The Effectiveness of Receipt-Based Attacks on ThreeBallot

The ThreeBallot voting system is an end-to-end voter-verifiable voting system. Each voter fills out three ballots according to a few simple rules and takes a copy of one of them home as a receipt for verification purposes. All ballots are posted on a public bulletin board so that any voter may verify the result. In this paper, we provide the first steps toward investigating the effectiveness of attacks using the voter´s receipt and the bulletin board, using a theoretical rather than simulation-based approach. Focusing on two-candidate races, we determine thresholds for when a voter´s vote can be reconstructed from their receipt, and when a coercer can effectively verify if a voter followed instructions by looking for prespecified patterns on the bulletin board. Combining these two results allows us to determine safe ballot sizes that resist known attacks. We also generalize a previous observation that an individual receipt can leak information about a voter´s choices.