class TestEndToEndElection(TestCase): """ Test a complete simple example of executing an End-to-End encrypted election. In a real world scenario all of these steps would not be completed on the same machine. """ NUMBER_OF_GUARDIANS = 5 QUORUM = 3 REMOVE_OUTPUT = False # Step 0 - Configure Election manifest: Manifest election_builder: ElectionBuilder internal_manifest: InternalManifest context: CiphertextElectionContext constants: ElectionConstants # Step 1 - Key Ceremony mediator: KeyCeremonyMediator guardians: List[Guardian] = [] # Step 2 - Encrypt Votes device: EncryptionDevice encrypter: EncryptionMediator plaintext_ballots: List[PlaintextBallot] ciphertext_ballots: List[CiphertextBallot] = [] # Step 3 - Cast and Spoil ballot_store: DataStore ballot_box: BallotBox # Step 4 - Decrypt Tally ciphertext_tally: CiphertextTally plaintext_tally: PlaintextTally plaintext_spoiled_ballots: Dict[str, PlaintextTally] decryption_mediator: DecryptionMediator # Step 5 - Publish guardian_records: List[GuardianRecord] = [] def test_end_to_end_election(self) -> None: """ Execute the simplified end-to-end test demonstrating each component of the system. """ self.step_0_configure_election() self.step_1_key_ceremony() self.step_2_encrypt_votes() self.step_3_cast_and_spoil() self.step_4_decrypt_tally() self.step_5_publish_and_verify() def step_0_configure_election(self) -> None: """ To conduct an election, load an `Manifest` file """ # Load a pre-configured Election Description # TODO: replace with complex election self.manifest = ElectionFactory().get_simple_manifest_from_file() print(f""" {'-'*40}\n # Election Summary: # Scope: {self.manifest.election_scope_id} # Geopolitical Units: {len(self.manifest.geopolitical_units)} # Parties: {len(self.manifest.parties)} # Candidates: {len(self.manifest.candidates)} # Contests: {len(self.manifest.contests)} # Ballot Styles: {len(self.manifest.ballot_styles)}\n {'-'*40}\n """) self._assert_message( Manifest.is_valid.__qualname__, "Verify that the input election meta-data is well-formed", self.manifest.is_valid(), ) # Create an Election Builder self.election_builder = ElectionBuilder(self.NUMBER_OF_GUARDIANS, self.QUORUM, self.manifest) self._assert_message( ElectionBuilder.__qualname__, f"Created with number_of_guardians: {self.NUMBER_OF_GUARDIANS} quorum: {self.QUORUM}", ) # Move on to the Key Ceremony def step_1_key_ceremony(self) -> None: """ Using the NUMBER_OF_GUARDIANS, generate public-private keypairs and share representations of those keys with QUORUM of other Guardians. Then, combine the public election keys to make a joint election key that is used to encrypt ballots """ # Setup Guardians for i in range(self.NUMBER_OF_GUARDIANS): self.guardians.append( Guardian( "guardian_" + str(i + 1), i + 1, self.NUMBER_OF_GUARDIANS, self.QUORUM, )) # Setup Mediator self.mediator = KeyCeremonyMediator("mediator_1", self.guardians[0].ceremony_details) # ROUND 1: Public Key Sharing # Announce for guardian in self.guardians: self.mediator.announce(guardian.share_public_keys()) # Share Keys for guardian in self.guardians: announced_keys = self.mediator.share_announced() for key_set in announced_keys: if guardian.id is not key_set.election.owner_id: guardian.save_guardian_public_keys(key_set) self._assert_message( KeyCeremonyMediator.all_guardians_announced.__qualname__, "Confirms all guardians have shared their public keys", self.mediator.all_guardians_announced(), ) # ROUND 2: Election Partial Key Backup Sharing # Share Backups for sending_guardian in self.guardians: sending_guardian.generate_election_partial_key_backups( identity_auxiliary_encrypt) backups = [] for designated_guardian in self.guardians: if designated_guardian.id != sending_guardian.id: backups.append( sending_guardian.share_election_partial_key_backup( designated_guardian.id)) self.mediator.receive_backups(backups) self._assert_message( KeyCeremonyMediator.receive_backups.