-
Notifications
You must be signed in to change notification settings - Fork 4
GSoC 2015 Ideas
See also: GSoc Instructions
These ideas were contributed by our developers and users. They are sometimes vague or incomplete. If you wish to submit a proposal based on these ideas, you may wish to contact the developers and find out more about the particular suggestion you're looking at. You can learn more on how to participate on Google Summer of code on the GSoC Instructions wiki page.
Being accepted as a Google Summer of Code student is quite competitive. Accepted students typically have researched the technologies of their proposed project and have been contact with potential mentors. Simply copying and pasting an idea here will not work. On the other hand, creating a completely new idea without first consulting potential mentors is unlikely to work out.
If there is no specific contact given you can ask questions on the Agora Voting mailing list [email protected] or the IRC Channel.
Follow the template of other proposals!
Brief explanation:
Expected results:
Dependencies
Knowledge Prerequisite:
Difficulty
Mentor:
This is a list of the most software modules that compose Agora Voting.
The authapi is an isolated server-side component that provides authentication and authorization primitives. It's is completely decoupled from agora-core, and it's ignorant of concepts like "election", "vote" or "agora", even though its primarily developed with Agora voting use-case in mind. It can be used for other services, completely unrelated to elections. Authorization is provided using an Access Control Lists (ACLs) mechanism. The technology behind the AuthApi is python3+django
agora-core-view contais the whole interface for agora v3, and it's developed with Javascript/AngularJS.
agora-elections is the ballot box, receives encrypted votes from agora-core-view and stores. agora-elections is also used to create and start elections, tally calling to the director Authority and publishing the results. agora-elections is written in Scala.
verificatum is the mathematical part, it's written in Java by the cryptographer Douglas Wikström and does the voting tally and all criptographic stuff. verificatum is an open source library that implements a mix-net. This library was used in the 2013 Norwegian parliamentary election. Agora Voting currently uses this mix-net.
election-orchestra orchestrates the authorities servers to create election public-keys and performs the tallying using verificatum for the mix-net and frestq for the communication and orchestration of tasks. election-orchestra is developed with Python.
agora-results processes a tally and given a pipeline it modifies the results. This is useful for example to post-process a tally to:
- resolve tie-breaks (there can be many different algorithms to do that)
- apply egalitarian criteria for men and women (sometimes this is even legaly mandated)
- sort the winners of stv (which by default doesn't sort winners, just elect them)
- other complex post-processing, like using the result of question 1 to select the first winner and then using the results of question 2 to sort the rest of the winners
This software is developed with Python.
agora-airgap allows you to audit a spoiled ballot from Agora Voting. It implements the 'cast or cancel' procedure described on the paper "Ballot Casting Assurance via Voter-Initiated Poll Station Auditing" by Josh Benaloh. It also contains a tool to encrypt the vote within the command line, so that you can create the ballot inside an airgap computer. It is developed with C++.
agora-verifier performs tally and cryptographic verification of the election process, including key generation, shuffling and joint-decryption, using the verificatum library. It is developed with Scala.
The following list of ideas is ordered from Easy to Hard.
Brief explanation: Software deployment can be messy. Different versions of each software module, software upgrades and rollbacks while doing testing and configuration changes make things difficult.
Nix is a a purely-functional package manager. Using NixOs stateless approach for Agora Voting would allow for deterministic builds and packaging, an easier deployment, atomic upgrades and rollbacks while maintaining older versions of the software. It could also be integrated with ansible.
The idea is to create Nix packages for the election authorities that do the tally using election-orchestra and the main server backend (agora-core-view) and virtual ballot box(agora-elections). The use of the functional stateless approach would allow for an easier deployment of Agora Voting for any organization that wants to use it, and deterministic builds that allow to check that the deployment is correct.
Expected results: Nix packages of agora-core-view, agora-elections and election-orchestra, integration of the NixOs with the agora-dev-box project
Dependencies agora-core-view, agora-elections, election orchestra
Knowledge Prerequisite: Previous experience use of packaging systems and perhaps creation of packages for a packaging system, and basic knowledge of Linux
Difficulty Easy
Mentor: Félix Robles (felrobelv AT gmail DOT com)
Brief explanation: Agora Voting puts the emphasis on secure and verifiable votings. The agora-audit tool that is part of agora-airgap is used to audit a spoiled ballot with the 'cast or cancel' procedure. When you are about to emit your vote, you are given the option to spoil the ballot, in which case the auditable ballot is shown to the user. This auditable ballot can be audited on another secure computer using the agora-audit tool.
