Skip to content

Instantly share code, notes, and snippets.

Last active February 24, 2021 00:25
What would you like to do?
2021-02-23 election
Elected by acclamation
Michael Kozakewich
Kyle Martin
Edwin Amsler
Thor Robinson
Pietra Shirley
Greeting Skullspace members and observers,
I am the election officer for the Skullspace AGM to be held Tuesday
February 23, 2021 at 6pm Winnipeg time.
There are no bylaw amendments on the agenda this year.
I will be sending out voting codes to eligible voters by email this
evening. If you do not receive a voting code by Monday morning, please
be in touch with myself <> and Michael Kozakewich
<> .
There are five positions to fill on our board of directors. You may vote
for up to 5 candidates.
Nominations will close at the start of the meeting shortly after 6pm.
I'm tracking known nominees at:
This will be updated at the close of nominations.
You can simply vote by emailing me back your voting code (like past
elections), or by following the more complicated protocol and channels
detailed below which will allow me to irrevocably blind myself from who
votes for who. This way, no-one can ever compel me to disclose those votes.
Votes for board candidates will be accepted until 8pm Winnipeg time,
after which I will count ballots.
If we do not have more than 5 nominees, the candidates will win their
positions by acclamation. For your amusement, I will conduct a mock
election where you may pick up to two of the following candidates:
The mock election will close at 7pm.
Blinding protocol instructions:
The opt-in blinding voting protocol I have developed is documented at
You don't really need to read all that to help me achieve blinding on
your vote.
Just do these two steps
1) Between now and 5:30pm on election day, use your voting code to run
this interactive python3 program:
Email me the two "rekey:" lines and two "rekeysig" lines that you
generate. (sub-key derivation string and signature)
Feel free to encrypt with my GPG key.
Don't lose the "rekey:" lines. If you do accidentally lose them, contact
me by 5:30pm 2021-02-23.
At 5:45pm I will be generating sub-keys with these and deleting the
derivation text you will have sent me.
2) Whenever you're ready to vote (before or after nominations close...),
download the two nominee lists
And run this interactive python3 program in the same directory
Send me any "ballot:" output lines. (there will be one "ballot:" per
candidate voted for)
You can send your ballot: code through an insecure, unauthenticated channel:
1) unencrypted email
2) Skullspace slack #general or PM me on SKSP slack
3) #skullspace on Freenode (IRC) or PM to markjenkinsznc
4) Contact form on my website between
4pm and 8pm.
(I get too much spam to check outside of that)
5) Through a trusted friend. (get them to use a public channel so you
know the message got through)
There are ways to use these things to ensure that I don't even know who
voted, let alone for who.
#!/usr/bin/env python3
from __future__ import print_function
from __future__ import division
from random import SystemRandom
from base64 import b64encode
from sys import argv, version_info
if version_info[0] >= 3:
def eight_bit_int_to_byte(n):
return int.to_bytes(n, 1, 'big')
eight_bit_int_to_byte = chr
KEY_SIZE = 64 # 64 bits
assert( KEY_SIZE % 8 == 0 ) # KEY_SIZE must be a multiple of 8 bits
sysrandom = SystemRandom()
def generate_voting_code():
random_64_bits_as_bytes = b''.join(
for i in range(KEY_SIZE//8) )
return "masterkey:" + b64encode(random_64_bits_as_bytes).decode('ascii')