__qualname__, "Receive election partial key backups from key owning guardian", len(backups) == NUMBER_OF_GUARDIANS - 1, ) self._assert_message( KeyCeremonyMediator.all_backups_available.__qualname__, "Confirm all guardians have shared their election partial key backups", self.mediator.all_backups_available(), ) # Receive Backups for designated_guardian in self.guardians: backups = self.mediator.share_backups(designated_guardian.id) self._assert_message( KeyCeremonyMediator.share_backups.__qualname__, "Share election partial key backups for the designated guardian", len(backups) == NUMBER_OF_GUARDIANS - 1, ) for backup in backups: designated_guardian.save_election_partial_key_backup(backup) # ROUND 3: Verification of Backups # Verify Backups for designated_guardian in self.guardians: verifications = [] for backup_owner in self.guardians: if designated_guardian.id is not backup_owner.id: verification = ( designated_guardian.verify_election_partial_key_backup( backup_owner.id, identity_auxiliary_encrypt)) verifications.append(verification) self.mediator.receive_backup_verifications(verifications) self._assert_message( KeyCeremonyMediator.all_backups_verified.__qualname__, "Confirms all guardians have verified the backups of all other guardians", self.mediator.all_backups_verified(), ) # FINAL: Publish Joint Key joint_key = self.mediator.publish_joint_key() self._assert_message( KeyCeremonyMediator.publish_joint_key.__qualname__, "Publishes the Joint Election Key", joint_key is not None, ) # Build the Election self.election_builder.set_public_key( get_optional(joint_key).joint_public_key) self.election_builder.set_commitment_hash( get_optional(joint_key).commitment_hash) self.internal_manifest, self.context = get_optional( self.election_builder.build()) self.constants = ElectionConstants() # Move on to encrypting ballots def step_2_encrypt_votes(self) -> None: """ Using the `CiphertextElectionContext` encrypt ballots for the election """ # Configure the Encryption Device self.device = ElectionFactory.get_encryption_device() self.encrypter = EncryptionMediator(self.internal_manifest, self.context, self.device) self._assert_message( EncryptionDevice.__qualname__, f"Ready to encrypt at location: {self.device.location}", ) # Load some Ballots self.plaintext_ballots = BallotFactory().get_simple_ballots_from_file() self._assert_message( PlaintextBallot.__qualname__, f"Loaded ballots: {len(self.plaintext_ballots)}", len(self.plaintext_ballots) > 0, ) # Encrypt the Ballots for plaintext_ballot in self.plaintext_ballots: encrypted_ballot = self.encrypter.encrypt(plaintext_ballot) self._assert_message( EncryptionMediator.encrypt.__qualname__, f"Ballot Id: {plaintext_ballot.object_id}", encrypted_ballot is not None, ) self.ciphertext_ballots.append(get_optional(encrypted_ballot)) # Next, we cast or spoil the ballots def step_3_cast_and_spoil(self) -> None: """ Accept each ballot by marking it as either cast or spoiled. This example demonstrates one way to accept ballots using the `BallotBox` class """ # Configure the Ballot Box self.ballot_store = DataStore() self.ballot_box = BallotBox(self.internal_manifest, self.context, self.ballot_store) # Randomly cast or spoil the ballots for ballot in self.ciphertext_ballots: if randint(0, 1): submitted_ballot = self.ballot_box.cast(ballot) else: submitted_ballot = self.ballot_box.spoil(ballot) self._assert_message( BallotBox.__qualname__, f"Submitted Ballot Id: {ballot.object_id} state: {get_optional(submitted_ballot).state}", submitted_ballot is not None, ) def step_4_decrypt_tally(self) -> None: """ Homomorphically combine the selections made on all of the cast ballots and use the Available Guardians to decrypt the combined tally. In this way, no individual voter's cast ballot is ever decrypted drectly. """ # Generate a Homomorphically Accumulated Tally of the ballots self.ciphertext_tally = get_optional( tally_ballots(self.ballot_store, self.internal_manifest, self.context)) self.ciphertext_ballots = get_ballots(self.ballot_store, BallotBoxState.SPOILED) self._assert_message( tally_ballots.