On the Security of Ballot Receipts in E2E Voting Systems

In IAVoSS Workshop on Trustworthy Elections (WOTE), 2007

Jeremy Clark, Aleksander Essex, and Carlisle Adams

Abstract. This paper examines and compares the security of ballot receipts in three end-to-end auditable (E2E) voting systems: Pret a Voter, Punchscan, and Three-Ballot. Ballot receipts should have two properties: from a privacy perspective, they should provide no information as to how the ballot was cast, and from an integrity perspective, they should provide no information that would assist an adversary in tampering with the tallying process. We find that Pret a Voter and Punchscan have similar security properties with respect to ballot receipts, and provide no non-negligible information on the receipt itself that could compromise privacy or security (assuming the underlying cryptography is secure). However we show that ThreeBallot receipts leak partial information that is useful for compromising voter privacy and the integrity of the tally.

 Get PDF  Get
Aleksander Essex ©2012-2017