Computer scientists deploy first practical, Web-based, secure, verifiable voting system

March 5, 2009

Computer scientists affiliated with the Center for Research on Computation and Society (CRCS), based at the Harvard School of Engineering and Applied Sciences (SEAS), in collaboration with scientists at the Université Catholique de Louvain (UCL) in Belgium, deployed the first practical, web-based implementation of a secure, verifiable voting system for the presidential election held at UCL earlier this week.

Called Helios, the system was developed by Ben Adida, a fellow at CRCS and an instructor/researcher at the Children's Hospital Informatics Program, Harvard Medical School. Professors Jean-Jacques Quisquater and Olivier Pereira and Ph.D. student Olivier de Marneffe at UCL worked closely with the UCL Election Commission to integrate Helios into the University's infrastructure, implement UCL's custom weighted tallying system, and optimize the verification tools for the election size.

"Helios allows any participant to verify that their ballot was correctly captured, and any observer to verify that all captured ballots were correctly tallied," said Adida. "We call this open-audit voting because the complete auditing process is now available to any observer. This revolutionary approach to elections has been described in the literature for more than 25 years, yet this is the first real-world open-audit election of this magnitude and impact of outcome."

The verifiable voting system, available as open-source/free software, implements advanced cryptographic techniques to maintain ballot secrecy while providing a mathematical proof that the election tally was correctly computed.

Helios relies upon public key homomorphic encryption, a method where a public key is used to encrypt a message (in this case, a vote); messages can be combined under the covers of encryption (in this case, tallying the votes); and multiple independent private keys are required to decrypt the message (in this case, the election tally).

In an election, Helios works as follows:

• first, each voter receives a tracking number for his/her vote and the vote is encrypted with the election public key before it leaves the voter's browser;

• second, with the tracking number, a voter can then verify that their ballot was correctly captured by the voting system, which publishes a list of all tracking numbers prior to tallying; and

• finally, the voter, or any observer including election watchers from outside the election, can verify that these tracking numbers (the encrypted votes) were tallied appropriately. The election results contain a mathematical proof of the tally that cannot be "faked" even with the use of powerful computers.

"Because the tallying happens under the covers of encryption, the entire verification process is done without revealing the contents of each individual vote," explained Adida "Moreover, by using Helios, voters no longer need to blindly trust those supervising the election, as officials must provide mathematical proofs that everything was done appropriately."

The system was first tested in smaller elections throughout 2008 and then, in early February 2009, on a population of 3,000 voters at UCL in anticipation presidential election held during the first week of March. The UCL Presidential election was available to 25,000 eligible voters, of which 5,400 registered and 4,000 cast a ballot.

More information:>

Source: Harvard University

Explore further: Gangs, states and 'geeks' behind Canada cyberattacks: minister

Related Stories

Kenya shows pitfalls of digital elections

September 7, 2017

Allegations of computer hacking in Kenya's August 8 election have reignited a debate around the use of digital technology in national votes, with experts wondering whether sticking to paper may be best.

Key Democrats line up behind Sanders health care bill

September 14, 2017

Former US presidential hopeful Bernie Sanders on Wednesday introduced a revolutionary plan for government-sponsored health care, a proposal that has gained traction among rising-star Democrats.

Recommended for you

Volvo to supply Uber with self-driving cars (Update)

November 20, 2017

Swedish carmaker Volvo Cars said Monday it has signed an agreement to supply "tens of thousands" of self-driving cars to Uber, as the ride-sharing company battles a number of different controversies.


Adjust slider to filter visible comments by rank

Display comments: newest first

5 / 5 (1) Mar 05, 2009
Time to vote the proprietary systems out of government, and get this in place.
5 / 5 (3) Mar 05, 2009
--- What if ---

I would love it if on a state level you could give direct feed back to your state senate and house. Give the populous the vote. If you are in favor of it go online anytime in a lets say a week and vote on specific issues that will effect you. State level is much more sensitive to these things.
5 / 5 (1) Mar 05, 2009
I hope this takes hold, accountable and verifiable will have to our new way forward!
5 / 5 (1) Mar 05, 2009
What methods were used to validate that the software was formally correct?
1 / 5 (1) Mar 05, 2009
it is not possible to decide, in general, algorithmically whether a given Turing machine will ever halt.........meaning it is not possible to prove the correctness of any given program.
5 / 5 (1) Mar 05, 2009
As open source software you can verify if the version used has been modified or tampered with. So before accepting votes the software doing the tallying would be verified.