__qualname__, f""" - cast: {self.ciphertext_tally.cast()} - spoiled: {self.ciphertext_tally.spoiled()} Total: {len(self.ciphertext_tally)} """, self.ciphertext_tally is not None, ) # Configure the Decryption ciphertext_ballots = list(self.ciphertext_ballots.values()) self.decryption_mediator = DecryptionMediator( "decryption-mediator", self.context, ) # Announce each guardian as present count = 0 for guardian in self.guardians: guardian_key = guardian.share_election_public_key() tally_share = guardian.compute_tally_share(self.ciphertext_tally, self.context) ballot_shares = guardian.compute_ballot_shares( ciphertext_ballots, self.context) self.decryption_mediator.announce(guardian_key, tally_share, ballot_shares) count += 1 self._assert_message( DecryptionMediator.announce.__qualname__, f"Guardian Present: {guardian.id}", len(self.decryption_mediator.get_available_guardians()) == count, ) # Get the plaintext Tally self.plaintext_tally = get_optional( self.decryption_mediator.get_plaintext_tally( self.ciphertext_tally)) self._assert_message( DecryptionMediator.get_plaintext_tally.__qualname__, "Tally Decrypted", self.plaintext_tally is not None, ) # Get the plaintext Spoiled Ballots self.plaintext_spoiled_ballots = get_optional( self.decryption_mediator.get_plaintext_ballots(ciphertext_ballots)) self._assert_message( DecryptionMediator.get_plaintext_ballots.__qualname__, "Spoiled Ballots Decrypted", self.plaintext_tally is not None, ) # Now, compare the results self.compare_results() def compare_results(self) -> None: """ Compare the results to ensure the decryption was done correctly """ print(f""" {'-'*40} # Election Results: """) # Create a representation of each contest's tally selection_ids = [ selection.object_id for contest in self.manifest.contests for selection in contest.ballot_selections ] expected_plaintext_tally: Dict[str, int] = { key: 0 for key in selection_ids } # Tally the expected values from the loaded ballots for ballot in self.plaintext_ballots: if (get_optional(self.ballot_store.get( ballot.object_id)).state == BallotBoxState.CAST): for contest in ballot.contests: for selection in contest.ballot_selections: expected_plaintext_tally[ selection.object_id] += selection.vote # Compare the expected tally to the decrypted tally for tally_contest in self.plaintext_tally.contests.values(): print(f" Contest: {tally_contest.object_id}") for tally_selection in tally_contest.selections.values(): expected = expected_plaintext_tally[tally_selection.object_id] self._assert_message( f" - Selection: {tally_selection.object_id}", f"expected: {expected}, actual: {tally_selection.tally}", expected == tally_selection.tally, ) print(f"\n{'-'*40}\n") # Compare the expected values for each spoiled ballot for ballot in self.plaintext_ballots: if (get_optional(self.ballot_store.get( ballot.object_id)).state == BallotBoxState.SPOILED): print(f"\nSpoiled Ballot: {ballot.object_id}") for contest in ballot.contests: print(f"\n Contest: {contest.object_id}") for selection in contest.ballot_selections: expected = selection.vote decrypted_selection = (self.plaintext_spoiled_ballots[ ballot.object_id].contests[contest.object_id]. selections[selection.object_id]) self._assert_message( f" - Selection: {selection.object_id}", f"expected: {expected}, actual: {decrypted_selection.tally}", expected == decrypted_selection.tally, ) def step_5_publish_and_verify(self) -> None: """Publish and verify steps of the election""" self.publish_results() self.verify_results() if self.REMOVE_OUTPUT: rmtree(RESULTS_DIR) def publish_results(self) -> None: """ Publish results/artifacts of the election """ self.guardian_records = [ guardian.publish() for guardian in self.guardians ] publish( self.manifest, self.context, self.constants, [self.device], self.ballot_store.all(), self.plaintext_spoiled_ballots.values(), self.ciphertext_tally.publish(), self.plaintext_tally, self.guardian_records, RESULTS_DIR, ) self._assert_message( "Publish", f"Artifacts published to: {RESULTS_DIR}", path.exists(RESULTS_DIR), ) def verify_results(self) -> None: """Verify results of election""" # Deserialize manifest_from_file = Manifest.from_json_file(MANIFEST_FILE_NAME, RESULTS_DIR) self.assertEqual(self.manifest, manifest_from_file) context_from_file = CiphertextElectionContext.from_json_file( CONTEXT_FILE_NAME, RESULTS_DIR) self.assertEqual(self.context, context_from_file) constants_from_file = ElectionConstants.from_json_file( CONSTANTS_FILE_NAME, RESULTS_DIR) self.assertEqual(self.constants, constants_from_file) device_name = DEVICE_PREFIX + str(self.device.uuid) device_from_file = EncryptionDevice.from_json_file( device_name, DEVICES_DIR) self.assertEqual(self.device, device_from_file) for ballot in self.ballot_store.all(): name = BALLOT_PREFIX + ballot.object_id ballot_from_file = SubmittedBallot.from_json_file( name, BALLOTS_DIR) self.assertEqual(ballot, ballot_from_file) for spoiled_ballot in self.plaintext_spoiled_ballots.values(): name = BALLOT_PREFIX + spoiled_ballot.object_id spoiled_ballot_from_file = PlaintextTally.from_json_file( name, SPOILED_DIR) self.assertEqual(spoiled_ballot, spoiled_ballot_from_file) published_ciphertext_tally_from_file = PublishedCiphertextTally.from_json_file( ENCRYPTED_TALLY_FILE_NAME, RESULTS_DIR) self.assertEqual(self.ciphertext_tally.publish(), published_ciphertext_tally_from_file) plainttext_tally_from_file = PlaintextTally.from_json_file( TALLY_FILE_NAME, RESULTS_DIR) self.assertEqual(self.plaintext_tally, plainttext_tally_from_file) for guardian_record in self.guardian_records: set_name = COEFFICIENT_PREFIX + guardian_record.guardian_id guardian_record_from_file = GuardianRecord.from_json_file( set_name, GUARDIAN_DIR) self.assertEqual(guardian_record, guardian_record_from_file) def _assert_message(self, name: str, message: str, condition: Union[Callable, bool] = True) -> None: if callable(condition): result = condition() else: result = condition print(f"{name}: {message}: {result}") self.assertTrue(result)
def test_tally_ballot_invalid_input_fails( self, everything: ELECTIONS_AND_BALLOTS_TUPLE_TYPE): # Arrange ( _election_description, internal_manifest, ballots, _secret_key, context, ) = everything # encrypt each ballot store = DataStore() encryption_seed = ElectionFactory.get_encryption_device().get_hash() for ballot in ballots: encrypted_ballot = encrypt_ballot(ballot, internal_manifest, context, encryption_seed) encryption_seed = encrypted_ballot.code self.assertIsNotNone(encrypted_ballot) # add to the ballot store store.set( encrypted_ballot.object_id, from_ciphertext_ballot(encrypted_ballot, BallotBoxState.CAST), ) tally = CiphertextTally("my-tally", internal_manifest, context) # act cached_ballots = store.all() first_ballot = cached_ballots[0] first_ballot.state = BallotBoxState.UNKNOWN # verify an UNKNOWN state ballot fails self.assertIsNone(tally_ballot(first_ballot, tally)) self.assertFalse(tally.append(first_ballot)) # cast a ballot first_ballot.state = BallotBoxState.CAST self.assertTrue(tally.append(first_ballot)) # try to append a spoiled ballot first_ballot.state = BallotBoxState.SPOILED self.assertFalse(tally.append(first_ballot)) # Verify accumulation fails if the selection collection is empty if first_ballot.state == BallotBoxState.CAST: self.assertFalse( tally.contests[first_ballot.object_id].accumulate_contest([])) # pylint: disable=protected-access # pop the cast ballot tally._cast_ballot_ids.pop() # reset to cast first_ballot.state = BallotBoxState.CAST self.assertTrue( self._cannot_erroneously_mutate_state(tally, first_ballot, BallotBoxState.CAST)) self.assertTrue( self._cannot_erroneously_mutate_state(tally, first_ballot, BallotBoxState.SPOILED)) self.assertTrue( self._cannot_erroneously_mutate_state(tally, first_ballot, BallotBoxState.UNKNOWN)) # verify a cast ballot cannot be added twice first_ballot.state = BallotBoxState.CAST self.assertTrue(tally.append(first_ballot)) self.assertFalse(tally.append(first_ballot)) # verify an already submitted ballot cannot be changed or readded first_ballot.state = BallotBoxState.SPOILED self.assertFalse(tally.append(first_ballot))