n_codes = 1 if len(argv) < 2 else int(argv[1])
print( '\n'.join( generate_voting_code() for i in range(n_codes) ) )
#!/usr/bin/env python3
BOARD_ELECTION_VOTE_LIMIT = 5 # at most 5 positions on the board
('2021-02-23 board', '2021-02-23_boardcandidates.txt',
('2021-02-23 mock', '2021-02-23_mockcandidates.txt',
SHORT_MASTER_KEY_LENGTH = 8 # 64 bits, 8 bytes
SUB_KEY_SIG_TRUNCATE = 8 # 64 bits, 8 bytes
MASTERKEY_PREFIX = "masterkey:"
REKEY_PREFIX = "rekey:"
BALLOT_PREFIX = "ballot:"
from random import SystemRandom
import hmac
import hashlib
import base64
import binascii
import sys
from os.path import exists
if sys.version_info[0] < 3:
print("Python 3 required. (tested on 3.5.2)")
# load candidate lists into the empty lists ELECTIONS[0][2]
# and ELECTIONS[1][2] above
for election, candidate_list_filename, candidate_list, limit in ELECTIONS:
if not exists(candidate_list_filename):
"%s was not found in current working directory" %
with open(candidate_list_filename) as f:
candidate_list.extend( line.strip() for line in f )
def create_code_signed_ballot(sub_key, vote):
ballot_hmac =, vote.encode('UTF-8'),
base_64_bytes = base64.b64encode(ballot_hmac.digest()[0:BALLOT_SIZE_BYTES])
return BALLOT_PREFIX + base_64_bytes.decode('ascii')
def valid_candidate(candidate_selection,
candidates, candidate_lookup_by_number):
if candidate_selection in candidates:
return candidate_selection
candidate_number = int(candidate_selection)
except ValueError:
return None
else: # only if conversion of candidate_selection to int works
if candidate_number in candidate_lookup_by_number:
return candidate_lookup_by_number[candidate_number]
return None
def get_valid_votes(candidates, max_votes):
candidates_enumerated = list(enumerate(candidates, 1))
candidate_lookup_by_number = dict( candidates_enumerated )
print("Vote for up to %d candidates by matching name or number, "
"seperated by comma (',')" % max_votes)
print("write-in ballots are not supported by this interface")
while True:
print() # blank line
for i, candidate in candidates_enumerated:
print("%d) %s" % (i, candidate))
candidate_selection_w_newline = input("Who are you voting for? > ")
candidate_selection = candidate_selection_w_newline.strip()
# split up the candidate selection by comma
selected_candidates = candidate_selection.split(",")
# ask again if too many were voted for or none were
if len(selected_candidates) > max_votes or len(selected_candidates) <1:
# remove any whitespace
selected_candidates = [ c.strip() for c in selected_candidates ]
# validate each candidate selection, replacing with None if
# invalid, and replacing any numbers with names
selected_candidates = [
valid_candidate(c, candidates, candidate_lookup_by_number)
for c in selected_candidates]
# verify all selected candidates came out okay, no None
if all( c !=None for c in selected_candidates ):
return selected_candidates
def get_valid_master_code():
while True:
code_w_newline = input("What's your master code/key? > ")
mastercode_ascii = code_w_newline.strip()
if mastercode_ascii.startswith(MASTERKEY_PREFIX):
# remove masterkey: prefix
mastercode_ascii = mastercode_ascii[len(MASTERKEY_PREFIX):]
prefix_seen = True
prefix_seen = False
decoded_code = base64.b64decode(mastercode_ascii, validate=True)
except binascii.Error:
print("invalid code")
if len(decoded_code) == SHORT_MASTER_KEY_LENGTH:
print("invalid code")
print("Your code is:")
return decoded_code
def get_election_choice():
while True:
print("Which election are you voting in?")
