Disclaimer: The author is NOT a cryptographer and this work has not been reviewed. This means that there is very likely a fatal flaw somewhere. Criptocracia is still experimental and not production-ready.
Criptocracia is an experimental, trustless open-source electronic voting system. This Flutter application serves as the voter client, implementing blind RSA signatures to ensure vote secrecy and voter anonymity, while using the Nostr protocol for decentralized, encrypted message transport.
This Flutter app is the mobile voter client for the Criptocracia voting system. It provides a secure, privacy-preserving interface for voters to participate in elections using cryptographic techniques that ensure both vote secrecy and system integrity.
- π Blind RSA Signatures: Privacy-preserving vote tokens that ensure vote secrecy
- π Nostr Protocol: Decentralized communication using NIP-59 Gift Wrap encryption
- π Hierarchical Deterministic Keys: BIP32/BIP44 key derivation following NIP-06 specification
- ποΈ Hardware-Backed Security: Device-specific encryption for sensitive data storage
- π± Cross-Platform: Native support for Android, iOS, Web, Windows, macOS, and Linux
- π Multi-Language: English and Spanish localization support
- π Secure Persistence: Mnemonic phrases survive app reinstalls with enhanced security
- π¨ Real-time Messaging: NIP-59 compliant Gift Wrap message processing for voting protocol
- NostrKeyManager: BIP39 mnemonic generation and NIP-06 key derivation
- SecureStorageService: Hardware-backed encrypted storage with device fingerprinting
- VoterSessionService: Comprehensive voting session state management
- CryptoService: Complete RSA blind signature operations
- NostrService: NIP-59 encrypted communication with Gift Wrap event processing
- BlindSignatureProcessor: Real-time processing of blind signature responses
Hardware Security β Device Fingerprint β PBKDF2 β AES Encryption β Secure Storage
β
BIP39 Mnemonic β BIP32/44 Keys β Nostr Identity β Encrypted Communication
β
Voting Session β Blind Signatures β Vote Tokens β Anonymous Voting
- Flutter SDK: Version 3.8.1 or higher
- Dart SDK: Included with Flutter
- Platform Tools:
- Android Studio (for Android development)
- Xcode (for iOS development on macOS)
- Visual Studio (for Windows development)
-
Clone the repository:
git clone https://github.com/grunch/criptocracia-app.git cd criptocracia-app -
Install dependencies:
flutter pub get
-
Verify setup:
flutter doctor
-
Run the app:
flutter run
flutter run -d androidflutter run -d iosflutter run -d chromeflutter run -d windows # Windows
flutter run -d macos # macOS
flutter run -d linux # Linuxflutter testflutter test --dart-define=CI=true # CI environment
flutter test --dart-define=SLOW_DEVICE=true # Slow devices
flutter test --dart-define=SKIP_TIMING=true # Skip timing testsflutter test --coverage
genhtml coverage/lcov.info -o coverage/htmlflutter run --dart-define=debug=trueflutter build apk --release # Android APK
flutter build appbundle # Android App Bundle
flutter build ios --release # iOS
flutter build web --release # Web
flutter build windows --release # Windows
flutter build macos --release # macOS
flutter build linux --release # Linuxflutter analyzeThe project uses flutter_lints for code quality enforcement. Configuration is in analysis_options.yaml.