class TestEndToEndElection(TestCase): """ Test a complete simple example of executing an End-to-End encrypted election. In a real world scenario all of these steps would not be completed on the same machine. """ NUMBER_OF_GUARDIANS = 5 QUORUM = 3 REMOVE_OUTPUT = False # Step 0 - Configure Election description: ElectionDescription election_builder: ElectionBuilder metadata: InternalElectionDescription context: CiphertextElectionContext constants: ElectionConstants # Step 1 - Key Ceremony mediator: KeyCeremonyMediator guardians: List[Guardian] = [] coefficient_validation_sets: List[CoefficientValidationSet] = [] # Step 2 - Encrypt Votes device: EncryptionDevice encrypter: EncryptionMediator plaintext_ballots: List[PlaintextBallot] ciphertext_ballots: List[CiphertextBallot] = [] # Step 3 - Cast and Spoil ballot_store: DataStore ballot_box: BallotBox # Step 4 - Decrypt Tally ciphertext_tally: CiphertextTally plaintext_tally: PlaintextTally decrypter: DecryptionMediator def test_end_to_end_election(self) -> None: """ Execute the simplified end-to-end test demonstrating each component of the system. """ self.step_0_configure_election() self.step_1_key_ceremony() self.step_2_encrypt_votes() self.step_3_cast_and_spoil() self.step_4_decrypt_tally() self.step_5_publish_and_verify() def step_0_configure_election(self) -> None: """ To conduct an election, load an `ElectionDescription` file """ # Load a pre-configured Election Description # TODO: replace with complex election self.description = ElectionFactory().get_simple_election_from_file() print(f""" {'-'*40}\n # Election Summary: # Scope: {self.description.election_scope_id} # Geopolitical Units: {len(self.description.geopolitical_units)} # Parties: {len(self.description.parties)} # Candidates: {len(self.description.candidates)} # Contests: {len(self.description.contests)} # Ballot Styles: {len(self.description.ballot_styles)}\n {'-'*40}\n """) self._assert_message( ElectionDescription.is_valid.__qualname__, "Verify that the input election meta-data is well-formed", self.description.is_valid(), ) # Create an Election Builder self.election_builder = ElectionBuilder(self.NUMBER_OF_GUARDIANS, self.QUORUM, self.description) self._assert_message( ElectionBuilder.__qualname__, f"Created with number_of_guardians: {self.NUMBER_OF_GUARDIANS} quorum: {self.QUORUM}", ) # Move on to the Key Ceremony def step_1_key_ceremony(self) -> None: """ Using the NUMBER_OF_GUARDIANS, generate public-private keypairs and share representations of those keys with QUORUM of other Guardians. Then, combine the public election keys to make a joint election key that is used to encrypt ballots """ # Setup Guardians for i in range(self.NUMBER_OF_GUARDIANS): self.guardians.append( Guardian("guardian_" + str(i), i, self.NUMBER_OF_GUARDIANS, self.QUORUM)) # Setup Mediator self.mediator = KeyCeremonyMediator(self.guardians[0].ceremony_details) # Attendance (Public Key Share) for guardian in self.guardians: self.mediator.announce(guardian) self._assert_message( KeyCeremonyMediator.all_guardians_in_attendance.__qualname__, "Confirms all guardians have shared their public keys", self.mediator.all_guardians_in_attendance(), ) # Run the Key Ceremony process, # Which shares the keys among the guardians orchestrated = self.mediator.orchestrate() self._assert_message( KeyCeremonyMediator.orchestrate.