By the way what turing device are you referring to? The server doing the tallying??? If so I bet that is why only your excel formulas always come out wrong... Your computer is manipulating the symbols you type, in its own unique way :-)
not rated yet Mar 06, 2009
This doesn't protect against spoofing. Infected computers would be directed to a fake voting site where they enter in not only their votes, but also personally identifying information. This could be used not only to steal from them, but could be used to cast your own vote under their information.

Also, if something is encrypted, there must be something that can decrypt it, right? And, that software resides somewhere. If it were obtained, or even the software doing the encrypting, the algorithms could be obtained and it could be reversed.

Additionally, it would be even easier to execute voting fraud - if I vote as you before you do, you can't vote at all!

That said, our current systems aren't perfect either. Hopefully this all works out. However, more thought is necessary before implementing such a system. Open-audit voting is a great idea.

Oh, one final thought. With the current system, they could issue you a tracking number as well. You could have a chance to verify online if you so chose and alert someone if it is not correct.
not rated yet Mar 07, 2009
it is not possible to decide, in general, algorithmically whether a given Turing machine will ever halt.........meaning it is not possible to prove the correctness of any given program.

I think you misunderstand the information you're trying to relay. Although there is no general method to determine whether any given computation will halt, and thus there is no general method to prove the correctness of any given program, this does NOT mean that it is not possible to prove the correctness of any program. Rather, it means that there are SOME programs which cannot be proven to be correct.
3.5 / 5 (2) Mar 07, 2009
This is a wonderful, near-perfect solution for half the problem of secure voting. It secures voting, but not voter registration.

The most intractable problem in most voting systems is how to guard against fraudulent voter registrations. It's obviously fraudulent when "Daffy Duck" registers to vote -- but most times it's not so obvious.

I just read the relevant section of Adida's paper on Helios, and Helios apparently does not even attempt to address this issue. You provide a list of email addresses to Helios, and there's your voter list. It's up to you to verify that all those addresses are valid (i.e. each goes to a human, and only one address per human.) So Helios is only intended to secure the voting process itself. Verifiable voter registration remains an unsolved, and very difficult, problem.
1 / 5 (2) Mar 08, 2009
If it involves HARVARD-it is neocon skull & bones, CFR, CIA, etc - originated.

Therefore-untrustworthy in the extreme. Lies, lies, lies, --all lies.

If it involves COMPUTERS and NOT paper-then it is bullshit. Plain and simple. It can and will be doctored.

The only thing missing - is your belief in it working. "Trust us" they say.

Need I say more??????
2 / 5 (1) Mar 08, 2009
Add in the fact that recently as a week ago, the algorithm that would be needed to crack the most difficult encryption (billions of years of calculations) has been 'found' and would now take............7 seconds. secure is 'secure'?? Hmmm?

My background in this is from Commodore PET and TRS-80 days..with VAX, Pascal, Fortran, C, Cplus, Assembler, etc days. I go back a long way in this stuff. I don't use it anymore-but I know how the hardware works, and how to program it.

Computer systems are NOT secure. Plain and simple.

They are merely difficult for the novice to 'crack'.

Little 'X's scratched on paper by individuals are the ONLY REASONABLY secure system-with checks and balances provided by observers at the counting stations with the video recorded of each count on each ballot.


This is the future of your country you are talking about.

Don't be foolish enough to trust it to a computer - and the assholes who want yo to do so.

It takes longer to count the vote--but see..the count is REAL and has a real record and trail.

Big difference
not rated yet Mar 10, 2009
The most intractable problem in most voting systems is how to guard against fraudulent voter registrations. It's obviously fraudulent when "Daffy Duck" registers to vote -- but most times it's not so obvious.

This is untrue. It is not the most intractable problem. Historically, voter suppression has proven to be the most intractable problem. Most U.S. voter registration 'fraud' is the product of error or petty fraudulence on the part of those paid to register voters. These fraudulent registrations MUST BY LAW be submitted by the parties gathering them, whether they say 'Daffy Duck' or not.

There are few historical cases of deliberate voter registration fraud, and it is not a very good strategy for influencing elections. In order for it to work, one must find a 'Daffy Duck' who will actually SHOW UP and VOTE. In pragmatic terms, this would involve transporting THOUSANDS OF PEOPLE who had agreed to participate in a FELONY, somehow without local county election observers noticing. If one can get away with this, one can just as easily stuff the ballot box, because the entire electoral system needs to be in on it.

On the other hand, there are plenty of examples of voter intimidation and suppression. There are examples, as you well know, in your country's recent history. Worldwide, it is a favorite tactic of political parties with thuggish militant wings or sympathizers. It is much harder to stop, and it does not involve a indisputable violation of any technical aspect of the electoral system; thus a claim of legitimacy can be made.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.