Helios Voting

Last updated
Helios Voting
Helios Voting Logo.png
Type of site
 Open-source voting system
Founder(s) Ben Adida
URL https://heliosvoting.org/
Written in JavaScript, HTML, python
server
Repository
Written inPython
License Apache License 2.0 [1]
Website vote.heliosvoting.org   OOjs UI icon edit-ltr-progressive.svg
client
Repository
Written inJavaScript
License GNU GPL 3+ [2]
Website vote.heliosvoting.org   OOjs UI icon edit-ltr-progressive.svg

Helios Voting is an open-source, web-based electronic voting system. Users can vote in elections and users can create elections. Anyone can cast a ballot; however, for the final vote to be counted, the voter's identification must be verified. Helios uses homomorphic encryption to ensure ballot secrecy. [3]

Contents

It was created by Ben Adida, a software engineer involved in other projects such as Creative Commons and Mozilla Persona. [4] [5] [6]

Characteristic

Helios allows registered users to create elections. Each account requires an email address, name, and a password. The registered user can then create an election by specifying a name and time period. The user who created the election is known as the administrator of the election. [7] Once an election is created, Helios provides a public key to the administrator. The administrator prepares the ballot and creates a voter roll—these can be edited at any time before voting starts. The administrator freezes the election when the election is ready for voters to cast ballots. When the election is frozen, no changes can be made to the ballot, voter roll, or election time frame. [7]

Source code

The front-end browser code is written in both JavaScript and HTML, while the back-end server code is written in Python. [8] The Ballot Preparation System (BPS) guides voters through the ballot and records their choices. [7] [9] The process to create the ballot and process the votes is based on Benaloh's Simple Verifiable Voting Protocol. [10] [7]

Both frontend and backend are free software. The backend is released under the Apache 2.0 license. [11] The frontend is released under the GNU GPL v3+. [12]

Voting process

A voter, from the voting roll created by the administrator, receives an email with the voter's username, a random password for that specific election, a URL to the voting booth, and an SHA-1 hash of the election parameters. The voter follows the link in the email and begins the voting process. Once the voter finishes and has reviewed the ballot, the voter seals the ballot which triggers Helios to encrypt it and display a ciphertext. [7]

At this point the voter can either audit or cast the ballot. Auditing the ballot allows the voter to verify that the ciphertext is correct. Once ballot auditing is complete, that ballot is discarded (to provided some protection against vote-buying and coercion) and a new ballot is constructed. When the voter is ready to cast their ballot, they must provide their login information. [7] [13] Helios authenticates the voter's identity and the ballot is cast. All votes are posted to a public online bulletin board which displays either a voter name or a voter ID number with the encrypted vote. [7]

Tallying process

After an election ended, the Helios 1.0 system shuffled the ballots,[ dubious discuss ] decrypted all the votes, and made the shuffle publicly accessible for interested parties to audit. [4] Auditing allowed anyone to verify that the shuffle is correct. Once a reasonable amount of time for auditing had passed, Helios decrypted the ballots and tallied the votes. Anyone could download the election data to verify that the shuffle, decryptions, and tally were correct. [7] Helios 2.0, designed in 2008 and currently in use, abandoned the shuffling and switched to a homomorphic encryption scheme proposed by Cramer, Gennaro and Schoenmakers. [14]

System limitations

The Helios platform is intended to be utilized in low-coercive, small scale environments such as university student governments. The following limitations are known.

Privacy

  • The centralized server must be trusted not to violate ballot secrecy, [7] this limitation can be mitigated against by distributing trust amongst several stakeholders.
  • Coercion and vote-buying are only ensured when material used to construct ballots (more precisely, nonces) are unknown to voters, e.g., when trusted devices are used to construct ballots. [7] [15]

Verifiability

  • The ballot auditing/reconstruction device must be trusted to ensure successful ballot auditing (also known as cast-as-intended verifiability), [7] [16] this limitation can be mitigated against by distributing auditing checks amongst several devices, only one of which must be trusted.

