Abstract

Prior verifiable secret-ballot election protocols all suffer from a common defect which renders them unsuitable for practical use: they allow voters to (if they wish) carry away from the protocol receipts which can be used to prove to others how they voted. This simple defect enables vote buying and coercion which are impractical in current physical election systems due to the “plausible deniability” offered by a voting booth. This defect is embedded, not only within prior election protocols, but within all of the more general protocols for collective computation of a public function from private inputs. This paper presents the first verifiable secret-ballot election protocols in which participants are unable to prove to others how they voted.