On the Security of Ballot Receipts in E2E Voting Systems
In IAVoSS Workshop on Trustworthy Elections (WOTE), 2007
Jeremy Clark, Aleksander Essex, and Carlisle Adams
Abstract. This paper examines and compares the security of ballot receipts in three end-to-end auditable (E2E) voting systems: Pret a Voter, Punchscan, and Three-Ballot. Ballot receipts should have two properties: from a privacy perspective, they should provide no information as to how the ballot was cast, and from an integrity perspective, they should provide no information that would assist an adversary in tampering with the tallying process. We find that Pret a Voter and Punchscan have similar security properties with respect to ballot receipts, and provide no non-negligible information on the receipt itself that could compromise privacy or security (assuming the underlying cryptography is secure). However we show that ThreeBallot receipts leak partial information that is useful for compromising voter privacy and the integrity of the tally.
Get PDF Get