Attacking Paper-Based E2E Voting Systems

  • John Kelsey
  • Andrew Regenscheid
  • Tal Moran
  • David Chaum
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6000)


In this paper, we develop methods for constructing vote-buying/coercion attacks on end-to-end voting systems, and describe vote-buying/coercion attacks on three proposed end-to-end voting systems: Punchscan, Prêt-à-voter, and ThreeBallot. We also demonstrate a different attack on Punchscan, which could permit corrupt election officials to change votes without detection in some cases. Additionally, we consider some generic attacks on end-to-end voting systems.


Vote System Vote Scheme Bulletin Board Vote Protocol Bottom Sheet 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Norden, L.: The machinery of democracy: Protecting elections in an electronic world. Technical report, Brennan Center Task Force on Voting System Security (October 2006),
  2. 2.
    NIST: Threats to voting systems workshop (2005),
  3. 3.
    California Secretary of State: Top-to-bottom review (2007),
  4. 4.
    Neff, C.A.: Practical high certainty intent verification for encrypted votes. VoteHere (2004),
  5. 5.
    Adida, B., Neff, C.A.: Ballot casting assurance. In: EVT 2006: Proceedings of the USENIX/Accurate Electronic Voting Technology Workshop 2006 on Electronic Voting Technology Workshop, Berkeley, CA, USA, p. 7. USENIX Association (2006)Google Scholar
  6. 6.
    Popoveniuc, S., Hosp, B.: An introduction to Punchscan. In: Proceedings of Workshop on Trustworthy Elections (WOTE) (2006)Google Scholar
  7. 7.
    Fisher, K., Carback, R., Sherman, A.: Punchscan: Introduction and system definition of a high-integrity election system. In: Proceedings of Workshop on Trustworthy Elections (WOTE) (2006)Google Scholar
  8. 8.
    Rivest, R.: The ThreeBallot voting system. MIT (2006),
  9. 9.
    Adida, B., Rivest, R.L.: Scratch & Vote: Self-contained paper-based cryptographic voting. In: WPES 2006: Proceedings of the 5th ACM workshop on Privacy in electronic society, pp. 29–40. ACM Press, New York (2006)CrossRefGoogle Scholar
  10. 10.
    Chaum, D.L.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2), 84–90 (1981)CrossRefGoogle Scholar
  11. 11.
    Cohen, J.D., Fischer, M.J.: A robust and verifiable cryptographically secure election scheme. In: Proc. 26th IEEE Symp. on Foundations of Comp. Science, Portland, pp. 372–382. IEEE, Los Alamitos (1985)Google Scholar
  12. 12.
    Fujioka, A., Okamoto, T., Ohta, K.: A practical secret voting scheme for large scale elections. In: Zheng, Y., Seberry, J. (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 244–251. Springer, Heidelberg (1993)Google Scholar
  13. 13.
    The Center for Responsive Politics: Opensecrets,
  14. 14.
    Kelsey, J.: Strategies for software attacks on voting machines. In: Threats to Voting Systems Workshop (2005),
  15. 15.
    Chaum, D., Ryan, P.Y.A., Schneider, S.: A practical voter-verifiable election scheme. In: di Vimercati, S.d.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 118–139. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  16. 16.
    Rivest, R., Smith, W.: Three voting protocols: ThreeBallot, VAV and Twin. In: Proceedings of USENIX/ACCURATE Electronic Voting Technology Workshop (EVT) (2007)Google Scholar
  17. 17.
    Strauss, C.: The trouble with triples: A critical review of the triple ballot (3ballot) scheme. part 1. Verified Voting New Mexico (2006),
  18. 18.
    Strauss, C.: A critical review of the triple ballot voting system. part 2: Cracking the triple ballot encryption. draft version 1.5. Verified Voting New Mexico (2006)
  19. 19.
    Clark, J., Essex, A., Adams, C.: On the security of ballot receipts in e2e voting systems. In: Proceedings of Workshop on Trustworthy Elections (WOTE) (2007)Google Scholar
  20. 20.
    Moran, T., Naor, M.: Split-ballot voting: Everlasting privacy with distributed trust. In: Proceedings of Workshop on Trustworthy Elections (WOTE) (2007)Google Scholar
  21. 21.
    Essex, A., Clark, J., Carback, R., Popoveniuc, S.: The Punchscan voting system: Vocomp competition submission (2007),
  22. 22.
    Moran, T., Naor, M.: Polling with physical envelopes: A rigorous analysis of a human-centric protocol. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 88–108. Springer, Heidelberg (2006)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • John Kelsey
    • 1
  • Andrew Regenscheid
    • 1
  • Tal Moran
    • 2
  • David Chaum
    • 3
  1. 1.National Institute of Standards and Technology 
  2. 2.Harvard SEAS Institute of Science 
  3. 3.No Institute Given 

Personalised recommendations