The idea is to enable the setup of a secure computer for using the agora audit tool developing a number of scripts to build, install and configure agora-audit (which is part of agora-airgap) on seL4. seL4 is an OS that is proved secure in a very strong sense by using formal verification, and therefore using agora-audit on seL4 would achieve the objective of running it on a secure computer.
Expected results: Scripts that allow to compile and execute agora-airgap on seL4
Dependencies agora-airgap
Knowledge Prerequisite: some knowledge of C++, some experience with Makefiles would prove useful to compile agora-airgap, and Bash or Python for the scripting
Difficulty Easy
Mentor: Félix Robles (felrobelv AT gmail DOT com)
Brief explanation: In our experience it is often that organizations need to add new options that they forgot to add on an on-going election. Right now this is done manually, the idea is to implement an interface to make this option easier.
Agora-core-view is the backend that serves the webpages, including the election admin webpages and therefore the web interface would be created there. Administration of the database is done via agora-elections so agora-elections would receive the command to add new voting options to the on-going election db.
Expected results: The possibility to add a new voting option on an on-going election through an interface served by agora-core-view, being the command accepted and processed by agora-elections
Dependencies agora-elections, agora-core-view
Knowledge Prerequisite: Javascript for the web interface in agora-core-view and Scala for the db update in agora-elections
Difficulty Easy
Mentor: Félix Robles (felrobelv AT gmail DOT com)
Brief explanation: Agora Voting v3 doesn't have vote delegation support yet, but the secure voting scheme allows vote delegation and v2 had vote delegation support.
At the conceptual/tally level, adding vote delegation support means that for each election there will be two different votings and tallys, this article explains how it works. Adding vote delegation support is not trivial because it involves modifications in several modules of Agora Voting. Because the large extent of the work needed to implement vote delegation, this project idea deals exclusively with implementing the web interface changes needed to support vote delegation. It does not deal with any database changes and it doesn't deal with changes in the tally process (like having to do two tallies) and it does not deal with the work to support verification of that tally process.
agora-core-view would need to be modified to add the a view to delegate into someone, another view for the option to become a delegate themselves (a user could create a number of different delegate profiles), and the option for election admins to allow vote delegation. These views are not expected to do any real work, they will work as mockup interfaces calling void placeholder functions.
Expected results: The option of vote delegation for a given election on Agora Voting v3 interface on agora-core-view
Dependencies agora-core-view
Knowledge Prerequisite: Javascript, AngularJS, CSS
Difficulty Easy
Mentors: Daniel García (danigm AT agoravoting DOT com)
Brief explanation: The present way of voting with a mobile phone is via a webpage. All the html/javascript webpages served by the agora-core-view can be packaged into a mobile (Android or iOs) app, so that the user doesn't need to download those webpages each time is going to vote, and the interface could be adapted and enhanced to be more mobile friendly. There are different approaches to create an App from javascript code, for example for Android you could use Webview to display a webpage, PhoneGap allows you to create html/javascript-based multiplatform mobile Apps, and Rhino is a javascript engine written in Java.
Expected results: A mobile (Android or iOs) app to vote, packaging the webpages presently served by agora-core-view
Dependencies agora-core-view
Knowledge Prerequisite: Some experience with Javascript/html/CSS and previous experience with creating some App for Android or iOs would be advisable
Difficulty Medium
Mentor: Daniel García (danigm AT agoravoting DOT com)
Brief explanation: As of now there are two ways of generating a vote: through the web with a javascript based software and with the command line program agora-airgap. The idea is to install agora-airgap on an Open Hardware FPGA-based OpenRISC airgap computer to generate the encrypted ballot in the airgap computer and modify the agora-core-view interface to be able to cast a ballot generated in another computer (the airgap computer). That way the airgap computer could be considered a voting machine.
The student would not need an actual FPGA (although there are cheap FPGAs), as Linux can be run on a virtual OpenRISC computer simulator and there are some scripts to do it already. Some work needs to be done to update the scripts and compile and run agora-airgap in the OpenRISC simulator. Then an option with a new view would need to be added to the agora-core-view project, so that voters can cast encrypted ballot generated in another computer.
Expected results: An option on Agora Voting v3 to cast a ballot generated in another computer, and updating agora-airgap to be able to generate votes on an OpenRISC simulator
Dependencies agora-airgap, agora-core-view
Knowledge Prerequisite: Javascript, C++, experience developing for Linux
Difficulty Medium
Mentor: Félix Robles (felrobelv AT gmail DOT com)
Brief explanation: Add a pair-wise comparison voting system, like in the all-our-ideas webpage. The voter has to choose preference between two randomly chosen voting options.