__qualname__, "Executes the key exchange between guardians", orchestrated is not None, ) self._assert_message( KeyCeremonyMediator.all_election_partial_key_backups_available. __qualname__, "Confirm sall guardians have shared their partial key backups", self.mediator.all_election_partial_key_backups_available(), ) # Verification verified = self.mediator.verify() self._assert_message( KeyCeremonyMediator.verify.__qualname__, "Confirms all guardians truthfully executed the ceremony", verified, ) self._assert_message( KeyCeremonyMediator. all_election_partial_key_verifications_received.__qualname__, "Confirms all guardians have submitted a verification of the backups of all other guardians", self.mediator.all_election_partial_key_verifications_received(), ) self._assert_message( KeyCeremonyMediator.all_election_partial_key_backups_verified. __qualname__, "Confirms all guardians have verified the backups of all other guardians", self.mediator.all_election_partial_key_backups_verified(), ) # Joint Key joint_key = self.mediator.publish_joint_key() self._assert_message( KeyCeremonyMediator.publish_joint_key.__qualname__, "Publishes the Joint Election Key", joint_key is not None, ) # Save Validation Keys for guardian in self.guardians: self.coefficient_validation_sets.append( guardian.share_coefficient_validation_set()) # Build the Election self.election_builder.set_public_key( get_optional(joint_key).joint_public_key) self.election_builder.set_commitment_hash( get_optional(joint_key).commitment_hash) self.metadata, self.context = get_optional( self.election_builder.build()) self.constants = ElectionConstants() # Move on to encrypting ballots def step_2_encrypt_votes(self) -> None: """ Using the `CiphertextElectionContext` encrypt ballots for the election """ # Configure the Encryption Device self.device = EncryptionDevice("polling-place-one") self.encrypter = EncryptionMediator(self.metadata, self.context, self.device) self._assert_message( EncryptionDevice.__qualname__, f"Ready to encrypt at location: {self.device.location}", ) # Load some Ballots self.plaintext_ballots = BallotFactory().get_simple_ballots_from_file() self._assert_message( PlaintextBallot.__qualname__, f"Loaded ballots: {len(self.plaintext_ballots)}", len(self.plaintext_ballots) > 0, ) # Encrypt the Ballots for plaintext_ballot in self.plaintext_ballots: encrypted_ballot = self.encrypter.encrypt(plaintext_ballot) self._assert_message( EncryptionMediator.encrypt.__qualname__, f"Ballot Id: {plaintext_ballot.object_id}", encrypted_ballot is not None, ) self.ciphertext_ballots.append(get_optional(encrypted_ballot)) # Next, we cast or spoil the ballots def step_3_cast_and_spoil(self) -> None: """ Accept each ballot by marking it as either cast or spoiled. This example demonstrates one way to accept ballots using the `BallotBox` class """ # Configure the Ballot Box self.ballot_store = DataStore() self.ballot_box = BallotBox(self.metadata, self.context, self.ballot_store) # Randomly cast or spoil the ballots for ballot in self.ciphertext_ballots: if randint(0, 1): accepted_ballot = self.ballot_box.cast(ballot) else: accepted_ballot = self.ballot_box.spoil(ballot) self._assert_message( BallotBox.__qualname__, f"Accepted Ballot Id: {ballot.object_id} state: {get_optional(accepted_ballot).state}", accepted_ballot is not None, ) def step_4_decrypt_tally(self) -> None: """ Homomorphically combine the selections made on all of the cast ballots and use the Available Guardians to decrypt the combined tally. In this way, no individual voter's cast ballot is ever decrypted drectly. """ # Generate a Homomorphically Accumulated Tally of the ballots self.ciphertext_tally = get_optional( tally_ballots(self.ballot_store, self.metadata, self.context)) self._assert_message( tally_ballots.