# start enumeration at 1 so they are numbered 1), 2)...
for i, (election_name, a, b, c) in enumerate(ELECTIONS, 1):
print("%d) %s" % (i, election_name) )
election_choice = int(input("> "))
except ValueError:
if 1<= election_choice <= len(ELECTIONS):
# election_choice-1 because the UI enumerates from 1)
choice_of_election = ELECTIONS[election_choice-1]
return (
choice_of_election[0], # election name
choice_of_election[2], # candidate list
choice_of_election[3], # vote limit
) # end tuple
def get_valid_sub_key_derivation_string(election_name):
print("If you provided the election officer a sub-key derivation string "
"add it here. Otherwise, leave this blank (hit enter) or "
"type default")
rekey_prefix = REKEY_PREFIX + election_name + ' '
print("""accepted input formats for non-default are:
""" % rekey_prefix)
while True:
sub_key_derivation_string = input(
"sub-key derivation string > ").strip()
if ( sub_key_derivation_string.startswith(rekey_prefix) and
len(sub_key_derivation_string) > len(rekey_prefix) ):
return sub_key_derivation_string[ len(rekey_prefix): ]
elif sub_key_derivation_string in ("", "default", election_name):
return election_name
return sub_key_derivation_string
def main():
election_name, candidates, vote_limit = get_election_choice()
master_key_64 = get_valid_master_code()
master_key_256_sha = hashlib.sha256(master_key_64)
master_key_256 = master_key_256_sha.digest()
subkey_derivation_string = get_valid_sub_key_derivation_string(
if subkey_derivation_string == election_name:
print("you picked the default sub-key derivation string")
print("your custom sub-key derivation string was")
rekey_msg = (
REKEY_PREFIX + election_name + ' ' + subkey_derivation_string)
sub_key_hmac =
master_key_256, rekey_msg.encode('ascii'), hashlib.sha256)
sig_64 = sub_key_hmac.digest()[0:SUB_KEY_SIG_TRUNCATE]
print("your signature when you provided this to the election officer "
"was: ")
print("rekeysig:" + base64.b64encode(sig_64).decode('ascii'))
sub_key_sha256 = master_key_256_sha.copy()
sub_key = sub_key_sha256.digest()
votes = get_valid_votes(candidates, vote_limit)
print("your ballots are:")
for vote in votes:
code_signed_ballot = create_code_signed_ballot(sub_key, vote)
if __name__ == "__main__":
#!/usr/bin/env python3
ELECTIONS = ('2021-02-23 board', '2021-02-23 mock')
MASTERKEY_PREFIX = "masterkey:"
SHORT_MASTER_KEY_LENGTH = 8 # 64 bits, 8 bytes
SUB_KEY_DERIVE_LENGTH = 256//8 # 256 bits, 32 bytes
SUB_KEY_SIG_TRUNCATE = 8 # 64 bits, 8 bytes
import sys
import hmac
import binascii
from random import SystemRandom
from base64 import b64encode, b64decode
from hashlib import sha256
if sys.version_info[0] < 3:
print("Python 3 is required to run this script. Tested on 3.5.2")
def eight_bit_int_to_byte(n):
return int.to_bytes(n, 1, 'big')
def rand_bytes(num_bytes):
return b''.join(
for i in range(num_bytes))
sysrandom = SystemRandom()
mastercode_ascii = input(
"enter your master voting code (%s prefix) > " % MASTERKEY_PREFIX)
mastercode_ascii = mastercode_ascii.strip()
if mastercode_ascii.startswith(MASTERKEY_PREFIX):
# remove masterkey: prefix
mastercode_ascii = mastercode_ascii[len(MASTERKEY_PREFIX):]
prefix_seen = True
prefix_seen = False
master_key_64 = b64decode(mastercode_ascii, validate=True)
except binascii.Error:
print("invalid master voting code")
if len(master_key_64) != SHORT_MASTER_KEY_LENGTH:
print("invalid master voting code length")
if not prefix_seen:
print("master voting code accepted without %s prefix" % MASTERKEY_PREFIX)
master_key_256_sha = sha256(master_key_64)
master_key_256 = master_key_256_sha.digest()
for election in ELECTIONS:
sub_key_derive_bytes = rand_bytes(SUB_KEY_DERIVE_LENGTH)
sub_key_derive_string = b64encode(sub_key_derive_bytes).decode('ascii')
# uncomment this to test that
# rekey:2021-02-23 mock 7OJyWgwvhS8=
# results in
# rekeysig:35+MYeBRF4E=
#sub_key_derive_string = '7OJyWgwvhS8='
rekey_msg = "rekey:%s %s" %(election, sub_key_derive_string)
sub_key_hmac =, rekey_msg.encode('ascii'), sha256)
sig_64 = sub_key_hmac.digest()[0:SUB_KEY_SIG_TRUNCATE]
print("rekeysig:" + b64encode(sig_64).decode('ascii'))
Send the above rekey: and rekeysig: lines to """
"""Mark Jenkins <> prior to 2021-02-23 5:30pm.
You must retain the rekey values for your records in order to vote.
If you lose them prior to 5:45pm Winnipeg time 2021-02-23, contact Mark.