Security

History

Adoption

Since 2009 the Universite Catholique de Louvain used Helios to elect its university president (of around 25,000 eligible voters, some 5,000 registered and 4,000 voted). [17] In the same year also the Princeton University adopted it to elect student governments.[ citation needed ]

Since 2010, the International Association for Cryptographic Research has used Helios annually to elect board members. [19] [20]

In 2014 the Association for Computing Machinery used Helios for their general election. [21]

During the Covid-19 containment measures in Malaysia (2020-2022), the Tamil Language Society & Hindu Society of University of Malaya, conducted their Executive Council Elections through Helios.[ citation needed ]

Related Research Articles

A voting machine is a machine used to record votes in an election without paper. The first voting machines were mechanical but it is increasingly more common to use electronic voting machines. Traditionally, a voting machine has been defined by its mechanism, and whether the system tallies votes at each voting location, or centrally. Voting machines should not be confused with tabulating machines, which count votes done by paper ballot.

Electronic voting is voting that uses electronic means to either aid or take care of casting and counting ballots.

Electoral fraud, sometimes referred to as election manipulation, voter fraud, or vote rigging, involves illegal interference with the process of an election, either by increasing the vote share of a favored candidate, depressing the vote share of rival candidates, or both. It differs from but often goes hand-in-hand with voter suppression. What exactly constitutes electoral fraud varies from country to country, though the goal is often election subversion.

<span class="mw-page-title-main">Help America Vote Act</span>

The Help America Vote Act of 2002, or HAVA, is a United States federal law which passed in the House 357-48 and 92–2 in the Senate and was signed into law by President Bush on October 29, 2002. The bill was drafted in reaction to the controversy surrounding the 2000 U.S. presidential election, when almost two million ballots were disqualified because they registered multiple votes or no votes when run through vote-counting machines.

<span class="mw-page-title-main">Secret ballot</span> Anonymous voting method

The secret ballot, also known as the Australian ballot, is a voting method in which a voter's identity in an election or a referendum is anonymous. This forestalls attempts to influence the voter by intimidation, blackmailing, and potential vote buying. This system is one means of achieving the goal of political privacy.

<span class="mw-page-title-main">Electronic voting in India</span> Component of Indian electoral system

Electronic voting is the standard means of conducting elections using Electronic Voting Machines (EVMs) in India. The system was developed and tested by the state-owned Electronics Corporation of India and Bharat Electronics in the 1990s. They were introduced in Indian elections between 1998 and 2001, in a phased manner. Prior to the introduction of electronic voting, India used paper ballots and manual counting. The paper ballots method was widely criticised because of fraudulent voting and booth capturing, where party loyalists captured booths and stuffed them with pre-filled fake ballots. The printed paper ballots were also more expensive, requiring substantial post-voting resources to count hundreds of millions of individual ballots. Embedded EVM features such as "electronically limiting the rate of casting votes to five per minute", a security "lock-close" feature, an electronic database of "voting signatures and thumb impressions" to confirm the identity of the voter, conducting elections in phases over several weeks while deploying extensive security personnel at each booth have helped reduce electoral fraud and abuse, eliminate booth capturing and create more competitive and fairer elections. Indian EVMs are stand-alone machines built with Write once read many memory. The EVMs are produced with secure manufacturing practices, and by design, are self-contained, battery-powered and lack any networking capability. They do not have any wireless or wired internet components and interface. The M3 version of the EVMs includes the VVPAT system.

<span class="mw-page-title-main">Polling station</span> Place where voters cast their ballots in elections

A polling place is where voters cast their ballots in elections. The phrase polling station is also used in American English and British English, although polling place is the building and polling station is the specific room where voters cast their votes. A polling place can contain one or more polling stations. In Australian English, "polling place" is used.

An absentee ballot is a vote cast by someone who is unable or unwilling to attend the official polling station to which the voter is normally allocated. Methods include voting at a different location, postal voting, proxy voting and online voting. Increasing the ease of access to absentee ballots is seen by many as one way to improve voter turnout through convenience voting, though some countries require that a valid reason, such as infirmity or travel, be given before a voter can participate in an absentee ballot. Early voting overlaps with absentee voting. Early voting includes votes cast before the official election day(s), by mail, online or in-person at voting centers which are open for the purpose. Some places call early in-person voting a form of "absentee" voting, since voters are absent from the polling place on election day.

