Frequently Asked Questions

Last update: Feb 23th, 2007

General Questions

  1. What is Adder?
  2. Isn't paper-based voting good enough?
  3. But isn't Internet voting inherently insecure?
  4. How does Adder compare to other free e-voting systems?
  5. I like paper-based voting because I understand how it works. Isn't e-voting complicated?
  6. How does Adder handle user authentication?
  7. What happens if the main server is compromised?
  8. What if there is a virus on my computer? How do I know it doesn't modify my vote before it is cast?
  9. What's with the snake?

General Questions

What is Adder?

Adder is a Web-based electronic voting system. It allows both large-scale and small-scale elections, and provides strong cryptographic mechanisms to ensure the privacy and integrity of elections. Voting is done through a browser plug-in, and implementations are provided for both Mozilla and Internet Explorer.

Isn't paper-based voting good enough?

Paper-based voting has been sufficient for many years, but the potential benefits of e-voting are numerous. For instance:

Nonetheless, e-voting should not be used simply because it is "new." It is important to weigh all of the risks involved in replacing an existing system. The Adder project can serve as a testbed to evaluate the robustness of e-voting systems.

But, isn't electronic voting inherently insecure?

This is a complicated issue. Many existing electronic voting systems have given e-voting a bad reputation (e.g., by having bad interfaces, lack of audit trails, or by using cryptography incorrectly or not at all). The Adder system provides strong integrity and privacy for an Internet-based voting system. We invite you to explore this site more, and read about the security features that Adder provides.

How does Adder compare to other free e-voting systems?

Adder is the only free and open source e-voting system based on state-of-the-art cryptographic primitives.

I like paper-based voting because I understand how it works. Isn't e-voting complicated?

It is a valid concern that computer-based systems are more complex. Voters should have the ability to understand exactly how their votes are cast and tallied, and nothing is simpler in this regard than paper-based ballots. However, strong security does require a higher level of complexity. We feel that because our system is in the open, and all of our source code is available for public scrutiny and testing, users should feel confident that we are not holding any secrets. The system can be independently installed and operated.

How does Adder handle user authentication?

At present, user authentication is handled by a simple username/password scheme. In the future, this will be replaced by a designated authentication server, which will assign digitally signed tokens to valid users. These tokens will identify users to the main server, who will give them permission to act accordingly.

What happens if the main server is compromised?

We have designed Adder in such a way that no attack can occur on the main server that successfully violates user privacy or manipulates the result of the election, unless the whole database is corrupted. All voters' ballots remain encrypted throughout the entire procedure; only the sum is decrypted. Therefore, the plaintext version of a vote can never be associated with an individual voter. Additionally, the cryptography used by Adder prevents changing the result of an election, as the tallying can be duplicated by any third party.

That being said, it is possible for an attacker to launch a more conventional, non-cryptographic attack on Adder. For instance, it is difficult to prevent denial-of-service attacks, or cases where the server is cracked into and shut down. These attacks are not the present focus of the Adder project, and they apply to all systems that are connected to the Internet.

What if there is a virus on my computer? How do I know it doesn't modify my vote before it is cast?

In truth, you don't know that a virus won't modify your vote. In high-security elections (e.g., Presidential elections), it would be terribly insecure to run Adder clients on home PCs. Such machines would need to be installed at designated locations, much like existing voting machines, and certified by security experts. In elections that require slightly less security (e.g., local governmental elections), it would be feasible to distribute custom boot CDs that, when inserted into a PC, would reboot the machine into a secure operating system. Then, voting could be performed, without any influence of other software that might be installed on the machine. In casual elections (e.g., company-wide elections), users might be comfortable with the relatively minor risk of malicious software, and could use their existing PCs and Web browsers.

What's with the snake?

The snake is an adder, and our system adds votes. This is also why we call it Adder. Get it?