The subject matter of the invention is a method of security and verifiability of an electronic vote.
Electronic voting systems may be subject to problems of security, especially regarding the integrity and truthfulness of the voting data.
Electronic voting systems are known which are based on software using an encryption system of RSA type by a module or a program based on Java language. However, with such systems, the encryption and the transmission of the voting ballot are done solely by the computer means used by the voter, for example, on the computer of the voter. Moreover, with such systems, the same encryption keys are used for each voter. In particular, the encrypted voting ballot is sent directly to a host database, a virtual ballot box, and no check is made for the integrity of the data and thus the truthfulness of the data. Thus, these systems are potentially vulnerable, especially to the modification of the programs or the modules inspired by Java language and to an interception and manipulation of a “html” component of the Internet page of the voting ballot.
Moreover, an electronic voting system should meet the needs of the Commission Nationale de l'Informatique et des Libertés (National Commission of Information and Freedoms, CNIL) which advocates in particular that the voting ballots be encrypted in uninterrupted fashion, which requires the use of software embedded on the web browser, but also meet the needs of the Agence Nationale de la Sécurité et des Systèmes d'Information (National Agency of Information Security and Systems, ANSSI) which recommends avoiding the use of lightweight applications such as Java applications on Internet browsers to manage the security of transactions. An electronic voting system should likewise conform to the security references of the OWASP (Open Web Application Security Project) Top Ten 2013.