__qualname__, f""" - cast: {self.ciphertext_tally.count()} - spoiled: {len(self.ciphertext_tally.spoiled_ballots)} Total: {len(self.ciphertext_tally)} """, self.ciphertext_tally is not None, ) # Configure the Decryption self.decrypter = DecryptionMediator(self.metadata, self.context, self.ciphertext_tally) # Announce each guardian as present for guardian in self.guardians: decryption_share = self.decrypter.announce(guardian) self._assert_message( DecryptionMediator.announce.__qualname__, f"Guardian Present: {guardian.object_id}", decryption_share is not None, ) # Get the Plain Text Tally self.plaintext_tally = get_optional( self.decrypter.get_plaintext_tally()) self._assert_message( DecryptionMediator.get_plaintext_tally.__qualname__, "Tally Decrypted", self.plaintext_tally is not None, ) # Now, compare the results self.compare_results() def compare_results(self) -> None: """ Compare the results to ensure the decryption was done correctly """ print(f""" {'-'*40} # Election Results: """) # Create a representation of each contest's tally selection_ids = [ selection.object_id for contest in self.metadata.contests for selection in contest.ballot_selections ] expected_plaintext_tally: Dict[str, int] = { key: 0 for key in selection_ids } # Tally the expected values from the loaded ballots for ballot in self.plaintext_ballots: if (get_optional(self.ballot_store.get( ballot.object_id)).state == BallotBoxState.CAST): for contest in ballot.contests: for selection in contest.ballot_selections: expected_plaintext_tally[ selection.object_id] += selection.vote # Compare the expected tally to the decrypted tally for tally_contest in self.plaintext_tally.contests.values(): print(f" Contest: {tally_contest.object_id}") for tally_selection in tally_contest.selections.values(): expected = expected_plaintext_tally[tally_selection.object_id] self._assert_message( f" - Selection: {tally_selection.object_id}", f"expected: {expected}, actual: {tally_selection.tally}", expected == tally_selection.tally, ) print(f"\n{'-'*40}\n") # Compare the expected values for each spoiled ballot for ballot_id, accepted_ballot in self.ciphertext_tally.spoiled_ballots.items( ): if accepted_ballot.state == BallotBoxState.SPOILED: for plaintext_ballot in self.plaintext_ballots: if ballot_id == plaintext_ballot.object_id: print(f"\nSpoiled Ballot: {ballot_id}") for contest in plaintext_ballot.contests: print(f"\n Contest: {contest.object_id}") for selection in contest.ballot_selections: expected = selection.vote decrypted_selection = ( self.plaintext_tally.spoiled_ballots[ ballot_id][contest.object_id]. selections[selection.object_id]) self._assert_message( f" - Selection: {selection.object_id}", f"expected: {expected}, actual: {decrypted_selection.tally}", expected == decrypted_selection.tally, ) def step_5_publish_and_verify(self) -> None: """Publish and verify steps of the election""" self.publish_results() self.verify_results() if self.REMOVE_OUTPUT: rmtree(RESULTS_DIR) def publish_results(self) -> None: """ Publish results/artifacts of the election """ publish( self.description, self.context, self.constants, [self.device], self.ballot_store.all(), self.ciphertext_tally.spoiled_ballots.values(), publish_ciphertext_tally(self.ciphertext_tally), self.plaintext_tally, self.coefficient_validation_sets, RESULTS_DIR, ) self._assert_message( "Publish", f"Artifacts published to: {RESULTS_DIR}", path.exists(RESULTS_DIR), ) def verify_results(self) -> None: """Verify results of election""" # Deserialize description_from_file = ElectionDescription.from_json_file( DESCRIPTION_FILE_NAME, RESULTS_DIR) self.assertEqual(self.description, description_from_file) context_from_file = CiphertextElectionContext.from_json_file( CONTEXT_FILE_NAME, RESULTS_DIR) self.assertEqual(self.context, context_from_file) constants_from_file = ElectionConstants.from_json_file( CONSTANTS_FILE_NAME, RESULTS_DIR) self.assertEqual(self.constants, constants_from_file) device_name = DEVICE_PREFIX + str(self.device.uuid) device_from_file = EncryptionDevice.from_json_file( device_name, DEVICES_DIR) self.assertEqual(self.device, device_from_file) for