The interface changes have to be implemented on agora-core-view, adding this new type election as an option for the elections admins, and a new view for the voter for this type of election. Some small changes would need to be done on agora-elections so that it properly calls election-orchestra's tally for this new kind of election. Finally, agora-results needs to be modified as the election results for this type of voting is not a direct result of the tally.
Expected results: The interface for a pairwise comparison voting in agora-core-view, and the modifications needed on agora-elections and agora-results to do the tally for that type of voting
Dependencies agora-core-view, agora-elections, agora-results
Knowledge Prerequisite: Scala, Javascript, Python
Difficulty Medium
Mentor: Félix Robles (felrobelv AT gmail DOT com)
Brief explanation: New voting systems and authentication methods can be added. Possible voting systems: Condorcet voting, STV (Single Transferable Vote), SNTV (Single Non-Transferable Vote), Borda count, Bucklin system, Coombs method, Approval voting. Possible authentication methods: DNI (spanish national electronic identity card), FNMT (spanish government's certificate), multiple at once, etc
Agora Voting is quite modular now so in order to add a new voting (counting) system or to add a new authentication method you would only to modify one or two projects. The voting system would be added into agora-results, which translates the votes each option received into the results (the seats each option received). To add a new voting system agora-core-view would also need to be modified, but only to add the name of the new voting system to the dropdown list of voting systems for an election.
To add a new authentication method only authapi needs to be modified. Authapi is designed to be easy to add new python modules for the new authentication methods.
Expected results: New voting systems and/or authentication methods added to Agora Voting
Dependencies authapi,agora-results, agora-core-view
Knowledge Prerequisite: Python would be used for adding new authentication methods (authapi). Adding new voting systems needs the use of Python for agora-results and just a bit of Javascript on agora-core-view
Difficulty Medium
Mentor: Daniel García (danigm AT agoravoting DOT com)
Brief explanation: The election-orchestra replacement would work in a similar way: it would be installed in a number of different servers which are the authorities for a given election. It receives as input all the encrypted ballots and the output is the number of votes each option has received, which is the tally. The software does all the intermediate steps, which involves communication between the different authorities, a number of different re-encryptions of the ballots, and the publishing of each intermediate step for them to be auditable. The tally process starts with a call from agora-elections.
election-orchestra presently hardcodes one election authority/server as the director of the tally process, the replacement software would use a distributed scheduling algorithm to eliminate the possibility of a single point of failure event and determine which authority will be the director of the tally process. The software should probably be developed with Java or Scala as the mix-net library Verificatum is written in Java.
Expected results: An election tally orchestration software that allows any authority to be the director of the tally process.
Dependencies verificatum [election-orchestra],(https://github.com/agoravoting/election-orchestra)
Knowledge Prerequisite: Knowledge of Java or Scala, understanding of communication protocols and the basics of scheduling
Difficulty Hard
Mentor: Félix Robles (felrobelv AT gmail DOT com)
Brief explanation: As of now only one server of agora-elections can receive the ballots for a given election. This can be considered a possible single point of failure. To avoid this, agora-elections should become a distributed system running on a number of different servers. Each server would be able to accept encrypted ballots. To coordinate and agree on which ballots have been accepted an auditable immutable log with a merkle tree would be used, and every server would need to maintain a copy of the database.
Expected results: A distributed version of agora-elections that allows all servers to securely and consistently collect ballots, using an immutable log
Dependencies agora elections
Knowledge Prerequisite: Understanding of public key cryptographic and communication systems, Java/Scala or Python depending on implementation
Difficulty Hard
Mentor: Daniel García (danigm AT agoravoting DOT com)
Brief explanation: In the present, if someone impersonates your vote, you can detect that your vote is not in the tally, but you cannot it demonstrate to others. This would be solved if the encrypted ballots are signed both by the voter and the ballot-box server, which would add dispute-freeness to the properties of the Agora Voting system.
Votes will be signed by the client with an anoymous credential (a certificate signed by the census authority) and by the ballot-box server (agora-elections). The census authority would then be able to create client credentials/votes revocation lists (signed by ballotbox server), so that if vote fraud is detected the pertinent client certificates can be revoked. authapi would give the credential to agora-core-view, which in collaboration with agora-elections would create the ballot signed by both parties.
Expected results:
- votes signed by the ballotbox server, with external timestamp server signature
- votes signed by the client with anonymous credential
- client credentials/votes revocation lists (signed by ballotbox server)
Dependencies agora-elections, agora-core-view, election orchestra
Knowledge Prerequisite: Understanding of public key cryptographic systems, Scala, Python, Javascript
Difficulty Hard
Mentor: Félix Robles (felrobelv AT gmail DOT com)