Scalable Coercion-Resistant E-Voting under Weaker Trust Assumptions

Electronic voting (e-voting) is regularly used in many countries and organizations for legally binding elections. In order to conduct such elections securely, numerous e-voting systems have been proposed over the last few decades. Notably, some of these systems were designed to provide coercion-resistance. This property protects against potential adversaries trying to swing an election by coercing voters.

Despite the multitude of existing coercion-resistant e-voting systems, to date, only few of them can handle large-scale Internet elections efficiently. One of these systems, VoteAgain (USENIX Security 2020), was originally claimed secure under similar trust assumptions to state-of-the-art e-voting systems without coercion-resistance.

In this work, we review VoteAgain's security properties. We discover that, unlike originally claimed, VoteAgain is no more secure than a trivial voting system with a completely trusted election authority. In order to mitigate this issue, we propose a variant of VoteAgain which effectively mitigates trust on the election authorities and, at the same time, preserves VoteAgain's usability and efficiency.

Altogether, our findings bring the state of science one step closer to the goal of scalable coercion-resistant e-voting being secure under reasonable trust assumptions.