OVERVIEW
VoteOmatic is a secure electronic voting system (SAE S3.B.01 project) developed by a team of 5 students. It is a client-server web application implementing end-to-end encrypted voting with ElGamal homomorphic encryption. The system allows votes to be aggregated without individual decryption, preserving voter anonymity while ensuring vote integrity through DDH (Decisional Diffie-Hellman) zero-knowledge proofs. The application features three distinct user roles: Administrator (creates accounts and referendums), Scrutateur (key holder who generates encryption keys and decrypts results), and Elector (casts encrypted votes). Built as a multi-module Maven project with Docker containerization for easy deployment.
TECHNOLOGIES
KEY FEATURES
- ElGamal homomorphic encryption for end-to-end secure voting
- DDH (Decisional Diffie-Hellman) zero-knowledge proofs ensuring valid votes (0 or 1) without revealing content
- Homomorphic vote aggregation - server never sees individual votes
- Three-tier role-based access: Administrator, Scrutateur, and Elector
- AES-256 encryption for private key storage
- BCrypt password hashing with configurable entropy requirements
- Multi-module Maven architecture (lib, serveur, web-app)
- Spring Boot 3.3.5 web interface with Thymeleaf templates
- Docker Compose orchestration with MariaDB database
- SSL/TLS secure communication between all components
- POSIX signal handling with 20+ signal handlers
- Comprehensive test suite with 20+ test classes
CHALLENGES & SOLUTIONS
Implementing ElGamal homomorphic encryption correctly required deep understanding of modular arithmetic, safe prime generation, and ciphertext multiplication for vote aggregation.
Designing the DDH zero-knowledge proof system to verify votes are binary (0 or 1) without revealing the actual vote value demanded careful cryptographic protocol implementation.
Building a secure key management system where Scrutateurs generate and store private keys encrypted with passwords, while distributing only public keys to the server.
Managing the multi-module Maven project structure with proper dependency injection between cryptographic library, server application, and web interface.
Implementing POSIX signal handling for graceful server shutdown and administrative operations in a Linux environment.
CRYPTOGRAPHIC ARCHITECTURE
The system implements production-grade cryptography using ElGamal encryption with homomorphic properties. When a voter casts a vote, it is encrypted using the public key and sent to the server along with a DDH proof. The server verifies the proof to ensure the vote is either 0 or 1 without learning the actual value. Votes are aggregated homomorphically by multiplying ciphertexts together. Only after the referendum deadline does the Scrutateur decrypt the final aggregated result, ensuring complete voter anonymity.
TEAM & DEVELOPMENT
Developed by a team of 5 students: Michiel Kelian, Gouby Samuel, Fillol Julien, Robin Alexis, and Challias Evan. The project was completed as part of SAE S3.B.01 curriculum. I contributed primarily to the cryptographic library implementation, including the ElGamal encryption/decryption logic, DDH proof generation and verification, and key pair management systems. The project demonstrates production-ready cryptography and secure software engineering practices.
SYSTEM ARCHITECTURE
Multi-module Maven project with three main components: (1) lib/ - Core cryptographic library with ElGamal, DDH proofs, AES-256 key encryption, and 20+ test classes. (2) serveur/ - Vote aggregation server running on port 1337 with MariaDB database, handling client connections, vote verification, and homomorphic aggregation. (3) web-app/ - Spring Boot web interface on port 8080 with Thymeleaf templates for the three user roles. All components containerized with Docker Compose for easy deployment.
LICENSE & OPEN SOURCE
Released under GNU Affero General Public License v3.0 (AGPL-3.0). The complete source code is available on GitHub including comprehensive documentation, Docker configuration, database schemas, and build scripts. The repository includes an interactive launch script (launch_app.sh) for easy setup and deployment.