Voter verifiable paper audit trail (VVPAT) or verified paper record (VPR) is a method of providing feedback to voters using a ballotless voting system. A VVPAT is intended as an independent verification system for voting machines designed to allow voters to verify that their vote was cast correctly, to detect possible election fraud or malfunction, and to provide a means to audit the stored electronic results. It contains the name of the candidate and symbol of the party/individual candidate. While it has gained in use in the United States compared with ballotless voting systems without it, it looks unlikely to overtake hand-marked ballots.

India has a parliamentary system as defined by its constitution, with power distributed between the central government and the states. India is the largest democracy in the world.

Electronic voting in Estonia gained popularity in 2001 with the "e-minded" coalition government. In 2005, it became the first nation to hold legally binding general elections over the Internet with their pilot project for municipal elections. Estonian election officials declared the electronic voting system a success and found that it withstood the test of real-world use.

Punchscan is an optical scan vote counting system invented by cryptographer David Chaum. Punchscan is designed to offer integrity, privacy, and transparency. The system is voter-verifiable, provides an end-to-end (E2E) audit mechanism, and issues a ballot receipt to each voter. The system won grand prize at the 2007 University Voting Systems Competition.

End-to-end auditable or end-to-end voter verifiable (E2E) systems are voting systems with stringent integrity properties and strong tamper resistance. E2E systems often employ cryptographic methods to craft receipts that allow voters to verify that their votes were counted as cast, without revealing which candidates were voted for. As such, these systems are sometimes referred to as receipt-based systems.

The Voluntary Voting System Guidelines (VVSG) are guidelines adopted by the United States Election Assistance Commission (EAC) for the certification of voting systems. The National Institute of Standards and Technology's Technical Guidelines Development Committee (TGDC) drafts the VVSG and gives them to the EAC in draft form for their adoption.

Scantegrity is a security enhancement for optical scan voting systems, providing such systems with end-to-end (E2E) verifiability of election results. It uses confirmation codes to allow a voter to prove to themselves that their ballot is included unmodified in the final tally. The codes are privacy-preserving and offer no proof of which candidate a voter voted for. Receipts can be safely shown without compromising ballot secrecy.

Bingo voting is an electronic voting scheme for transparent, secure, end-to-end auditable elections. It was introduced in 2007 by Jens-Matthias Bohli, Jörn Müller-Quade, and Stefan Röhrich at the Institute of Cryptography and Security (IKS) of the Karlsruhe Institute of Technology (KIT).

Totaliser is a proposed mechanism in the voting machines in India to hide the booth-wise voting patterns. A totaliser allows the votes cast in about 14 polling booths to be counted together. At present, the votes are tallied booth by booth.

The Verified Voting Foundation is a non-governmental, nonpartisan organization founded in 2004 by David L. Dill, a computer scientist from Stanford University, focused on how technology impacts the administration of US elections. The organization’s mission is to “strengthen democracy for all voters by promoting the responsible use of technology in elections.” Verified Voting works with election officials, elected leaders, and other policymakers who are responsible for managing local and state election systems to mitigate the risks associated with novel voting technologies.

Civic technology is technology that enables engagement and participation, or enhances the relationship between the people and government, by enhancing citizen communications and public decision, improving government delivery of services and infrastructure. This comparison of civic technology platforms compares platforms that are designed to improve citizen participation in governance, distinguished from technology that directly deals with government infrastructure.

Voatz is a for-profit, private mobile Internet voting application. The stated mission of Voatz is to "make voting not only more accessible and secure, but also more transparent, auditable and accountable." The company is headquartered in Boston, Massachusetts.

