it was removed in 35cb75e65db16ed7aad61ca95c2fbab1cf2337e6... Maybe it's worth reintroducing it, with more warnings to avoid people clicking on it by accident?

For now, you can force the archival of an election by using the basic (undocumented) admin UI:

I think your request is about the human-readable report... However, the cryptographic proofs are verbose and I don't see how they could be embedded in such a report. What do you envision?

ojob commented 1 year ago

Hello, Thanks for the feedback! Indeed, my request was twofold:

I see no need for an early archival of the election, the webpage seems sufficient. The archive is for a longer term need.

Does this make sense? Could this be a feasible approach? I may be able to contribute somehow, at least for testing.

glondu commented 1 year ago

Is there any rationale against a set of files, with one metafile summarizing the fingerprints?

The .bel can be downloaded at any time (by e.g. belenios-tool), and a single file is easier to download and handle. Note that this file evolves in an append-only fashion. You can go back and forth between the .bel and the set of files, with tar -xf and belenios-tool archive make. This is done in the monitor_elections.py script.

Does this make sense? Could this be a feasible approach?

Yes. Concerning the cryptographic stuff, I think providing the hash of the Result event (i.e. the last one) in the human-readable report is sufficient, since it encompasses everything.

What I am thinking of is a new belenios-tool (sub-)command that would generate the public report from the .bel file. The report would be made available on the result page, and in the archive.zip file, but anybody could also re-generate it.