If you lose them after that you're out of luck, Mark will be blind to """
"""which re-keyed sub-keys belong to which voters.
At your option, you can encrypt emails to Mark with GPG key 0xA8F86493AA4DB1FB
This is a description of version 2 of the skullspace election protocol while Mark Jenkins is election officer.
The election officer emails random codes to each eligible voter.
A voter can simply vote by providing their code and who/what they are voting for in any form of correspondence with the election officer.
This is allowed, but it makes it easy for the election officer to know who was voted for.
The purpose of this protocol is to make it easier for the election officer to blind themselves from knowing who was voted for, as long as there is also co-operation from the voters who want to help that along.
Furthermore, blinding can protect the electoral officer from being compelled to reveal who voted for who/what.
The protocol does not assure the voters that the election officer is blind though, constructing such a system is harder and out of scope in this election. It's up to the election officer to do their part in blinding.
In version 1 of the protocol, used for the summer 2020 byelection, a candidate was named as a message and a hmac signature was constructed using the voting code as the key and the correspondence between keys and voters was removed. The keys/codes issued were thus only useful for that election.
In version 2, there are four main changes:
1) The keys sent to voters are issued to be indefinite for communication between voter and election officer Mark Jenkins, covering subsequent elections.
2) A procedure exists for deriving and setting an election specific sub-key.
3) All code types will have an identifying prefix
4) Shorter codes
The correspondence between keys and voters will be retained for subsequent elections. (In an encrypted file available only to the electoral officer)
Such keys will not be handed off to a successor election officer. Re-keying between voter and election officer is possible prior to and after the election. (Same keys will not be re-sent out, lost key will lead to a new key)
The key / code sent to voters are shortened to 64bits. To identify them, they will have a prefix "masterkey:" The keys themselves will still be base64 encoded.
An example key that we will use throughout here is
In hexadecimal, the same key is:
8F 1A 49 C7 9B 84 AD 0F
(note, the masterkey: prefix isn't part of this hex representation)
When used in the subsequent algorithms, these masterkeys should be stretched to 256 bits with the sha256 hash for consistency with subsequent 256 bit primitives before performing any other operations.
So our example 64 bit master key stretches to:
4B D4 02 9D 91 99 F4 E9 35 4A 90 46 69 4B 7C 23 DB CB 1F 22 22 48 8E 3C F1 D9 9F 0E 9C 49 1D 14
(base64 with a prefix)
For each election, the election officer will publish a default derivation path from master key to sub-key. The derivation path will be an ascii string (of printable characters) describing the relevant election.
For example, the 2021 board election default derivation path will be
'2021-02-23 board'
(quotes excluded)
If we don't have a board election due to the number of candidates, the default derivation path for the mock election will be
'2021-02-23 mock'
(quotes excluded)
The sub-key for each voter will consist of the sha256 digest that resulted from key stretching being updated with the derivation path, encoded as ascii.
Python 3 example:
from hashlib import sha256
from base64 import b64decode
master_key_64 = b64decode('jxpJx5uErQ8=')
master_key_256_sha = sha256(master_key_64)
# 4BD4029D9199F4E9354A9046694B7C23DBCB1F2222488E3CF1D99F0E9C491D14
sub_key_board = master_key_256_sha.copy()
sub_key_board.update('2021-02-23 board'.encode('ascii'))
# A0FCD32E68936B0E54A74226D1CA02A68042E805C39A78D87A2A1199610C1763
sub_key_mock = master_key_256_sha.copy()
sub_key_mock.update('2021-02-23 mock'.encode('ascii'))
# 16FD00196A7DFFFE5B982B4B89BBF6BA5FF5B0FD3CC71C50812F1BDB402B8A8F
The 2021-02-23 election does not include any bylaw amendment resolutions.
In the future, we may be electing a board and passing bylaw amendments. In that case, each bylaw amendment will be treated as a separate election with its own default sub-key derivation string, e.g.
'2000-01-05 amendment #1'
'2000-01-05 amendment #2'
Shortly before the election meeting is convened, the electoral officer will generate a list of sub-keys for all voters. One list per matter up for election. The list will be cryptographically shuffled. As such, there won't be a visible connection between sub-keys and the master keys that can be looked up casually.
