[endgame]

There are some really clever systems that let you prove that you voted without leaking how you voted.

Unfortunately, explaining them to Joe Q. Public in such a way that he's going to trust your election is a very tough sell, whereas counting paper is a much easier process to explain.

And that's before you begin worrying that the developer of your whizz-bang mathematically-provable voting system is a) going to win the bid to build it for the government, b) implements it correctly, and c) isn't subverted while doing so.

[croon]

I have had this discussion many times before, with people smarter than me, and I have not yet reached a counter argument to the idea that if you can only prove that you voted (and not couple each vote to a voter), how can you prove that innumerable votes were added to the record, or that your vote is correct?

You can either couple every vote to a voter and risk oppressive monitoring of votes at scale or coercion at micro level, OR you can have decoupled voting proving that your vote was counted, but not have convincing proof that your vote or anyone else's are accurate.

Please prove me wrong because I would love it if it was possible.

Edit: Booth/paper-voting solves this by:

* linearly scaling cost of multi-party verification of identity at time of voting

* your vote being anonymous and being decoupled from you at time of deposit

* you trust the system at scale since each step in the chain-of-custody has many-eyes-verification

* vote amount is grouped by location so vote insertion can't happen at scale without coordinating with each involved polling place to fudge each of their numbers

* you can't insert into one area without having a random 100k population increase in a polling place overnight

[rstuart4133]

You could try reading the Wikipedia article on the end to end voter veritable system called Prêt à Voter. https://en.wikipedia.org/wiki/Pr%C3%AAt_%C3%A0_Voter It's not that hard to grok how it works because there is no complicated math involved.

It allows any voter to verify their vote was accurately recorded in the reported total. The usual argument against is you need a lot of people to verify, and most won't. That's probably true when everyone is confident in the outcome, but I'm not so sure it works be true if there was a wiff of fraud in the air.

> how can you prove that innumerable votes were added to the record, or that your vote is correct?

In Australia it's easy to prove no votes to the record because everyone on the rolls must vote, or they get fined. Ergo total votes must equal the number of people on the roll minus the number fined. As for "your vote was counted" - read the Wikipedia article. These systems do prove that, while keeping your ballot secret.

[croon]

> You could try reading the Wikipedia article on the end to end voter veritable system called Prêt à Voter. https://en.wikipedia.org/wiki/Pr%C3%AAt_%C3%A0_Voter It's not that hard to grok how it works because there is no complicated math involved.

> It allows any voter to verify their vote was accurately recorded in the reported total. The usual argument against is you need a lot of people to verify, and most won't. That's probably true when everyone is confident in the outcome, but I'm not so sure it works be true if there was a wiff of fraud in the air.

There are a number of application details which wildly alters whether it's workable or not, where workable leans fairly close to current scalable cost, in which case the added benefit is minimal.

> In Australia it's easy to prove no votes to the record because everyone on the rolls must vote, or they get fined. Ergo total votes must equal the number of people on the roll minus the number fined. As for "your vote was counted" - read the Wikipedia article. These systems do prove that, while keeping your ballot secret.

Yes, but only by using as much verification as paper ballot casting, which is already provably robust and even more verifiable due to decentralization.

Skimmed these:

https://www.usenix.org/legacy/event/sec05/tech/full_papers/k...

https://www.researchgate.net/publication/277296393_Pret_a_vo...

[rstuart4133]

> Yes, but only by using as much verification as paper ballot casting

I'm not sure what you are getting at here. A voter can not verify their vote in the current paper systems. Using these systems they can.

There are two kinds of attacks: typically classes as retail and wholesale. Retail attacks happen at the front end: stuffing ballot boxes, coercion, vote buying. As the effort involved roughly corresponds to the number of votes altered changing a large enough volume of votes to alter the outcome will be detectable using robust social systems, which boils down to teams of people watching each other.

Wholesale attacks happen when the vote is processed after they have been cast. An example is altering vote counting machine to lie about the votes counted. As they can systemically alter large numbers of votes they can be very difficult to detect even using statistical megtods. They are impossible to pull off when everything is done manually as teams watching teams still works, and you have to corrupt a lot of people. But when you introduce automation and machinery they voting system becomes vulnerable to this sort of manipulation.

Yes, "just continue to do everything manually using pencil and paper" does mostly eliminate wholesale attacks. But the reality is we are ditching pencil and paper for more automated processes. A famous example is a Diablo voting machine in some USA state, failed before regurgitating it's vote count (the "Volusia Error"). A man with a screw driver duely arrived, modified things, and handed over what he said was the correct vote count.

We are automating voting with voting machines and vote tabulators for good reasons. They are easier to use, particularly for the disabled, they are faster, they are cheaper than redundant teams of people, and they more accurate than manual methods. They are already arrived, and their use will only grow over time. Pleas like yours to "just use paper" are having little effect on their inceasing adoption.

The other option is to insist these machines and systems are end to end cryptographically verifable. That makes wholesale attacks these automated systems facilitate detectable. Currently we are deploying these systems without such safeguards. IMO this is insanity.

[croon]

> I'm not sure what you are getting at here. A voter can not verify their vote in the current paper systems.

In the current paper systems you don't have to, as you know what you put on it before it got anonymized and counted as one vote by the teams watched by teams.

> Using these systems they can.

In theory, yes. In practice, barely. If it was easy/practical it would be intrinsically susceptible to coercion.

In general, I agree with everything you write except for this paragraph:

> We are automating voting with voting machines and vote tabulators for good reasons. They are easier to use, particularly for the disabled, they are faster, they are cheaper than redundant teams of people, and they more accurate than manual methods. They are already arrived, and their use will only grow over time. Pleas like yours to "just use paper" are having little effect on their inceasing adoption.

The only "good" reason would be cost, but I wouldn't agree that it's a worthy trade-off. They could be easier to use, but it seems generally to be prone to UI issues making it unclear who/what you're voting for.

I'm sure their use will grow over time, but it won't be for any reasons that are good for democracy.

[rstuart4133]

> In the current paper systems you don't have to,

True. But the "secret ballot in a polling booth using paper" systems are disappearing. 32% of Australian votes aren't done that way now.

> In theory, yes. In practice, barely. If it was easy/practical it would be intrinsically susceptible to coercion.

It can be reduced to scanning a QR code in an app. It is a bit of a mystery to me why you think that isn't easy, practical or is susceptible to coercion.