Remote electronic voting is convenient and flexible, but presents risks of coercion and vote buying. One promising mitigation strategy enables voters to give a coercer fake voting credentials, which silently cast votes that do not count. However, current proposals make problematic assumptions during credential issuance, such as relying on a trustworthy registrar, on trusted hardware, or on voters interacting with multiple registrars. We present TRIP, the first voter registration scheme that addresses these challenges by leveraging the physical security of in-person interaction. Voters use a kiosk in a privacy booth to print real and fake paper credentials, which appear indistinguishable to others. Voters interact with only one authority, need no trusted hardware during credential issuance, and need not trust the registrar except when actually under coercion. For verifiability, each credential includes an interactive zero-knowledge proof, which is sound in real credentials and unsound in fake credentials. Voters learn the difference by observing the order of printing steps, and need not understand the technical details. We prove formally that TRIP satisfies coercion-resistance and verifiability. In a user study with 150 participants, 83% successfully used TRIP.

翻译：远程电子投票便捷灵活，但存在胁迫和买票风险。一种有希望的缓解策略允许选民向胁迫者提供伪造投票凭证，这些凭证会无声地投出不具效力的票。然而，现有方案在凭证签发过程中存在有问题的假设，例如依赖可信的登记官、可信硬件或选民与多个登记官交互。我们提出TRIP，这是首个通过利用面对面交互的物理安全性来应对这些挑战的选民登记方案。选民使用隐私亭中的自助机打印真实和伪造的纸质凭证，这些凭证对他人而言外观无区别。选民仅与单一机构交互，凭证签发时无需可信硬件，且仅在实际受到胁迫时才需信任登记官。为保障可验证性，每个凭证包含交互式零知识证明，该证明在真实凭证中有效，在伪造凭证中无效。选民通过观察打印步骤的顺序来辨别差异，且无需理解技术细节。我们形式化证明TRIP满足抗胁迫性和可验证性。在150名参与者参与的用户研究中，83%成功使用了TRIP。