John M. Kelsey, Andrew R. Regenscheid, Tal Moran, David Chaum
In this paper, we develop methods for constructing vote-buying/coercion attacks on end-to-end voting systems, and describe vote-buying/coercion attacks on three end-to-end voting systems: Punchscan, Pret-a-Voter, and Threeballot. We also demonstrate a different attack on Punchscan, which could permit corrupt election officials to change votes without detection in some cases. Additionally, we consider some generic attacks on end-to-end voting systems.
Towards Trustworthy Elections: New Directions in Electronic Voting