Paper 2010/502

Proving Coercion-Resistance of Scantegrity II

Ralf Kuesters, Tomasz Truderung, and Andreas Vogt


By now, many voting protocols have been proposed that, among others, are designed to achieve coercion-resistance, i.e., resistance to vote buying and voter coercion. Scantegrity II is among the most prominent and successful such protocols in that it has been used in several elections. However, almost none of the modern voting protocols used in practice, including Scantegrity II, has undergone a rigorous cryptographic analysis. In this paper, we prove that Scantegrity II enjoys an optimal level of coercion-resistance, i.e., the same level of coercion-resistance as an ideal voting protocol (which merely reveals the outcome of the election), except for so-called forced abstention attacks. This result is obtained under the (necessary) assumption that the workstation used in the protocol is honest. Our analysis is based on a rigorous cryptographic definition of coercion-resistance we recently proposed. We argue that this definition is in fact the only existing cryptographic definition of coercion-resistance suitable for analyzing Scantegrity II. Our case study should encourage and facilitate rigorous cryptographic analysis of coercion-resistance also for other voting protocols used in practice.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
E-VotingCoercion-ResistanceProtocol Analysis
Contact author(s)
vogt @ uni-trier de
2010-10-01: received
Short URL
Creative Commons Attribution


      author = {Ralf Kuesters and Tomasz Truderung and Andreas Vogt},
      title = {Proving Coercion-Resistance of Scantegrity {II}},
      howpublished = {Cryptology ePrint Archive, Paper 2010/502},
      year = {2010},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.