Protecting Against Privacy Compromise and Ballot Stung

End-to-end voting schemes have been researched significantly over the past two decades and aim to establish voter verifiable elections. Many of these schemes rely on non-deterministic inputs, such as the randomness used in encryption, for several tasks in the voting process. Karlof et al. show that the randomness in a scheme by Ne enables potential malicious subliminal channels. We revist the issue of non-determinism and show that it leads to possible attacks on several end-to-end voting schemes including coercion and ballot stung. In particular, we argue that non-determinism in cryptographic voting schemes is problematic in general. In this paper we present a technique for eliminating non-determinism in cryptographic voting protocols. Our approach provides the voter with a proof of deterministically generated pseudo- randomness. This requires trust in at least one of the political parties. Our method is general and we discuss its application to several existing voting protocols. As such, our constructions provide probabilistic assurance to the voter that her ballot was created deterministically.