This is a simple static website that can be hosted to conduct small scale election within closed groups. This system provides two features:
- voters would know that their vote was counted in the right place
- voting would be anonymous
This relies on asymmetric encryption. Let’s first look at the process from user’s perspective without any implementation details.
- A host conducts the election
- he first generates a key
- and enters the list of candidates
- then share a link to the voting page to the voters
- Voters open the voting page
- then generate a random keyword
- select one of the candidates
3 finally generate a token that is then sent to the host
- host enters all the tokens from the voters and finally votes are aggregated.
The result shows the voters keywords alongside the candidate. So, an individual voter knows that his vote is counted at the right place. And since an individual’s keyword is known to only him, noone else knows who voted whom.
Now lets look at the technical aspects corresponding to each step above:
- Host conducting the election should screenshare his page all the time, so that he cannot look at the internal variables and private key.
- Host first generates a pair of private key and public key. Private key is stored in memory (and is hidden), while the public key is shared to everyone.
- The public link has the public key and the candidate list stored in its url in json encoded form.
- Voters open the public link. So, the voter’s page knows the public key and the candidate list
- random keyword of three words is generated from a bag of ~1000 words implying very low collision possibilities in case of small elections
- token is generated by encrypting a json string containing the keyword, selected candidate name and a 16 characters long randomly generated password which is not shown to anyone. So, each time the token is generated it is random. Using a randomly generated password is necessary because otherwise anyone with the public link can generate tokens for each combination of keyword (which is known at the end of election) and candidate. And then match the resulting token with the token shared by the user to the host.
- all tokens are checked for validness and if any invalid token is found it is highlighted, and the results are not shown until all tokens are valid. the final list of tokens is shuffled to prevent any correlation with the order of entry of tokens with the final result list.
- verify that the url of host is https://bpanthi977.github.io/election/
- check all the intructions and notes on the webpage
- make sure the keys are freshly generated at the start of election
- make sure all students have submitted the token
- make sure that the host doesn’t go offline or disconnects and reconnected during the whole process.
- copy and paste the token correctly
jsbn library by Tom Wu is used. This library provides RSA encryption algorithm for js.
JS files of the library were downloaded from following urls:
- http://www-cs-students.stanford.edu/~tjw/jsbn/jsbn.js
- http://www-cs-students.stanford.edu/~tjw/jsbn/jsbn2.js
- http://www-cs-students.stanford.edu/~tjw/jsbn/prng4.js
- http://www-cs-students.stanford.edu/~tjw/jsbn/rng.js
- http://www-cs-students.stanford.edu/~tjw/jsbn/rsa.js
- http://www-cs-students.stanford.edu/~tjw/jsbn/rsa2.js