Cryptographically Secure Anonymous Elections in Perl

Jan-Pieter Cornet
XS4ALL Internet B.V.


XS4ALL, the most privacy- and environmentally-sensitive ISP in the Netherlands, held electronic elections for a work council (dutch: ondernemingsraad) among its employees in March 2000. Obviously, a password-protected web form was by far not anonymous enough, and paper was wasting too much trees, so a perl program was developed that allowed the participants to hold secure anonymous electronic elections, using a cryptographic blinding algorithm.

This talk will briefly outline the anonymous voting algorithm, illustrated by a live example session, and will then quickly move on to the actual source used. One of the highlights of the program walk-through will be the module that contains various useful crypto functions, which I dubbed ModToolkit for lack of any better name. Other features addressed in the talk will be the implementation of the client/server protocol, some of the security implementations, and some of the shortcuts used.

Finally, the electronic voting process as it actually took place will be discussed. Full source code for this project is available on the web, although large parts of it are copied verbatim from two highly recommended books on crypto and algorithms in perl.