Following the publication of the source code in February 2019, researchers have uncovered significant security flaws in the new, completely verifiable, system provided by Swiss Post. One of the security issues relates to individual verifiability and thus to the system already used. As a result, the system was not available for the vote on 19 May 2019.
Subsequently, the Federal Chancellery has announced its intention to review the current situation, including an assessment of the certification and authorization procedures. It has also commissioned an independent review of Swiss Post’s individually verifiable system. Below are the three final reports of the external experts.
Final report Locher, Haenni and Koenig
Members of the e-voting research group at the Bern University of Applied Sciences BFH (Philipp Locher, Rolf Haenni, Reto E. Koenig): analysis of the cryptographic implementation of the Swiss Post voting protocol
Final report Teague and Pereira
Vanessa Teague (The University of Melbourne, Parkville, Australia) and Olivier Pereira (Université catholique de Louvain, Belgium): analysis of the cryptographic protocol and its implementation according to the system specification
Final report Oneconsult
Oneconsult: Review of Swiss Post’s operational security measures