Helios Voting
Type of site | Open-source voting system |
---|---|
Founder(s) | Ben Adida |
URL | https://heliosvoting.org/ |
Written in | JavaScript, HTML, python |
Repository | |
---|---|
Written in | Python |
License | Apache License 2.0 [1] |
Website | vote |
Repository | |
---|---|
Written in | JavaScript |
License | GNU GPL 3+ [2] |
Website | vote |
Helios Voting is an open-source, web-based electronic voting system. Users can vote in elections and users can create elections. Anyone can cast a ballot; however, for the final vote to be counted, the voter's identification must be verified. Helios uses homomorphic encryption to ensure ballot secrecy.[3]
It was created by Ben Adida, a software engineer involved in other projects such as Creative Commons and Mozilla Persona.[4][5][6]
Characteristic
[edit]Helios allows registered users to create elections. Each account requires an email address, name, and a password. The registered user can then create an election by specifying a name and time period. The user who created the election is known as the administrator of the election.[7] Once an election is created, Helios provides a public key to the administrator. The administrator prepares the ballot and creates a voter roll—these can be edited at any time before voting starts. The administrator freezes the election when the election is ready for voters to cast ballots. When the election is frozen, no changes can be made to the ballot, voter roll, or election time frame.[7]
Source code
[edit]The front-end browser code is written in both JavaScript and HTML, while the back-end server code is written in Python.[8] The Ballot Preparation System (BPS) guides voters through the ballot and records their choices.[7][9] The process to create the ballot and process the votes is based on Benaloh's Simple Verifiable Voting Protocol.[10][7]
Both frontend and backend are free software. The backend is released under the Apache 2.0 license.[11] The frontend is released under the GNU GPL v3+.[12]
Voting process
[edit]A voter, from the voting roll created by the administrator, receives an email with the voter's username, a random password for that specific election, a URL to the voting booth, and an SHA-1 hash of the election parameters. The voter follows the link in the email and begins the voting process. Once the voter finishes and has reviewed the ballot, the voter seals the ballot which triggers Helios to encrypt it and display a ciphertext.[7]
At this point the voter can either audit or cast the ballot. Auditing the ballot allows the voter to verify that the ciphertext is correct. Once ballot auditing is complete, that ballot is discarded (to provided some protection against vote-buying and coercion) and a new ballot is constructed. When the voter is ready to cast their ballot, they must provide their login information.[7][13] Helios authenticates the voter's identity and the ballot is cast. All votes are posted to a public online bulletin board which displays either a voter name or a voter ID number with the encrypted vote.[7]
Tallying process
[edit]After an election ended, the Helios 1.0 system shuffled the ballots,[dubious – discuss] decrypted all the votes, and made the shuffle publicly accessible for interested parties to audit.[4] Auditing allowed anyone to verify that the shuffle is correct. Once a reasonable amount of time for auditing had passed, Helios decrypted the ballots and tallied the votes. Anyone could download the election data to verify that the shuffle, decryptions, and tally were correct.[7] Helios 2.0, designed in 2008 and currently in use, abandoned the shuffling and switched to a homomorphic encryption scheme proposed by Cramer, Gennaro and Schoenmakers.[14]
System limitations
[edit]The Helios platform is intended to be utilized in low-coercive, small scale environments such as university student governments. The following limitations are known.
Privacy
[edit]- The centralized server must be trusted not to violate ballot secrecy,[7] this limitation can be mitigated against by distributing trust amongst several stakeholders.
- Coercion and vote-buying are only ensured when material used to construct ballots (more precisely, nonces) are unknown to voters, e.g., when trusted devices are used to construct ballots.[7][15]
Verifiability
[edit]- The ballot auditing/reconstruction device must be trusted to ensure successful ballot auditing (also known as cast-as-intended verifiability),[7][16] this limitation can be mitigated against by distributing auditing checks amongst several devices, only one of which must be trusted.
Security
[edit]- In 2010 researchers identified a ballot secrecy vulnerability.[17]
- In 2011 and 2016 researchers identified cross-site scripting vulnerabilities. The first endangers sessions of administrators and was promptly patched.[17] For the second, if the attacker is able to get a voter to click a specially crafted link, the voter will land on a modified HELIOS page which can violate ballot secrecy or manipulate votes.[4] However, as of 2021 the vulnerability could not be recreated.[18]
History
[edit]Adoption
[edit]Since 2009 the Universite Catholique de Louvain used Helios to elect its university president (of around 25,000 eligible voters, some 5,000 registered and 4,000 voted).[17] In the same year also the Princeton University adopted it to elect student governments.[citation needed]
Since 2010, the International Association for Cryptographic Research has used Helios annually to elect board members.[19][20]
In 2014 the Association for Computing Machinery used Helios for their general election.[21]
During the Covid-19 containment measures in Malaysia (2020-2022), the Tamil Language Society & Hindu Society of University of Malaya, conducted their Executive Council Elections through Helios.[citation needed]
See also
[edit]- VotingWorks - another open-source voting organization founded by Ben Adida
References
[edit]- ^ "Helios Election System". October 22, 2021 – via GitHub.
