TRIP: Trust-Limited Coercion-Resistant In-Person Voter Registration

Remote electronic voting is convenient and flexible, but presents risks of coercion and vote buying. One promising mitigation strategy enables voters to give a coercer fake voting credentials, which silently cast votes that do not count. However, current proposals make problematic assumptions during credential issuance, such as relying on a trustworthy registrar, on trusted hardware, or on voters interacting with multiple registrars. We present TRIP, the first voter registration scheme that addresses these challenges by leveraging the physical security of in-person interaction. Voters use a kiosk in a privacy booth to print real and fake paper credentials, which appear indistinguishable to others. Voters interact with only one authority, need no trusted hardware during credential issuance, and need not trust the registrar except when actually under coercion. For verifiability, each credential includes an interactive zero-knowledge proof, which is sound in real credentials and unsound in fake credentials. Voters learn the difference by observing the order of printing steps, and need not understand the technical details. We prove formally that TRIP satisfies coercion-resistance and verifiability. In a user study with 150 participants, 83% successfully used TRIP.