But, with programming, an electoral officer could easily reconnect the sub-keys to their original master keys and eligible voters by re-generating the sub-keys with the master keys and assigned persons noted.
Therefore, we give the voters the option to designate their own sub-key derivation prior to the election. Receiving these re-keyings prior to the sub-key generation allows the electoral officer to delete all connection to the master key at the time of sub-key generation. (the blinding process)
A voter can use their master key to hmac sign this re-keying operation.
The voter sends a message prefixed with "rekey:" followed by the original derivation string for the relevant election, followed by a space, followed by additional, printable ascii characters which will be their own personal derivation string
rekey:2021-02-23 mock 7OJyWgwvhS8=
The voter signs this rekeying operation by using the sha256 hmac operation, with their master key as the key and the message (including the rekey prefix), encoded to bytes with ascii. The output of that operation is 256 bits. We truncate to first the 64 bits (8 bytes), encode with base64 and transmit with a rekeysig: prefix.
So, for the voter with master key jxpJx5uErQ8=, who wants to use an alternate derivation string 7OJyWgwvhS8= for the 2021-02-23 mock election, they transmit
rekey:2021-02-23 mock 7OJyWgwvhS8=
#!/usr/bin/env python3
import hmac
from hashlib import sha256
from base64 import b64decode, b64encode
master_key_64 = b64decode('jxpJx5uErQ8=')
master_key_256_sha = sha256(master_key_64)
master_key_256 = master_key_256_sha.digest()
h =, 'rekey:2021-02-23 mock 7OJyWgwvhS8='.encode('ascii'), sha256)
sig_64 = h.digest()[0:8]
print("rekeysig:" + b64encode(sig_64).decode('ascii'))
Casting of ballots is generating an hmac signature with the derived sub-key (default or rekey) and a UTF-8 encoding of a candidate name. (The choice of UTF-8 allows for non-ascii characters to be part of a candidate name)
Truncate the generated signature to the first 64 bits (8 bytes), encode with base64, and prefix with "ballot:".
The ballot code can be transmitted through any channel approved by the electoral officer. This can include untrusted channels and even persons proxying.
A typical board of directors election will involve greater than 5 candidates, but only being allowed to vote for up to 5. (greater than N candidates, <= N ballots cast per voter). Cast a seperate ballot for each candidate you are voting for:
For example, the candidates for the 2021-02-23 mock election are
and you may only vote for 2.
#!/usr/bin/env python3
import hmac
from hashlib import sha256
from base64 import b64decode, b64encode
master_key_64 = b64decode('jxpJx5uErQ8=')
master_key_256_sha = sha256(master_key_64)
sub_key_mock_sha256 = master_key_256_sha.copy()
sub_key_mock_sha256.update('2021-02-23 mock'.encode('ascii'))
sub_key_mock = sub_key_mock_sha256.digest()
pirates_ballot =, "Pirates".encode("UTF-8"), sha256)
pirates_ballot_64 = pirates_ballot.digest()[0:8]
ninjas_ballot =, "Ninjas".encode("UTF-8"), sha256)
ninjas_ballot_64 = ninjas_ballot.digest()[0:8]
print("ballot:" + b64encode(pirates_ballot_64).decode('ascii'))
print("ballot:" + b64encode(ninjas_ballot_64).decode('ascii'))
If we hold a mock election, write-in candidates will also be allowed. Convey the name before the ballot code separated by a space
Elon ballot:Lx/Ld5yxVZc=
The electoral officer may report some of the write-in submissions after the election at their discretion.
If we hold a real election, there will be a fixed candidate list published at the time of nominations closing with the official spelling for each candidate. This will be a UTF-8 encoded text file with newline septation.
Technically in the real election, write-in of last minute nominees is also possible, but discouraged. If anyone does this the electoral officer will have to take additional care to ensure no-one gets multiple votes from the same voter with alternate name spelling, such as writing in both "Elon" and "E Musk". A distinction will also have to be made between duly nominated write-ins and those who are not.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment