What happens if the main server is compromised?
We have designed Adder in such a way that no attack can occur on the main server that successfully violates user privacy or manipulates the result of the election, unless the whole database is corrupted. All voters’ ballots remain encrypted throughout the entire procedure; only the sum is decrypted. Therefore, the plaintext version of a vote can never be associated with an individual voter. Additionally, the cryptography used by Adder prevents changing the result of an election, as the tallying can be duplicated by any third party. That being said, it is possible for an attacker to launch a more conventional, non-cryptographic attack on Adder. For instance, it is difficult to prevent denial-of-service attacks, or cases where the server is cracked into and shut down. These attacks are not the present focus of the Adder project, and they apply to all systems that are connected to the Internet.
