Threshold Receipt-Free Single-Pass eVoting

In 2001, Hirt proposed a receipt-free voting scheme, which
prevents malicious voters from proving to anybody how they voted, under
the assumption of the availability of a helping server that is trusted for
receipt-freeness, and only for that property. This appealing design led to
a number of subsequent works that made this approach non-interactive
and more efficient. Still, in all of these works, receipt-freeness depends
on the honesty of one single server.
In order to remove this single point of failure, we design a new model in
which multiple helping servers are available and propose a new security
definition called threshold receipt-freeness. Our definition requires that
receipt-freeness should be guaranteed even if some of the helping servers
happen to be fully malicious and ensures that voters can express their
votes even if the corrupted servers choose the content of their local view
of the ballots.
Eventually, we propose a generic construction of a single-pass verifiable
voting system achieving threshold receipt freenes with a mixnet-based
tallying process. Our ballot submission process relies on the recently
designed traceable receipt-free encryption primitive.