@InProceedings{RS07,
  author = 	 { Ronald L. Rivest and Warren D. Smith },
  title = 	 { Three Voting Protocols: {ThreeBallot}, {VAV}, and {Twin} },
  url =          { http://www.usenix.org/events/evt07/tech/full_papers/rivest/rivest.pdf },
  urla =         { <a href="http://www.usenix.org/events/evt07/evt07.html">EVT'07</a> },                  
  booktitle =    { Proceedings of the 2007 USENIX/ACCURATE Electronic Voting Technology Workshop },
  date =         { 2007 },                  
  editor = 	 { Ray Martinez and David Wagner },
  publisher =    { USENIX },
  OPTyear = 	 { 2007 },
  OPTmonth = 	 { August 5--6, },
  eventdate =    { 2007-08-05/2007-08-06 },                  
  eventtitle =   { EVT '07 },
  venue =        { Boston, Massachusetts },                  
  OPTnote = 	 { (Proceedings on-line only.) },
  abstract =     {
        We present three new paper-based voting methods
        with interesting security properties. Our goal is to
        achieve the same security properties as recently proposed
        cryptographic voting protocols, but using only
        paper ballots and no cryptography. From a security
        viewpoint we get reasonably close, particularly for
        short ballots. However, our proposals should probably
        be considered as more ``academic'' than ``practical.''
        \par                  
        In these proposals, not only can each voter verify
        that her vote is recorded as intended, but she gets a
        ``receipt'' she can take home that can be used later
        to verify that her vote is actually included in the final
        tally. But her receipt does not allow her to prove
        to anyone else how she voted. All ballots cast are
        scanned and published in plaintext on a ``public bulletin
        board'' (web site), so anyone may correctly compute
        the election result.
        \par                  
        In ThreeBallot, each voter casts three paper ballots,
        with certain restrictions on how they may be
        filled out. These paper ballots are of course ``voter-verifiable.''
        \par                  
        A voter receives a copy of one of her ballots as her
        ``receipt'', which she may take home. Only the voter
        knows which ballot she copied for her receipt. The
        voter is unable to use her receipt to prove how she
        voted or to sell her vote, as the receipt doesn't reveal
        how she voted.
        \par                  
        A voter can check that the web site contains a ballot
        matching her receipt. Deletion or modification
        of ballots is thus detectable; so the integrity of the
        election is verifiable.
        \par                  
        VAV is like ThreeBallot, except that the ballot-marking
        rules are different: one ballot may ``cancel''
        another (VAV = Vote/Anti-Vote/Vote). VAV is better
        suited to --- i.e. yields better security properties
        for --- Plurality and preference (Borda, Condorcet,
        IRV) voting, while ThreeBallot is better suited for
        Approval and Range voting.
        \par
        Finally, we introduce ``Floating Receipts,'' wherein
        voters may take home a copy of \emph{another voter's} ballot.
        (She doesn't know whose ballot, though.) Floating
        Receipts are well-tuned to the security requirements
        of ThreeBallot-like schemes, and we examine
        protocols for achieving them.
        \par
        Our final voting system, Twin, is based almost entirely
        on Floating Receipts. Each voter casts a single
        ballot and takes home a single receipt. Twin is quite
        simple and close to being practical.                  
                 },
}