Computer scientists deploy first practical, Web-based, secure, verifiable voting system

Mar 05, 2009

Computer scientists affiliated with the Center for Research on Computation and Society (CRCS), based at the Harvard School of Engineering and Applied Sciences (SEAS), in collaboration with scientists at the Université Catholique de Louvain (UCL) in Belgium, deployed the first practical, web-based implementation of a secure, verifiable voting system for the presidential election held at UCL earlier this week.

Called Helios, the system was developed by Ben Adida, a fellow at CRCS and an instructor/researcher at the Children's Hospital Informatics Program, Harvard Medical School. Professors Jean-Jacques Quisquater and Olivier Pereira and Ph.D. student Olivier de Marneffe at UCL worked closely with the UCL Election Commission to integrate Helios into the University's infrastructure, implement UCL's custom weighted tallying system, and optimize the verification tools for the election size.

"Helios allows any participant to verify that their ballot was correctly captured, and any observer to verify that all captured ballots were correctly tallied," said Adida. "We call this open-audit voting because the complete auditing process is now available to any observer. This revolutionary approach to elections has been described in the literature for more than 25 years, yet this is the first real-world open-audit election of this magnitude and impact of outcome."

The verifiable voting system, available as open-source/free software, implements advanced cryptographic techniques to maintain ballot secrecy while providing a mathematical proof that the election tally was correctly computed.

Helios relies upon public key homomorphic encryption, a method where a public key is used to encrypt a message (in this case, a vote); messages can be combined under the covers of encryption (in this case, tallying the votes); and multiple independent private keys are required to decrypt the message (in this case, the election tally).

In an election, Helios works as follows:

• first, each voter receives a tracking number for his/her vote and the vote is encrypted with the election public key before it leaves the voter's browser;

• second, with the tracking number, a voter can then verify that their ballot was correctly captured by the voting system, which publishes a list of all tracking numbers prior to tallying; and

• finally, the voter, or any observer including election watchers from outside the election, can verify that these tracking numbers (the encrypted votes) were tallied appropriately. The election results contain a mathematical proof of the tally that cannot be "faked" even with the use of powerful computers.

"Because the tallying happens under the covers of encryption, the entire verification process is done without revealing the contents of each individual vote," explained Adida "Moreover, by using Helios, voters no longer need to blindly trust those supervising the election, as officials must provide mathematical proofs that everything was done appropriately."

The system was first tested in smaller elections throughout 2008 and then, in early February 2009, on a population of 3,000 voters at UCL in anticipation presidential election held during the first week of March. The UCL Presidential election was available to 25,000 eligible voters, of which 5,400 registered and 4,000 cast a ballot.

More information: www.heliosvoting.org/>

Source: Harvard University

Explore further: Researcher develops method for monitoring whether private information is sufficiently protected

add to favorites email to friend print save as pdf

Related Stories

Up in arms

Jan 28, 2014

In December 2012, when Adam Lanza stormed into the Sandy Hook Elementary School in Newtown, Conn., with a rifle and killed 20 children and six adult staff members, the United States found itself immersed ...

Is smartphone technology the future of US elections?

Sep 12, 2011

With more and more Americans upgrading to smartphones, and as smartphone capabilities continue to improve, even the U.S. government is considering innovative ways to harness this advancing technology. Human factors/ergonomics ...

Precocious US political predictor looks to next venture

Oct 19, 2013

Rock star statistician Nate Silver, who made numbers cool by giving near-perfect predictions of US votes in 2008 and 2012, will soon relaunch his website in a new home, just in time for the next election ...

US Republicans reboot in bid to close 'digital gap'

Mar 18, 2013

As part of an effort to rebound from its 2012 US election defeat, the Republican Party is rebooting its digital strategy to make better use of data, social media and other technology platforms.

Recommended for you

Tackling urban problems with Big Data

20 hours ago

Paul Waddell, a city planning professor at the University of California, Berkeley, with a penchant for conducting research with what he calls his "big urban data," is putting his work to a real-world test ...

Computer-assisted accelerator design

Apr 22, 2014

Stephen Brooks uses his own custom software tool to fire electron beams into a virtual model of proposed accelerator designs for eRHIC. The goal: Keep the cost down and be sure the beams will circulate in ...

User comments : 12

Adjust slider to filter visible comments by rank

Display comments: newest first

x646d63
5 / 5 (1) Mar 05, 2009
Time to vote the proprietary systems out of government, and get this in place.
El_Nose
5 / 5 (3) Mar 05, 2009
--- What if ---

I would love it if on a state level you could give direct feed back to your state senate and house. Give the populous the vote. If you are in favor of it go online anytime in a lets say a week and vote on specific issues that will effect you. State level is much more sensitive to these things.
eyes
5 / 5 (1) Mar 05, 2009
I hope this takes hold, accountable and verifiable will have to our new way forward!
GrayMouser
5 / 5 (1) Mar 05, 2009
What methods were used to validate that the software was formally correct?
Oldfart
1 / 5 (1) Mar 05, 2009
it is not possible to decide, in general, algorithmically whether a given Turing machine will ever halt.........meaning it is not possible to prove the correctness of any given program.
Arikin
5 / 5 (1) Mar 05, 2009
As open source software you can verify if the version used has been modified or tampered with. So before accepting votes the software doing the tallying would be verified.

