Cryptology ePrint Archive: Report 2020/1406

How not to VoteAgain: Pitfalls of Scalable Coercion-Resistant E-Voting

Thomas Haines and Johannes Mueller

Abstract: Secure electronic voting is a relatively trivial exercise if a single authority can be completely trusted. In contrast, the construction of efficient and usable schemes which provide strong security without strong trust assumptions is still an open problem, particularly in the remote setting. Coercion-resistance is one of, if not the hardest property to add to a verifiable e-voting system. Numerous secure e-voting systems have been designed to provide coercion-resistance. One of these systems is VoteAgain (Usenix Security 2020) whose security we revisit in this work.

We discovered several pitfalls that break the security properties of VoteAgain in threat scenarios for which it was claimed secure. The most critical consequence of our findings is that there exists a voting authority in VoteAgain which needs to be trusted for all security properties. This means that VoteAgain is as (in)secure as a trivial voting system with a single and completely trusted voting authority. We argue that this problem is intrinsic to VoteAgain's design and could thus only be resolved, if possible, by fundamental modifications.

We hope that our work will ensure that VoteAgain is not employed for real elections in its current form. Further, we highlight subtle security pitfalls to avoid on the path towards more efficient, usable, and reasonably secure coercion-resistant e-voting. To this end, we conclude the paper by describing the open problems which need to be solved to make VoteAgain's approach secure.

Category / Keywords: cryptographic protocols / voting, coercion-resistance, verifiability, privacy

Date: received 12 Nov 2020, last revised 30 Apr 2021

Contact author: johannes mueller at uni lu

Available format(s): PDF | BibTeX Citation

Version: 20210430:085853 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]