References

  1. "Helios Election System". October 22, 2021 via GitHub.
  2. "benadida/helios-booth". July 23, 2021. Archived from the original on June 11, 2018. Retrieved September 25, 2018 via GitHub.
  3. Cortier, Veronique; Smyth, Ben. "Attacking and fixing Helios: An analysis of ballot secrecy" . Retrieved 2018-03-15.
  4. 1 2 3 Kwon, Soonhak; Yun, Aaram (2016-03-09). Information Security and Cryptology - ICISC 2015: 18th International Conference, Seoul, South Korea, November 25-27, 2015, Revised Selected Papers. Springer. pp. 195, 199. ISBN   9783319308401. Archived from the original on 2021-10-22. Retrieved 2021-10-22.
  5. Hao, Feng; Ryan, Peter Y. A. (2016-11-30). Real-World Electronic Voting: Design, Analysis and Deployment. CRC Press. p. 355. ISBN   9781498714716. Archived from the original on 2021-10-22. Retrieved 2021-10-22.
  6. "Spread Persona". Archived from the original on 2021-02-26. Retrieved 2020-05-18.
  7. 1 2 3 4 5 6 7 8 9 10 11 Adida, Ben. "Helios: Web-based Open-Audit Voting" (PDF). Archived (PDF) from the original on 2017-08-13. Retrieved 2018-03-15.
  8. Backes, Michael; Hammer, Christian; Pfaff, David; Skoruppa, Malte (2016). "Implementation-level analysis of the JavaScript helios voting client". Proceedings of the 31st Annual ACM Symposium on Applied Computing. pp. 2071–2078. doi:10.1145/2851613.2851800. ISBN   9781450337397. S2CID   6234446. Archived from the original on 2021-10-22. Retrieved 2018-03-15.
  9. Thomson, Iain (June 16, 2017). "Worried about election hacking? There's a technology fix – Helios". The Register . Archived from the original on 2018-04-26. Retrieved 2018-04-25.
  10. Karayumak, Faith; Kauer, Michaela; Olembo, Maina M.; Volk, Tobias; Volkamer, Melanie (2011). "User study of the improved Helios voting system interfaces". 2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST). pp. 37–44. doi:10.1109/STAST.2011.6059254. ISBN   978-1-4577-1183-1. S2CID   14652825.
  11. "helios-server/LICENSE". GitHub . Archived from the original on 2021-10-22. Retrieved 2021-05-18.
  12. "benadida/helios-booth: the independent voting booth for Helios". GitHub.
  13. Greenberg, Andy. "For the Next Election, Don't Recount the Vote. Encrypt It". WIRED. Retrieved 2018-04-25.
  14. Cramer, Ronald; Gennaro, Rosario; Schoenmakers, Berry (1997). "A Secure and Optimally Efficient Multi-Authority Election Scheme". In Fumy, Walter (ed.). Advances in Cryptology — EUROCRYPT '97. Lecture Notes in Computer Science. Vol. 1233. Berlin, Heidelberg: Springer. pp. 103–118. doi: 10.1007/3-540-69053-0_9 . ISBN   978-3-540-69053-5.
  15. Smyth, Ben. "Ballot secrecy: Security definition, sufficient conditions, and analysis of Helios". Archived from the original on 2021-10-22. Retrieved 2019-11-06.
  16. Adida, Ben. "Helios Documentation: Attacks and Defenses". Archived from the original on 2019-11-06. Retrieved 2019-11-06.
  17. 1 2 3 Adida, Ben; Marneffe, Olivier de; Pereira, Olivier; Quisquater, Jean-Jacques. "Electing a University President using Open-Audit Voting:Analysis of real-world use of Helios" (PDF). Archived (PDF) from the original on 2017-08-13. Retrieved 2018-03-15.
  18. "Fix XSS described in Backes 2016 #300". GitHub . Retrieved 2022-09-25.
  19. "Final Report of IACR Electronic Voting Committee". Archived from the original on 2019-11-06. Retrieved 2019-11-06.
  20. "The Helios e-Voting Demo for the IACR" (PDF). Archived (PDF) from the original on 2021-02-24. Retrieved 2019-11-06.
  21. "ACM's 2014 General Election: Please Take This Opportunity to Vote". Communications of the ACM. 57 (5): 9–17. doi: 10.1145/2597769 .
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.