VoteXX: Coercion Resistance for the Real World

David Chaum Bart Preneel, USA COSIC, KU Leuven and imec, Belgium

( Joint work with Richard T. Carback (UMBC PhD 2010), Jeremy Clark, Chao Liu (UMBC), Mahdi Nejadgholi, Alan T.
Sherman (UMBC), Mario Yaksetig (UMBC visiting student 2017), Filip Zagorski, Bingsheng Zhang )

Friday, November 5, 2021
remotely via WebEx:

Recording of Talk.


We solve the most challenging obstacle to casting votes online: “improper influence,” typically defined as vote-buying or voter coercion. This problem has been the greatest barrier to mainstream adoption of online voting systems, whether the voter receives the ballot online or by mail. Our conceptual breakthrough allows each voter, or their trusted associates (which we call “hedgehogs”), to “nullify” (cancel) their vote in a way that is anonymous, unstoppable, and irrevocable. The separate nullification stage requires fewer assumptions than do other approaches, thereby strengthening security and increasing practicality, while simplifying and speeding up registration and vote casting. Though our nullification technology can be readily applied to almost all types of elections for which the tally is publicly auditable online, its benefits are greatest for votes cast beyond polling places, where the threat of improper influence is most acute. It addresses current trends: elections are moving online despite the growing ease by which voters can be paid and coerced electronically. Nullification will help make it prudent to vote online, which is the type of voting advocates have long believed needed for democracy to reach its potential.

We introduce the new approach, give detailed cryptographic protocols realizing it, show how it can be applied to several voting settings, and describe our implementation of it. The protocols compose a full voting system, which we call VoteXX, including registration, voting, nullification, and tally—using the cMix mix network for untraceable communication including vote casting. We demonstrate how the technique can be applied to known systems, including Remotegrity, where ballots can be mailed to voters and voters use codes on the ballot to cast their votes online. We also present progress toward a proof of security in the UC framework. As part of a broader survey of 537 papers on voting technologies, we performed LDA analysis of the 227 papers that discuss coercion-resistance. Because an adversary could coerce a voter not to register or vote, nullification achieves the optimal possible protection against a strong coercer who learns all of the voter’s secrets.
We offer a flexible solution to improper influence using the realistic assumption of an untappable channel between the voter and their hedgehogs.

In VoteXX, each voter has two Diffie-Hellman public-private key pairs, one for “YES” votes, and one for “NO” votes. Without revealing their private keys, each voter registers their public keys with the election authority. Each voter may share their keys with one or more hedgehogs. During nullification, the voter, or one or more of their hedgehogs, can interact with the mix network to nullify a vote by proving knowledge of one of the voter’s private keys via a zero-knowledge proof without revealing the private key. We describe a fully decentralizable implementation of VoteXX, including its public bulletin board, which could be implemented on a blockchain. URL:

About the Speaker:

David Chaum: Widely recognized as the inventor of digital cash, David is currently leading to provide decentralized and scalable cMix with quantum-resistant consensus. He is also known for other fundamental innovations in cryptography, including a range of privacy technologies and secure election systems. With a PhD in computer science from UC Berkeley, he taught at NYU Graduate School of Business and the University of California, led a number of breakthrough projects as well as founded the International Association for Cryptologic Research.
email:, URL:

Bart Preneel is a full professor at the KU Leuven, where he heads the COSIC research group, which has 100 members. He was visiting professor at five universities in Europe. His main research interests are cryptography, information security, and privacy. He has served as president of the IACR (International Association for Cryptologic Research). He received the RSA Award for Excellence in the Field of Mathematics (2014) and is a fellow of the IACR. He frequently consults with industry and government about security and privacy technologies. He was involved in the design of the Belgian e-voting scheme. He is co-founder and board member of the start-up nextAuth.

email:, URL:


Alan T. Sherman,

Upcoming CDL Meetings:

Nov 19, Michael Oehler, What the FLoC

Dec 3, Sherman-Gomez-Bonyadi-Golaszewski, Shadow IT in Higher Ed

Feb 4, Filipo Sharevski


Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681.

The UMBC Cyber Defense Lab meets biweekly Fridays 12-1 pm. All meetings are open to the public.