Various electronic and/or digital election protocols exist that provide cryptographic privacy to voters. With many of these election protocols, the voter needs to keep certain types of information secret. An example of such secret information is a voter's private key. These existing election protocols can be problematic, however, if a person threatens, or entices a voter (e.g., financially) to give up the secret information. When this type of coercion occurs, it is possible for the person to either know how the voter voted, or vote on his or her behalf.
Similar problems arise with the use of absentee vote-by-mail systems. For example, a husband might force his wife to vote a certain way. The threat of coercion intensifies in a networked world, where people can “look over each other's shoulders” from thousands of miles away. This threat is serious enough that it is often considered a reason to not allow remote electronic voting.
Under threat models that do not include coercion, the notion of a universally verifiable election is fundamental. In the past, it has been considered important that a “computing device based” election scheme be universally verifiable in order to be considered deployable on a wide scale. During elections of this type, transcripts are published that include the final tally. Under reasonable assumptions about the safety of keys, and the intractability of some computational problems, these transcripts cannot be feasibly forged by any collection of malicious agents. Although it would be desirable to carry this property over to election schemes under the threat of coercion, this may be difficult. Election schemes under the threat of coercion lack certain very basic properties, which have generally been taken for granted in the election protocol literature, and hence may not be practical in a large-scale implementation.