Helios is an open-source system from Ben Adida and a small community of developers that was built in coordination with Josh Benaloh. The core feature that Helios advertises is verifiability.
Helios elections are fully verifiable. This means that the system is designed to provide proofs of integrity at each step in the election process. Ideally, a Helios election could be conducted with little trust in the voters, the machines, or even elected officials.
The structure of Helios resembled Benaloh's vision of distributed voting systems, where separate machines handle ballot generation, booth functions, and auditing or casting.
Helios offers end-to-end verifiable elections, providing several features in which users can contest the validity of both individual ballots and election results to achieve its central goal of public auditability. Voters are extremely encouraged to use these features to be convinced of two properties which should be satisfied in all end-to-end verifiable voting systems:
(1) Individual verifiability: individual voters gain personal assurance that their own votes are correctly captured.
(2) Universal verifiability: that anyone can verify that all captured votes were properly tallied.
Another key aspect of verifiability is that voters can receive a receipt that they have been convinced matches their vote. All votes are public once cast, although they are in encrypted form. This means that each choice is visible, but looks random. A voter can check that their receipt matches the hash attributed to them on the public ballot tracking page, but cannot prove that they voted for a specific candidate. Previously, receipts caused a problem with this, since a voter could be forced to reveal who they voted for using a receipt.
Ensuring that voters are convinced that their hash-receipts faithfully correspond to their votes before they finish voting allows us to have both receipts and coercion resistance.
One important note here is that Helios can be used in fixed installations like a regular EVM, or like we have set it up as a website. When voters use their own devices we lose coercion resistance and some degree of overall security.
Anyone can add up the responses (which are still encrypted) and produce an encrypted tally. Anyone can inspect all ballots and check that the public encrypted tally is correct
On the administration side, multiple trustees oversee the election and prevent individuals from changing settings, removing votes or voters, or adding new voters. These trustees should be selected from all local stakeholders so that they will identify and refuse to certify incorrect decryptions.
Helios embodies many goals of EVMs that appear throughout our research, since the appearance of the system is easy to update and modify, it’s free to use, and it provides the verifiability features previously mentioned.