Computer scientists deploy first practical, Web-based, secure, verifiable voting system

March 5, 2009,

Computer scientists affiliated with the Center for Research on Computation and Society (CRCS), based at the Harvard School of Engineering and Applied Sciences (SEAS), in collaboration with scientists at the Université Catholique de Louvain (UCL) in Belgium, deployed the first practical, web-based implementation of a secure, verifiable voting system for the presidential election held at UCL earlier this week.

Called Helios, the system was developed by Ben Adida, a fellow at CRCS and an instructor/researcher at the Children's Hospital Informatics Program, Harvard Medical School. Professors Jean-Jacques Quisquater and Olivier Pereira and Ph.D. student Olivier de Marneffe at UCL worked closely with the UCL Election Commission to integrate Helios into the University's infrastructure, implement UCL's custom weighted tallying system, and optimize the verification tools for the election size.

"Helios allows any participant to verify that their ballot was correctly captured, and any observer to verify that all captured ballots were correctly tallied," said Adida. "We call this open-audit voting because the complete auditing process is now available to any observer. This revolutionary approach to elections has been described in the literature for more than 25 years, yet this is the first real-world open-audit election of this magnitude and impact of outcome."

The verifiable voting system, available as open-source/free software, implements advanced cryptographic techniques to maintain ballot secrecy while providing a mathematical proof that the election tally was correctly computed.

Helios relies upon public key homomorphic encryption, a method where a public key is used to encrypt a message (in this case, a vote); messages can be combined under the covers of encryption (in this case, tallying the votes); and multiple independent private keys are required to decrypt the message (in this case, the election tally).

In an election, Helios works as follows:

• first, each voter receives a tracking number for his/her vote and the vote is encrypted with the election public key before it leaves the voter's browser;

• second, with the tracking number, a voter can then verify that their ballot was correctly captured by the voting system, which publishes a list of all tracking numbers prior to tallying; and

• finally, the voter, or any observer including election watchers from outside the election, can verify that these tracking numbers (the encrypted votes) were tallied appropriately. The election results contain a mathematical proof of the tally that cannot be "faked" even with the use of powerful computers.

"Because the tallying happens under the covers of encryption, the entire verification process is done without revealing the contents of each individual vote," explained Adida "Moreover, by using Helios, voters no longer need to blindly trust those supervising the election, as officials must provide mathematical proofs that everything was done appropriately."

The system was first tested in smaller elections throughout 2008 and then, in early February 2009, on a population of 3,000 voters at UCL in anticipation presidential election held during the first week of March. The UCL Presidential election was available to 25,000 eligible voters, of which 5,400 registered and 4,000 cast a ballot.

More information:>

Source: Harvard University

Explore further: Tool for nonstatisticians automatically generates models that glean insights from complex datasets

Related Stories

Recommended for you

Coffee-based colloids for direct solar absorption

March 22, 2019

Solar energy is one of the most promising resources to help reduce fossil fuel consumption and mitigate greenhouse gas emissions to power a sustainable future. Devices presently in use to convert solar energy into thermal ...

Paleontologists report world's biggest Tyrannosaurus rex

March 22, 2019

University of Alberta paleontologists have just reported the world's biggest Tyrannosaurus rex and the largest dinosaur skeleton ever found in Canada. The 13-metre-long T. rex, nicknamed "Scotty," lived in prehistoric Saskatchewan ...


Adjust slider to filter visible comments by rank

Display comments: newest first

5 / 5 (1) Mar 05, 2009
Time to vote the proprietary systems out of government, and get this in place.
5 / 5 (3) Mar 05, 2009
--- What if ---

I would love it if on a state level you could give direct feed back to your state senate and house. Give the populous the vote. If you are in favor of it go online anytime in a lets say a week and vote on specific issues that will effect you. State level is much more sensitive to these things.
5 / 5 (1) Mar 05, 2009
What methods were used to validate that the software was formally correct?
1 / 5 (1) Mar 05, 2009
it is not possible to decide, in general, algorithmically whether a given Turing machine will ever halt.........meaning it is not possible to prove the correctness of any given program.
not rated yet Mar 07, 2009
it is not possible to decide, in general, algorithmically whether a given Turing machine will ever halt.........meaning it is not possible to prove the correctness of any given program.

