This study addresses critical security limitations in the Loki e-voting protocol, which lacks pre-shared keys and consequently fails to resist last-minute coercion attacks. Through formal security analysis and a novel coercion attack model, this work reveals—for the first time—a fundamental vulnerability inherent in protocols that omit pre-shared keys when aiming for coercion resistance. The analysis identifies two key weaknesses in Loki, demonstrating that pre-shared keys are essential for achieving genuine coercion-resistant voting. Furthermore, the research generalizes the attack model into a broader theoretical framework and elucidates an intrinsic trade-off between security guarantees and tallying efficiency. These findings provide foundational insights for the design of high-assurance electronic voting systems requiring robust coercion resistance.

Coercion-resistance (CR) is a crucial security property in e-voting systems. It ensures that an attacker cannot compel a voter to vote in a specific way by using threats or rewards. The Loki e-voting protocol, proposed by Giustolisi \emph{et al.} at IEEE S\&P (2024), introduces a novel design that mitigates last-minute coercion through a re-voting mechanism. It also aims to address the usability issues of the seminal JCJ e-voting protocol, specifically: i) the requirement that voters can store and hide pre-agreed credentials, and ii) the ability of voters to convincingly lie while being coerced. In this work, we identify two vulnerabilities in Loki. The first is a brute-force attack that compromises the integrity of the evasion strategy. Specifically, this attack allows an adversary to cast a ballot on behalf of their victim in a way that the evasion strategy cannot defend against, rendering it ineffective. The second vulnerability is a forced abstention attack, which allows an adversary to detect when their victim has complied with their instruction not to vote. We generalise the integrity attack to reveal a fundamental dilemma: without pre-agreed secret credentials, it is not possible to prevent last-minute coercion. Finally, we show how reverting to pre-agreed secret credentials fixes the aforementioned vulnerabilities and discuss the trade-off between tallying efficiency and stronger trust assumptions.