Paper 2022/430

Is the JCJ voting system really coercion-resistant?

Véronique Cortier, Pierrick Gaudry, and Quentin Yang


Coercion-resistance is a security property of electronic voting, often considered as a must-have for high-stake elections. The JCJ voting scheme, proposed in 2005 by Juels, Catalon and Jakobsson, is still the reference paradigm when designing a coercion-resistant protocol. We highlight a weakness in JCJ that is also present in all the systems following its general structure. This comes from the procedure that precedes the tally, where the trustees remove the ballots that should not be counted. This phase leaks more information than necessary, leading to potential threats for the coerced voters. Fixing this leads to the notion of cleansing-hiding, that we apply to form a variant of JCJ that we call CHide. One reason for the problem not being seen before is the fact that the associated formal definition of coercion-resistance was too weak. We therefore propose a definition that can take into accounts more behaviors such as revoting or the addition of fake ballots by authorities. We then prove that CHide is coercion-resistant for this definition, and that JCJ is coercion-resistant for a slightly weakened version of our definition, that models the leakage of information in JCJ.

Available format(s)
Cryptographic protocols
Publication info
Preprint. MINOR revision.
election schemes
Contact author(s)
pierrick gaudry @ loria fr
2022-04-06: received
Short URL
Creative Commons Attribution


      author = {Véronique Cortier and Pierrick Gaudry and Quentin Yang},
      title = {Is the JCJ voting system really coercion-resistant?},
      howpublished = {Cryptology ePrint Archive, Paper 2022/430},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.