I think you misunderstand the information you're trying to relay. Although there is no general method to determine whether any given computation will halt, and thus there is no general method to prove the correctness of any given program, this does NOT mean that it is not possible to prove the correctness of any program. Rather, it means that there are SOME programs which cannot be proven to be correct.
3.5 / 5 (2) Mar 07, 2009
This is a wonderful, near-perfect solution for half the problem of secure voting. It secures voting, but not voter registration.

The most intractable problem in most voting systems is how to guard against fraudulent voter registrations. It's obviously fraudulent when "Daffy Duck" registers to vote -- but most times it's not so obvious.

I just read the relevant section of Adida's paper on Helios, and Helios apparently does not even attempt to address this issue. You provide a list of email addresses to Helios, and there's your voter list. It's up to you to verify that all those addresses are valid (i.e. each goes to a human, and only one address per human.) So Helios is only intended to secure the voting process itself. Verifiable voter registration remains an unsolved, and very difficult, problem.
1 / 5 (2) Mar 08, 2009
If it involves HARVARD-it is neocon skull & bones, CFR, CIA, etc - originated.

Therefore-untrustworthy in the extreme. Lies, lies, lies, --all lies.

If it involves COMPUTERS and NOT paper-then it is bullshit. Plain and simple. It can and will be doctored.

The only thing missing - is your belief in it working. "Trust us" they say.

Need I say more??????
2 / 5 (1) Mar 08, 2009
Add in the fact that recently as a week ago, the algorithm that would be needed to crack the most difficult encryption (billions of years of calculations) has been 'found' and would now take............7 seconds. secure is 'secure'?? Hmmm?

My background in this is from Commodore PET and TRS-80 days..with VAX, Pascal, Fortran, C, Cplus, Assembler, etc days. I go back a long way in this stuff. I don't use it anymore-but I know how the hardware works, and how to program it.

Computer systems are NOT secure. Plain and simple.

They are merely difficult for the novice to 'crack'.

Little 'X's scratched on paper by individuals are the ONLY REASONABLY secure system-with checks and balances provided by observers at the counting stations with the video recorded of each count on each ballot.


This is the future of your country you are talking about.

Don't be foolish enough to trust it to a computer - and the assholes who want yo to do so.

It takes longer to count the vote--but see..the count is REAL and has a real record and trail.

Big difference
not rated yet Mar 10, 2009
The most intractable problem in most voting systems is how to guard against fraudulent voter registrations. It's obviously fraudulent when "Daffy Duck" registers to vote -- but most times it's not so obvious.

This is untrue. It is not the most intractable problem. Historically, voter suppression has proven to be the most intractable problem. Most U.S. voter registration 'fraud' is the product of error or petty fraudulence on the part of those paid to register voters. These fraudulent registrations MUST BY LAW be submitted by the parties gathering them, whether they say 'Daffy Duck' or not.

There are few historical cases of deliberate voter registration fraud, and it is not a very good strategy for influencing elections. In order for it to work, one must find a 'Daffy Duck' who will actually SHOW UP and VOTE. In pragmatic terms, this would involve transporting THOUSANDS OF PEOPLE who had agreed to participate in a FELONY, somehow without local county election observers noticing. If one can get away with this, one can just as easily stuff the ballot box, because the entire electoral system needs to be in on it.

On the other hand, there are plenty of examples of voter intimidation and suppression. There are examples, as you well know, in your country's recent history. Worldwide, it is a favorite tactic of political parties with thuggish militant wings or sympathizers. It is much harder to stop, and it does not involve a indisputable violation of any technical aspect of the electoral system; thus a claim of legitimacy can be made.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.