It is not recommended to use IglooVote if you are organizing a poll with sporadic voters. Due to the distributed nature of IglooVote system, these users could lose their patience waiting other users to connect.
In the other side, IglooVote is a good option if your election is confined to a narrow period of time or if there are thousands of voters per day.
Why do voters need to wait for other voters to be connected?
The security of the system relies on partitioning the electoral process into small clusters. The nodes of a cluster need to exchange information in real time, so they have to be connected to each other.
Why does it need some minutes to cast my vote?
The security of the system relies on the interconnection of several voters. Each voter makes use of an algorithm that supervises the process. It's the common work of all these algorithms what guarantees the desired properties of the process. These algorithms have to exchange a quite high number of messages to guarantee such properties.
Can't my vote be deduced if results are published in small groups?
Results don't need to be published in small groups. Internally the algorithm could work connecting small groups of voters, but the published result can be joined with the result of other groups without losing any security guarantee. You have to consider also that if only one vote is distinct than yours there is no way to prove what you voted. Someone could suspect what you voted but he could not prove it. In the same way anybody can actually suspect what you vote, be right with high probability, but he can't prove it. But as we say, it's not even necessary to think that, given that your results could be published mixed with so many voters as you want. There is only the limitation that as more people you want to mix your vote with, more time could it take to cast your vote, and more voters who accept to wait so long as you, need to be connected. In many cases, joining votes of distinct groups doesn't even need to be considered at all as the number of vote options are limited to 2 or 3 options and there is no risk of extracting information from partial results. In future versions you will be able to select with parameters what minimal measures you want to be taken for casting your vote.
What does it mean that security is guaranteed algorithmically?
It means that no human intervention is needed to guarantee it and so, that no one could violate it (voluntarily or involuntarily). Security relies on algorithms mathematically demonstrated as secure.
How do you authenticate voters?
There are many ways to authenticate a voter depending on the level of security you want to achieve. It's not a different problem than authenticating users in banking applications or applications for communications with government agencies. Some authentication mecanisms are: providing voters a unique id and password, with a smart card, with biometric measures, mobile phone SMS and matrix cards. You can even use a two-step authentication making use of more than one of these methods.
How do you guarantee that votes can't be lost?
Once all nodes of a cluster have voted, the result is stored by every node of the cluster plus our server or the servers where every voter decides to store it. So, there are two possible cases: 1) the cluster does not end all the process and so the result is not signed by all voters and so all voters need to start again, 2) the voting process is completed and so the result is stored by every node plus the server in different physical places.
Are the cryptographic algorithms used secure?
What about side channel attacks?
There is no known risk of side channel attack through a large scale network. Given the unfeasibility of physical contact, the only theoretically possible side channel attack would be a timing attack, but there exist known counter-measures against this sort of attacks that make this attack non-viable.
If I have to connect my PC to other PCs, doesn't it suppose a security risk as I am exposing my IP?
You connect to other voters through an intermediary node that doesn't reveal your IP. All messages between nodes are encrypted and signed to guarantee secrecy and unviolability of the system, even if the intermediary node was corrupted.
How do you solve the risk of viruses or malware altering the proper operation of the code?
This is a real threat for EVERY e-voting solution. BUT it's a very expensive attack AND for it to be effective it should be undetected. If it's detected, attackers would have expent a lot of money for nothing, given that the election would be cancelled and restarted. A massive attack like this one could very unlikely be undetected. To increase chances of being undetected it should start the same day of the election, having only one day to propagate. Usually viruses of this type need months or years to propagate effectively. The faster they propagate, the easier they are to detect.
Igloovote statistical verifiability increases the security in relation to other e-voting solutions. Even if the attack is effective and undetected by security audits, it would be statistically detected with our verification system.
You can use an app installed on a smartphone, where every application has its own protected resources and there aren't known massive security threats.