Analysis with @SarahJamieLewis and Olivier Pereira of the SwissPost-Scytl e-voting system. people.eng.unimelb.edu.au/vjteague/Swiss… The code uses a trapdoor commitment scheme, so it is possible for an authority to provide a proof of a correct election outcome while actually manipulating votes.

This is exactly what verifiability is meant to prevent. They say they have now fixed it, but without an open public process for examining the code, we can't be sure whether other similar issues remain, or whether other Internet voting systems such as NSW iVote are also affected.

Nothing in our analysis suggests this problem was introduced deliberately. It is entirely consistent with a naive implementation of a complex cryptographic protocol by well-intentioned people who lacked a full understanding of its security assumptions & other important details.

Of course, if someone did want to introduce an opportunity for manipulation, the best method would be one that could be explained away as an accident if it was found. We simply do not see any evidence either way.

More details in the paper people.eng.unimelb.edu.au/vjteague/Unive… in Olivier Pereira's blog decryptage.be/2019/03/svote or @SarahJamieLewis on Twitter.

Wait a minute. SwissPosts's press release (post.ch/en/about-us/co…) says this "was already identified in 2017. However, the correction was not made in full by the technology partner Scytl." But we're supposed to trust they'll fix it in time for the NSW election? @SarahJamieLewis