flutter run --dart-define=debug=trueflutter logs # View device logs
flutter pub deps # Dependency tree
flutter pub outdated # Check for updates
flutter clean # Clean build cache- BIP39: Mnemonic phrase generation and validation
- BIP32/BIP44: Hierarchical deterministic key derivation
- NIP-06: Nostr key derivation specification
- NIP-19: Bech32 encoding for Nostr addresses
- NIP-59: Gift Wrap encryption for private messaging
- RSA Blind Signatures: Privacy-preserving vote tokens
- SHA-256: Cryptographic hashing for integrity verification
- Device Fingerprinting: Hardware-specific encryption keys
- PBKDF2: 100,000 iterations for key derivation
- AES Encryption: Hive database with encrypted storage
- Secure Boot Chain: Bootstrap β Master β Application keys
- Mnemonic Persistence: Survives app reinstalls and updates
- Blind Signatures: Vote content hidden from election coordinators
- Gift Wrap Encryption: Message content hidden from relays
- Session Isolation: Independent encryption for each voting session
- Forward Secrecy: Session data clearable without affecting identity
- Elections Screen: Browse and select available elections
- Election Detail: View candidates and election information
- Voting Screen: Cast votes with blind signature tokens
- Results Screen: Real-time election results display
- Account Screen: View voter identity and session information
Elections Screen |
Account Screen |
Voting Screen |
Results Screen |
- Bottom Navigation: Switch between Elections and Results
- Drawer Menu: Access account settings and app information
- Material Design 3: Modern UI with adaptive theming
- Languages: English (en) and Spanish (es)
- Localization: ARB format in
lib/l10n/ - Runtime: Automatic language detection with manual override
- Relay URL:
wss://relay.mostro.network - Election Coordinator:
0000001ace57d0da17fc18562f4658ac6d093b2cc8bb7bd44853d0c196e24a9c
Configuration can be customized changing relayUrl and ecPublicKey variables in lib/config/app_config.dart.
flutter: Cross-platform UI frameworkdart_nostr: ^9.1.1: Nostr protocol implementationprovider: ^6.1.2: State management
blind_rsa_signatures: RSA blind signature operations (git)nip59: NIP-59 Gift Wrap encryption (git)blockchain_utils: ^3.0.0: BIP32/BIP44 key derivationbip39: ^1.0.6: Mnemonic generation and validationbech32: ^0.2.2: NIP-19 address encodingelliptic: ^0.3.11: Elliptic curve cryptographycrypto: ^3.0.6: General cryptographic functions
hive: ^2.2.3: Local encrypted databasehive_flutter: ^1.1.0: Flutter integration for Hivedevice_info_plus: ^10.1.2: Device fingerprintingshared_preferences: ^2.3.3: Simple configuration storage
- CHANGELOG.md: Detailed change history and new features
- ARCHITECTURE.md: Technical architecture and implementation details
- NOSTR.md: Complete Nostr protocol implementation and event specifications
- REPLACE_APP_ICON.md: Instructions for customizing app icons
- Create feature branch from
main - Implement changes with tests
- Run quality checks:
flutter analyze && flutter test - Submit pull request with description
- Follow Dart/Flutter style guidelines
- Write tests for new functionality
- Document public APIs
- Use meaningful commit messages
- Never commit secrets or private keys
- Follow secure coding practices
- Test cryptographic operations thoroughly
- Review security implications of changes
- Ensure Flutter SDK is up to date:
flutter upgrade - Clean build cache:
flutter clean && flutter pub get - Check platform-specific tools:
flutter doctor
- Verify mnemonic validation in NostrKeyManager
- Check device fingerprinting in SecureStorageService
- Validate RSA key formats in CryptoService
- Ensure app has storage permissions
- Check device fingerprint consistency
- Validate encryption key derivation
- Verify relay URL accessibility
- Check Nostr event formatting
- Validate NIP-59 encryption/decryption
# Check session state
flutter run --dart-define=debug=true
# Analyze dependencies
flutter pub deps
# Verify environment
flutter doctor -vThis project is under MIT License.
- Criptocracia EC: Rust-based election coordinator.
- Criptocracia Voter: Rust-based voter client.
- eccli: Command-line client to connect with the Electoral Commission gRPC API
For technical issues, feature requests, or security concerns:
- Open an issue in the project repository
- Review existing documentation in ARCHITECTURE.md
- Check troubleshooting section above
π Security Notice: Always verify the integrity of election coordinator public keys and relay URLs before participating in elections.