[DJBunnies]

I believe the piece we're missing is the government (citizen?) service which issues (manages, replaces, revokes) constituents' cryptographic tokens for use with such things.

Then our voting systems could be electronic, secure, open, verifiable, and mostly private; assuming effective oversight / this organization does not issue fraudulent tokens or leak keys or identities (big assumption, but I don't think it's impossible.)

[kaashif]

Isn't a vote being verifiably tied to a person actually a bad thing? Then you can actually check what e.g. your wife or kids voted for and punish them if they vote wrong. Or get people to pay for votes, but doing that at scale is obviously hard.

Maybe this isn't what you meant by verifiable, but there are systems with this property and they are bad.

[dandelany]

The property you are talking about is generally called "deniability" in the literature, whereas the GP is talking "verifiability" ie. being able to verify your own vote is cast correctly. They are both valuable, sometimes mutually exclusive, but not necessarily, see eg. https://petsymposium.org/popets/2024/popets-2024-0021.pdf

[DJBunnies]

Verifiable in this context means I can verify my vote was tallied correctly.

[BurningFrog]

That would also mean someone could force you to show who/what you voted for.

[crazygringo]

No, because they have no idea what your true ballot ID was.

They can force you to show them a ballot, the idea is that all ballot ID's get made public. You could be showing them anybody's and they'll never have any way of knowing.

[JanisErdmanis]

It seems you mean something simailar to Selene voting system where a tally board is published containing tracker vote pairs. Each voter can decrypt their tracker once the voting phase closes to check the vote and also means to fake the decryption for claiming another other tracker from the tally board as yours.

[dghlsakjg]

Not necessarily. In Colorado they handle this by putting the ballot in a blind envelope inside a trackable envelope. I can verify the details of the receipt of that trackable envelope to the tallying center where it is verified as untampered and opened under video with multiple people present. The unmarked envelope is added to all the rest of the ballots to be counted.

[kaashif]

So then you can verify your vote reached the tallying center, but not that it was tallied correctly. Someone can look at your vote and count it wrong.

I think that's fine and the best we can do, but the person I replied to said you can verify your vote is tallied correctly. That implies checking what the actual vote was.

[dghlsakjg]

All true, but this is no different than any other ballot in the state. At a certain point you can choose anonymous ballots or you can choose trackable ballots.

[DJBunnies]

Not at all. Make verification possible only at secure physical sites.

[deathanatos]

Receipt-freeness (i.e., a secret ballot) is usually the desired property. Yes, a lot of people like you state they desire verifiable votes. But that's where you need to respond to the points the person above you is making: how is such a system not also susceptible to coercion and bribery?

(However you would verify your vote, imagine the person who is coercing you is just standing over your shoulder with threat of force. An example might be an abusive husband who does not want to allow their wife to vote freely/against him. A briber might simply force you to allow them to look over your shoulder before they'll pay you off.)

Vs. paper ballots in a polling place: a coercer would not be permitted in the poll booth with me. I get to vote, and when I leave, … I can tell them whatever, but it does not need to match my vote. It utterly defeats bribery, as the briber has no way to verify that I'm doing what they way.

[charcircuit]

>An example might be an abusive husband who does not want to allow their wife to vote freely/against him

This is an edge cases which could be made illegal. If someone forces someone else to vote you could hang them.

[DJBunnies]

The person above me makes assumptions about implementation details and then pokes holes in them. I answered above.

[tamimio]

Exactly, we can definitely build a secure online voting system, far more secure than the current paper one, but it will come with some downsides. One of them is a national digital ID mandated to all voters, which obviously can and will be abused by the government.

Another reason (besides what I mentioned in another post below) why such a secure system will never see the light, even if we can technically build it, is that the average person will start to question: why do we still need to vote for representatives if we have such a system in place? Can't we as citizens vote directly on bills/acts? Which makes sense since the current system was designed before all these tech and connectivity.

[FeistySkink]

Yeah, we have certificates on our ID cards, but they need to be manually renewed every 3 years which necessitates a trip to the designated authority. And then the underlying system gets changed every so often invalidating the card types altogether, so they can be used as dummy IDs only.