# Bibliography on Revote List of e-voting systems and protocols supporting revote. ## [**Electing a University President using Open Audit Voting: Analysis of real-world use of Helios**](https://www.usenix.org/event/evtwote09/tech/full_papers/adida-helios.pdf) * Helios is E2E and trialled in University elections. * Voters were allowed to revote as many times as they wanted with only the last vote counting towards the tally. Around 1% of voters chose to revote. Unclear on exact steps a voter must take to revote. * FH: can you double check? The linked paper only mentions the possibility of revote. Maybe a different paper? * LH: Top of page 9 states "re-voting was authorised: voters were allowed to vote as many times as they wanted, with the last vote being the only one counted and displayed on the web bulletin board". Page 12 line 15 states "Around 1% of voters used the re-voting scheme". (FH: Thanks. That's clear.) ## [**Belenios: a simple private and verifiable electronic voting system**](https://inria.hal.science/hal-02066930/file/article.pdf) / [**Belenios with Cast as Intended**](https://link.springer.com/chapter/10.1007/978-3-031-48806-1_1) / [**Features and usage of Belenios in 2022**](https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://inria.hal.science/hal-03791757/document&ved=2ahUKEwixuO3urI-OAxUgQUEAHQtbC9cQFnoECB4QAQ&usg=AOvVaw2LErPjLvgM16dQx1a-uEib) * Belenios is an E2E online e-voting platform. Cast as intended was added in 2023. * Supports Approval voting and Weighted Approval voting (the latter since 2022). * Supports revote with only the last ballot cast by the voter added to the tally. * Revote in Belenios requires the correspondance between the voter and verification key to be stored. If not, a corrupt registrar and voter could jointly perform a ballot stuffing attack. Enabling revote weakens everlasting privacy guarantees in Belenios. ## [**Civitas: Toward a Secure Voting System**](https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.cs.cornell.edu/andru/papers/civitas-tr.pdf&ved=2ahUKEwiTxaXJwI-OAxVAU0EAHaNkLiUQFnoECB4QAQ&usg=AOvVaw2pX6WW0WGSLYJhZW81Hj_F) * Civitas is an online universally verifiable e-voting system. * Supports Approval voting. * Combines revote with fake credentials. If there is more than one vote per credential, the voter must provide a ZKP to indicate which votes are being replaced. ## [**The peasants are revoting sire, and at random times**](https://hal.science/hal-04650731v1/file/Revoting_random-6.pdf) * EVOTEID 2024 * Describes a method of stochastic revoting for coercion resistance. * Proposes a nondeterministic revoting period where each voter receives a secret, random amount of extension time to cast their revote. Any vote cast after the additional time is discarded. * This makes a game of strategies between the voter, coercer, and election authorities. The coercer wins the game if they cast the vote that is recorded and counted. * Voters are assumed to always cast their vote before the extension if they are not being coerced. Revoting in this paper is considered as a means to address coercion, rather than for voter convenience. ## [**DeVoS: Deniable Yet Verifiable Vote Updating**](https://petsymposium.org/popets/2024/popets-2024-0021.pdf) * PETS 2024 * Proposes a publicly verifiable (not E2E) protocol for online voting. * Provides "deniable vote updating" - the election hides which voters updated their potentially coerced votes during the casting phase and those which did not. * Dummy ballots are periodically added to the bulletin board which are either replaced by the voter or re-encrypted by an authority. * The voter is allowed to revote through the dummy ballots and a coercer cannot distinguish between a revote or the re-encrypted dummy ballots. * Provides practical everlasting privacy. ## [**EVIV: An end-to-end verifiable Internet voting system**](https://repositorio.ipl.pt/bitstreams/e3cc1242-6486-4a2b-83ad-9fe7e00c7a45/download) * Proposes an online E2E voting protocol. * Stated to support revote / vote recasting, though specifics are not given. * Not coercion resistant nor receipt free. A voter can provide their verification code to a coercer. ## [**Individual Verifiability and Revoting in the Estonian Internet Voting System**](https://eprint.iacr.org/2021/1098.pdf) * FC 2022 * Estonian e-voting allows the voter to submit as many ballots as desired. Only the last ballot is included in the tally. * Vote verification displays a voter ID and randomness pair as a QR to the voter. Verification queries a collector service to obtain the ballot and signature pair associated to the ID. An exhaustive search over all choices is performed to find the vote corresponding to the encrypted ballot. The matching choice is displayed to the voter who then checks if it is correct. * Verification provides no information whether a ballot was overwritten. If a voter provides their QR code to a coercer, then it will not inform them of the revote. * There is no feedback channel to the voter that can inform them if a coercer submitted a ballot on their behalf. * There is no way for a voter to know if a verified vote will be tallied. A compromised voting app could crash when a voter casts vote $v$ with ID $id$. A voter could revote for $v$, but the app instead encrypts a vote for $v'$ with ID $id'$. Instead of displaying a QR code for $id'$, the app displays the QR for $id$. Verification scans the QR code and the voter believes they voted for $v$, when in reality the app voted for $v'$. * Attack could be mitigated by adding a feedback channel to voters or allowing the server to only answer verification queries for ballots not replaced by a revote. The second mitigation does not protect against a corrupted app that can capture the voters eID smartcard storing the signing key pair and authentication key for the voter. The app could silently submit a second ballot (ghost click attack). ## [**Thwarting last minute voter coercion**](https://eprint.iacr.org/2023/1876.pdf) * Assumes a voter can be coerced at any point in the election including at the final minute of voting. * Proposes the Loki e-voting system against last minute coercion. * Revotes can happen at any time. * Voting server generates noisy ballots to obfuscate the encrypted ballot for a voter. * When a voter revotes, the voting server challenges them to identify their previously cast ballots. If they cannot, then the voting server casts a noisy ballot in place of the submitted ballot. A coercer cannot tell the difference between a noisy ballot and a revoted ballot. * Seems to not be E2E verifiable. Follows the model in "Election Verifiability for Helios under Weaker Trust Assumptions", Cortier et al., 2014. * Claims Civitas does not have deniable revoting. * Claims VoteAgain does not protect against last minute coercion as it assumes the coerced ballot is not the final one cast. ## [**Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting**](https://www.usenix.org/conference/jets15/workshop-program/presentation/achenbach) * Presents an e-voting proposal for deniable revoting. * Their scheme is compatible with fake credentials at the same time. * Claims Helios is not deniable. Revoting was supported for convenience. Newer ballots substituted older ballots on the bulletin board, so revoting was not deniable. ## [**VoteAgain: A scalable coercion-resistant voting system**](https://www.usenix.org/conference/usenixsecurity20/presentation/lueks) * Proposes a coercion resistant, deniable revoting scheme. * Seems to not be E2E verifiable. Follows the model in "Election Verifiability for Helios under Weaker Trust Assumptions", Cortier et al., 2014. * Voters authenticate to polling authorities using an inalienable authentication to obtain an ephemeral voting token containing voter ID and ballot index. Voters encrypt their choice and send the (all encrypted) vote, voter ID, and ballot index, plus a signature, to the bulletin board. * A tallying server shuffles all cast ballots by the voter, then decrypts the voter IDs and indices, groups the ballots by voter, and sends the ballot with the latest index per voter to the trustees for tallying. * The tallying server inserts a deterministic number of dummy ballots and dummy voters before the shuffling step to hide revoting patterns. Dummy ballots are tagged to not count towards the tally and are discarded before tallying.