Skip to Main Content
The ThreeBallot voting system is an end-to-end voter-verifiable voting system. Each voter fills out three ballots according to a few simple rules and takes a copy of one of them home as a receipt for verification purposes. All ballots are posted on a public bulletin board so that any voter may verify the result. In this paper, we provide the first steps toward investigating the effectiveness of attacks using the voter's receipt and the bulletin board, using a theoretical rather than simulation-based approach. Focusing on two-candidate races, we determine thresholds for when a voter's vote can be reconstructed from their receipt, and when a coercer can effectively verify if a voter followed instructions by looking for prespecified patterns on the bulletin board. Combining these two results allows us to determine safe ballot sizes that resist known attacks. We also generalize a previous observation that an individual receipt can leak information about a voter's choices.