A direct recording electronic (DRE) voting machine must satisfy several requirements to ensure voter privacy and the integrity of the election. A recent proposal for a vote storage system due to Molnar et al. provides tamper-evidence properties while maintaining voter privacy by storing ballots on a programmable, read-only memory (PROM). We achieve the same properties and protect against additional threats of memory replacement through cryptographic techniques, without the use of special hardware. Our approach is based on a new cryptographic primitive called HistoryHiding Append-Only Signatures.