After the end of the Swiss Post #evoting PIT the list of (current?) accepted vulnerabilities is incredibly underwhelming: onlinevote-pit.ch/stats/

Especially considering Swiss Post keep wanting to (inconsistently) associate our findings with the PIT.

It will be interesting to see how the next few weeks (months?) play out. I don't believe any specific timelines have been specified? At the moment this still has the aura of a publicity stunt that backfired.

As a brief reminder of the state of that source code:

https://twitter.com/SarahJamieLewis/status/1110214600119586816

If I was Swiss Post I would be having a lot of intense conversations with their supplier right now regarding the quality and security of the codebase they were sold.

(Do we know how much money that was? Last I checked it hadn't been disclosed.)

Can we review some interesting facts? Swiss Post scheduled the end of their PIT for the same weekend as the NSW election. The NSW elections use iVote which uses (part) of the Scytl code base.

NSWEC had to address 2 critical issues in the code base during an election cycle.

One the one hand this meant that 2 potential mechanisms for voting fraud were uncovered (one NSWEC has claimed doesn't impact them, though they've been cagey as to how).

On the other hand...wow that's an interesting time to plan a PIT for.

Either SwissPost knew that there was the potential for bugs to be uncovered in the Swiss system that would also impact the NSW system...which calls into question the competence of the timing.

OR...they didn't know...which calls into question the competence of Swiss Post.

And that's like the tiniest question in a whole series of questions that this whole process raises. The most important being: what on earth are Swiss Post (and Switzerland) going to do now?

My vote would be for a public inquiry, but I don't get a vote (at least officially...)

If there was an inquiry, here are the questions I have:

* How many reviews did this system go through prior to the source code "release"
* When was the Shuffle Proof trapdoor found initially (2017? by who?)
* Why was the Shuffle Proof trapdoor not fixed if it was found

* Why didn't any of the previous audits identify the ZKP malleability issue?
* Why didn't any of the previous audits identify the use of a non-collision-resistant hash function in the ZKP implementation?
* Why was non-Swiss ZKP code released as part of the Swiss code base?

* What review / testing do the ZKP implementations go through prior to use?
* How much code does the Swiss system share with iVote?
* Why was the PIT scheduled to occur during an election using iVote?
* Did Swiss Post know that iVote shared much of the same code?

* How many prior (non-swiss) elections used code that contained ZKP implementations with critical issues?
* If this code has been reworked, can we see previous implementations of these ZKPs?

What was reported in the previous audits by KPMG and others?
Were those findings acted upon?
Considering that it has been reported by Swiss Post that Scytl did not act upon a previous discovery of the Shuffle Proof issue what mechanisms failed to catch that inaction?

What processes are being put in place by Scytl and Swiss Post to ensure that other critical issues are found, that new critical issues are caught by audit processes, and that audit findings are sufficiently acted upon?

Why did NSWEC responded to our private disclosure request via a public press release prior?
Why are they so confident that the Decryption Proof issue doesn't impact them when they felt the need to emergency patch their system when the Shuffle Proof issue was discovered?

How did the ZKP implementation issues (non collision resistant hash function / proof malleability) come to exist?
Was this a naive implementation? Are there in-house review processes to catch such issues? (If there are then why did they fail? Otherwise, why didn't they exist?)

These are just the questions I have on the top of my head while petting a sleepy kitten laying in bed on a chill Tuesday. I'm sure dedicated experts and law makers could come up with dozens more.

This is the security of national elections we are talking about.

Public answers to these questions are the *minimum* amount of review I would expect from Swiss Post / Scytl to justify any further involvement in evoting. Without answers to these questions I can't see how they can be trusted to deliver secure elections.

Hell, I would add that requirement onto NSWEC and every other election authority using a variation of the Scytl system (of course who they are and in what capacity is an unknown at this point in time)

This is, quite simply, a complete clusterfuck.

I have researched dark web drug dealers/harm reduction/cryptocurrencies, underground sex work and queer populations and anonymous sex tech among many other "controversial" subjects.

Evoting is, by far, the most opaque, convoluted meta-system I've every encountered.

It's not even close and that should be terrifying for anyone, in any country, that has adopted any form of evoting.

I have some more thoughts brewing in my head but they probably deserve a medium with a longer form, and I'd like to see how Scytl and Swiss Post (and others) progress over the next few days/weeks.

These questions aren't going away though.