Yeah. They've been around for decades. Applied Cryptography gives them (excellent book; highly entertaining, yet reasonably mathematical). The gist of it is that:
- Everyone can verify who voted (so number of votes equals number of voters)
- Everyone can verify their individual vote was correctly and uniquely counted
- All votes are released under unique, anonymous identifiers, so anyone can recount all votes
- However, no one can verify anyone else's vote individually
It's pretty awesome! I've watched with gradual shock and horror as voting machines came out and seemed almost designed for riggable elections.
Right on. Voting systems must have integrity but also voter anonymity. To quote Schneier:
> If we could do away with anonymity — if everyone could check that their vote was counted correctly — then it would be easy to secure the vote. But that would lead to other problems. Before the US had the secret ballot, voter coercion and vote-buying were widespread.
Suprisingly enough, the strongest fear is not so much "pressuring people to vote for X" but "having a black market of people getting paid to vote for Y".
... and I can lie and show you the vote of someone who voted the same as your orders, unless you following me to the polls (in which case, you might as well hide a pinhole camera in my button).
I've seen this before. Do you remember the name of the algorithm?
The question I've had with this is whether you can prove who you voted for. If you can, you can sell your vote and prove tongue buyer that you voted correctly.
It's complex. The scheme I saw in Applied Cryptography would in abstract permit vote selling, but not simple vote selling -- you'd need pretty complex security between the buyer and seller.
If you're trying to buy my vote, and I'm trying to sell it, I could give you my unique anonymous number, and you could verify my votes. But I could also vote a different way, lie, and give you someone else's unique number, and you'd have no way to know.
You could ask for a special ballot too, where, for example, I vote a particular pattern (yes/no/no/yes/yes/no), to encode things, ideally picking ones that aren't likely to come up in practice, or other complex schemes, but these generally have work-arounds.
At the end of the day, though, it'd be cheaper and easier for you to require me to wear a pinhole camera to vote, do a mail-in, or otherwise. Plus, we had open voting for much of history, and it worked okay. If we went back to the risk of illegal vote selling versus the risk of wholesale election fraud, I'd take the former which seems like the lesser of two evils (and much easier to police too).
How would this work in practice? Voters post to a publicly accessible append-only database from a personally owned computer? Can this be implemented on paper ballots?
I'm not sure it's relevant. Paper ballots can't be hacked on a national scale. I trust my local election commission. And even modest fraud can be managed; if someone wins with 45% of the vote, we've changed an outcome, but the democratic check-and-balance remains.
The problem is closed, proprietary, secretive, touchscreen voting machines. For all we know, Biden won Texas. Or perhaps everyone wrote in Putin as a joke write-in. We just don't know.
For how this works in practice, Applied Cryptography has a nice, readable explanation.
- Everyone can verify who voted (so number of votes equals number of voters)
- Everyone can verify their individual vote was correctly and uniquely counted
- All votes are released under unique, anonymous identifiers, so anyone can recount all votes
- However, no one can verify anyone else's vote individually
It's pretty awesome! I've watched with gradual shock and horror as voting machines came out and seemed almost designed for riggable elections.