- ^ "benadida/helios-booth". July 23, 2021. Archived from the original on June 11, 2018. Retrieved September 25, 2018 – via GitHub.
- ^ Cortier, Veronique; Smyth, Ben. "Attacking and fixing Helios: An analysis of ballot secrecy". Retrieved 2018-03-15.
- ^ a b c Kwon, Soonhak; Yun, Aaram (2016-03-09). Information Security and Cryptology - ICISC 2015: 18th International Conference, Seoul, South Korea, November 25-27, 2015, Revised Selected Papers. Springer. pp. 195, 199. ISBN 9783319308401. Archived from the original on 2021-10-22. Retrieved 2021-10-22.
- ^ Hao, Feng; Ryan, Peter Y. A. (2016-11-30). Real-World Electronic Voting: Design, Analysis and Deployment. CRC Press. p. 355. ISBN 9781498714716. Archived from the original on 2021-10-22. Retrieved 2021-10-22.
- ^ "Spread Persona". Archived from the original on 2021-02-26. Retrieved 2020-05-18.
- ^ a b c d e f g h i j k Adida, Ben. "Helios: Web-based Open-Audit Voting" (PDF). Archived (PDF) from the original on 2017-08-13. Retrieved 2018-03-15.
- ^ Backes, Michael; Hammer, Christian; Pfaff, David; Skoruppa, Malte (2016). "Implementation-level analysis of the JavaScript helios voting client". Proceedings of the 31st Annual ACM Symposium on Applied Computing. pp. 2071–2078. doi:10.1145/2851613.2851800. ISBN 9781450337397. S2CID 6234446. Archived from the original on 2021-10-22. Retrieved 2018-03-15.
- ^ Thomson, Iain (June 16, 2017). "Worried about election hacking? There's a technology fix – Helios". The Register. Archived from the original on 2018-04-26. Retrieved 2018-04-25.
- ^ Karayumak, Faith; Kauer, Michaela; Olembo, Maina M.; Volk, Tobias; Volkamer, Melanie (2011). "User study of the improved Helios voting system interfaces". 2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST). pp. 37–44. doi:10.1109/STAST.2011.6059254. ISBN 978-1-4577-1183-1. S2CID 14652825.
- ^ "helios-server/LICENSE". GitHub. Archived from the original on 2021-10-22. Retrieved 2021-05-18.
- ^ "benadida/helios-booth: the independent voting booth for Helios". GitHub.
- ^ Greenberg, Andy. "For the Next Election, Don't Recount the Vote. Encrypt It". WIRED. Retrieved 2018-04-25.
- ^ Cramer, Ronald; Gennaro, Rosario; Schoenmakers, Berry (1997). "A Secure and Optimally Efficient Multi-Authority Election Scheme". In Fumy, Walter (ed.). Advances in Cryptology — EUROCRYPT '97. Lecture Notes in Computer Science. Vol. 1233. Berlin, Heidelberg: Springer. pp. 103–118. doi:10.1007/3-540-69053-0_9. ISBN 978-3-540-69053-5.
- ^ Smyth, Ben. "Ballot secrecy: Security definition, sufficient conditions, and analysis of Helios". Archived from the original on 2021-10-22. Retrieved 2019-11-06.
- ^ Adida, Ben. "Helios Documentation: Attacks and Defenses". Archived from the original on 2019-11-06. Retrieved 2019-11-06.
- ^ a b c Adida, Ben; Marneffe, Olivier de; Pereira, Olivier; Quisquater, Jean-Jacques. "Electing a University President using Open-Audit Voting:Analysis of real-world use of Helios" (PDF). Archived (PDF) from the original on 2017-08-13. Retrieved 2018-03-15.
- ^ "Fix XSS described in Backes 2016 #300". GitHub. Retrieved 2022-09-25.
- ^ "Final Report of IACR Electronic Voting Committee". Archived from the original on 2019-11-06. Retrieved 2019-11-06.
- ^ "The Helios e-Voting Demo for the IACR" (PDF). Archived (PDF) from the original on 2021-02-24. Retrieved 2019-11-06.
- ^ "ACM's 2014 General Election: Please Take This Opportunity to Vote". Communications of the ACM. 57 (5): 9–17. doi:10.1145/2597769.