By the way what turing device are you referring to? The server doing the tallying??? If so I bet that is why only your excel formulas always come out wrong... Your computer is manipulating the symbols you type, in its own unique way :-)
MGraser
not rated yet Mar 06, 2009
This doesn't protect against spoofing. Infected computers would be directed to a fake voting site where they enter in not only their votes, but also personally identifying information. This could be used not only to steal from them, but could be used to cast your own vote under their information.

Also, if something is encrypted, there must be something that can decrypt it, right? And, that software resides somewhere. If it were obtained, or even the software doing the encrypting, the algorithms could be obtained and it could be reversed.

Additionally, it would be even easier to execute voting fraud - if I vote as you before you do, you can't vote at all!

That said, our current systems aren't perfect either. Hopefully this all works out. However, more thought is necessary before implementing such a system. Open-audit voting is a great idea.

Oh, one final thought. With the current system, they could issue you a tracking number as well. You could have a chance to verify online if you so chose and alert someone if it is not correct.
Smellyhat
not rated yet Mar 07, 2009
@Arkin:
it is not possible to decide, in general, algorithmically whether a given Turing machine will ever halt.........meaning it is not possible to prove the correctness of any given program.


I think you misunderstand the information you're trying to relay. Although there is no general method to determine whether any given computation will halt, and thus there is no general method to prove the correctness of any given program, this does NOT mean that it is not possible to prove the correctness of any program. Rather, it means that there are SOME programs which cannot be proven to be correct.
Damon_Hastings
3.5 / 5 (2) Mar 07, 2009
This is a wonderful, near-perfect solution for half the problem of secure voting. It secures voting, but not voter registration.

The most intractable problem in most voting systems is how to guard against fraudulent voter registrations. It's obviously fraudulent when "Daffy Duck" registers to vote -- but most times it's not so obvious.

I just read the relevant section of Adida's paper on Helios, and Helios apparently does not even attempt to address this issue. You provide a list of email addresses to Helios, and there's your voter list. It's up to you to verify that all those addresses are valid (i.e. each goes to a human, and only one address per human.) So Helios is only intended to secure the voting process itself. Verifiable voter registration remains an unsolved, and very difficult, problem.
KBK
1 / 5 (2) Mar 08, 2009
If it involves HARVARD-it is neocon skull & bones, CFR, CIA, etc - originated.

Therefore-untrustworthy in the extreme. Lies, lies, lies, --all lies.

If it involves COMPUTERS and NOT paper-then it is bullshit. Plain and simple. It can and will be doctored.

The only thing missing - is your belief in it working. "Trust us" they say.

Need I say more??????
KBK
2 / 5 (1) Mar 08, 2009
Add in the fact that recently as a week ago, the algorithm that would be needed to crack the most difficult encryption (billions of years of calculations) has been 'found' and would now take............7 seconds.

So..now..how secure is 'secure'?? Hmmm?

My background in this is from Commodore PET and TRS-80 days..with VAX, Pascal, Fortran, C, Cplus, Assembler, etc days. I go back a long way in this stuff. I don't use it anymore-but I know how the hardware works, and how to program it.

Computer systems are NOT secure. Plain and simple.

They are merely difficult for the novice to 'crack'.

Little 'X's scratched on paper by individuals are the ONLY REASONABLY secure system-with checks and balances provided by observers at the counting stations with the video recorded of each count on each ballot.

PERIOD.

This is the future of your country you are talking about.

Don't be foolish enough to trust it to a computer - and the assholes who want yo to do so.

It takes longer to count the vote--but then..you see..the count is REAL and has a real record and trail.

Big difference
Smellyhat
not rated yet Mar 10, 2009
The most intractable problem in most voting systems is how to guard against fraudulent voter registrations. It's obviously fraudulent when "Daffy Duck" registers to vote -- but most times it's not so obvious.


This is untrue. It is not the most intractable problem. Historically, voter suppression has proven to be the most intractable problem. Most U.S. voter registration 'fraud' is the product of error or petty fraudulence on the part of those paid to register voters. These fraudulent registrations MUST BY LAW be submitted by the parties gathering them, whether they say 'Daffy Duck' or not.

There are few historical cases of deliberate voter registration fraud, and it is not a very good strategy for influencing elections. In order for it to work, one must find a 'Daffy Duck' who will actually SHOW UP and VOTE. In pragmatic terms, this would involve transporting THOUSANDS OF PEOPLE who had agreed to participate in a FELONY, somehow without local county election observers noticing. If one can get away with this, one can just as easily stuff the ballot box, because the entire electoral system needs to be in on it.

On the other hand, there are plenty of examples of voter intimidation and suppression. There are examples, as you well know, in your country's recent history. Worldwide, it is a favorite tactic of political parties with thuggish militant wings or sympathizers. It is much harder to stop, and it does not involve a indisputable violation of any technical aspect of the electoral system; thus a claim of legitimacy can be made.

More news stories

Google+ boss leaving the company

The executive credited with bringing the Google+ social network to life is leaving the Internet colossus after playing a key role there for nearly eight years.

Facebook woos journalists with 'FB Newswire'

Facebook launched Thursday FB Newswire, billed as an online trove of real-time information for journalists and newsrooms to mine while reporting on events or crafting stories.

Genetic legacy of rare dwarf trees is widespread

Researchers from Queen Mary University of London have found genetic evidence that one of Britain's native tree species, the dwarf birch found in the Scottish Highlands, was once common in England.