# Risk-Limiting Tallies

**Authors:** Wojciech Jamroga, Peter B. Roenne, Peter Y. A. Ryan, Philip, B. Stark

arXiv: 1908.04947 · 2019-08-15

## TL;DR

This paper introduces a novel tallying approach inspired by risk-limiting audits to enhance privacy and coercion resistance in end-to-end verifiable voting schemes, especially in extreme or targeted vote distributions.

## Contribution

It adapts risk-limiting audit principles to tallying, improving coercion resistance and privacy in voting schemes like Selene, including partial vote tracker disclosure.

## Key findings

- Counteracts coercion in extreme tallies and signature attacks
- Enhances privacy by shrouding certain votes from public tally
- Extends to risk-limiting verification with partial vote tracker disclosure

## Abstract

Many voter-verifiable, coercion-resistant schemes have been proposed, but even the most carefully designed systems necessarily leak information via the announced result. In corner cases, this may be problematic. For example, if all the votes go to one candidate then all vote privacy evaporates. The mere possibility of candidates getting no or few votes could have implications for security in practice: if a coercer demands that a voter cast a vote for such an unpopular candidate, then the voter may feel obliged to obey, even if she is confident that the voting system satisfies the standard coercion resistance definitions. With complex ballots, there may also be a danger of "Italian" style (aka "signature") attacks: the coercer demands the voter cast a ballot with a specific, identifying pattern. Here we propose an approach to tallying end-to-end verifiable schemes that avoids revealing all the votes but still achieves whatever confidence level in the announced result is desired. Now a coerced voter can claim that the required vote must be amongst those that remained shrouded. Our approach is based on the well-established notion of Risk-Limiting Audits, but here applied to the tally rather than to the audit. We show that this approach counters coercion threats arising in extreme tallies and "Italian" attacks. We illustrate our approach by applying it to the Selene scheme, and we extend the approach to Risk-Limiting Verification, where not all vote trackers are revealed, thereby enhancing the coercion mitigation properties of Selene.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1908.04947/full.md

## References

27 references — full list in the complete paper: https://tomesphere.com/paper/1908.04947/full.md

---
Source: https://tomesphere.com/paper/1908.04947