ballot in self.ballot_store.all(): name = BALLOT_PREFIX + ballot.object_id ballot_from_file = CiphertextAcceptedBallot.from_json_file( name, BALLOTS_DIR) self.assertEqual(ballot, ballot_from_file) for spoiled_ballot in self.ciphertext_tally.spoiled_ballots.values(): name = BALLOT_PREFIX + spoiled_ballot.object_id spoiled_ballot_from_file = CiphertextAcceptedBallot.from_json_file( name, SPOILED_DIR) self.assertEqual(spoiled_ballot, spoiled_ballot_from_file) ciphertext_tally_from_file = PublishedCiphertextTally.from_json_file( ENCRYPTED_TALLY_FILE_NAME, RESULTS_DIR) self.assertEqual(publish_ciphertext_tally(self.ciphertext_tally), ciphertext_tally_from_file) plainttext_tally_from_file = PlaintextTally.from_json_file( TALLY_FILE_NAME, RESULTS_DIR) self.assertEqual(self.plaintext_tally, plainttext_tally_from_file) for coefficient_validation_set in self.coefficient_validation_sets: set_name = COEFFICIENT_PREFIX + coefficient_validation_set.owner_id coefficient_validation_set_from_file = ( CoefficientValidationSet.from_json_file( set_name, COEFFICIENTS_DIR)) self.assertEqual(coefficient_validation_set, coefficient_validation_set_from_file) def _assert_message(self, name: str, message: str, condition: Union[Callable, bool] = True) -> None: if callable(condition): result = condition() else: result = condition print(f"{name}: {message}: {result}") self.assertTrue(result)
def test_tally_ballot_invalid_input_fails( self, everything: ELECTIONS_AND_BALLOTS_TUPLE_TYPE): # Arrange _election_description, metadata, ballots, _secret_key, context = everything # encrypt each ballot store = DataStore() seed_hash = EncryptionDevice("Location").get_hash() for ballot in ballots: encrypted_ballot = encrypt_ballot(ballot, metadata, context, seed_hash) seed_hash = encrypted_ballot.tracking_hash self.assertIsNotNone(encrypted_ballot) # add to the ballot store store.set( encrypted_ballot.object_id, from_ciphertext_ballot(encrypted_ballot, BallotBoxState.CAST), ) subject = CiphertextTally("my-tally", metadata, context) # act cached_ballots = store.all() first_ballot = cached_ballots[0] first_ballot.state = BallotBoxState.UNKNOWN # verify an UNKNOWN state ballot fails self.assertIsNone(tally_ballot(first_ballot, subject)) self.assertFalse(subject.append(first_ballot)) # cast a ballot first_ballot.state = BallotBoxState.CAST self.assertTrue(subject.append(first_ballot)) # try to append a spoiled ballot first_ballot.state = BallotBoxState.SPOILED self.assertFalse(subject.append(first_ballot)) # Verify accumulation fails if the selection collection is empty if first_ballot.state == BallotBoxState.CAST: self.assertFalse( subject.cast[first_ballot.object_id].accumulate_contest([])) # pylint: disable=protected-access # pop the cast ballot subject._cast_ballot_ids.pop() # reset to cast first_ballot.state = BallotBoxState.CAST self.assertTrue( self._cannot_erroneously_mutate_state(subject, first_ballot, BallotBoxState.CAST)) self.assertTrue( self._cannot_erroneously_mutate_state(subject, first_ballot, BallotBoxState.SPOILED)) self.assertTrue( self._cannot_erroneously_mutate_state(subject, first_ballot, BallotBoxState.UNKNOWN)) # verify a spoiled ballot cannot be added twice first_ballot.state = BallotBoxState.SPOILED self.assertTrue(subject.append(first_ballot)) self.assertFalse(subject.append(first_ballot)) # verify an already spoiled ballot cannot be cast first_ballot.state = BallotBoxState.CAST self.assertFalse(subject.append(first_ballot)) # pop the spoiled ballot subject.spoiled_ballots.pop(first_ballot.object_id) # verify a cast ballot cannot be added twice first_ballot.state = BallotBoxState.CAST self.assertTrue(subject.append(first_ballot)) self.assertFalse(subject.append(first_ballot)) # verify an already cast ballot cannot be spoiled first_ballot.state = BallotBoxState.SPOILED self.assertFalse(subject.append(first_ballot))