[croon]

> You could try reading the Wikipedia article on the end to end voter veritable system called Prêt à Voter. https://en.wikipedia.org/wiki/Pr%C3%AAt_%C3%A0_Voter It's not that hard to grok how it works because there is no complicated math involved.

> It allows any voter to verify their vote was accurately recorded in the reported total. The usual argument against is you need a lot of people to verify, and most won't. That's probably true when everyone is confident in the outcome, but I'm not so sure it works be true if there was a wiff of fraud in the air.

There are a number of application details which wildly alters whether it's workable or not, where workable leans fairly close to current scalable cost, in which case the added benefit is minimal.

> In Australia it's easy to prove no votes to the record because everyone on the rolls must vote, or they get fined. Ergo total votes must equal the number of people on the roll minus the number fined. As for "your vote was counted" - read the Wikipedia article. These systems do prove that, while keeping your ballot secret.

Yes, but only by using as much verification as paper ballot casting, which is already provably robust and even more verifiable due to decentralization.

Skimmed these:

https://www.usenix.org/legacy/event/sec05/tech/full_papers/k...

https://www.researchgate.net/publication/277296393_Pret_a_vo...

[rstuart4133]

> Yes, but only by using as much verification as paper ballot casting

I'm not sure what you are getting at here. A voter can not verify their vote in the current paper systems. Using these systems they can.

There are two kinds of attacks: typically classes as retail and wholesale. Retail attacks happen at the front end: stuffing ballot boxes, coercion, vote buying. As the effort involved roughly corresponds to the number of votes altered changing a large enough volume of votes to alter the outcome will be detectable using robust social systems, which boils down to teams of people watching each other.

Wholesale attacks happen when the vote is processed after they have been cast. An example is altering vote counting machine to lie about the votes counted. As they can systemically alter large numbers of votes they can be very difficult to detect even using statistical megtods. They are impossible to pull off when everything is done manually as teams watching teams still works, and you have to corrupt a lot of people. But when you introduce automation and machinery they voting system becomes vulnerable to this sort of manipulation.

Yes, "just continue to do everything manually using pencil and paper" does mostly eliminate wholesale attacks. But the reality is we are ditching pencil and paper for more automated processes. A famous example is a Diablo voting machine in some USA state, failed before regurgitating it's vote count (the "Volusia Error"). A man with a screw driver duely arrived, modified things, and handed over what he said was the correct vote count.

We are automating voting with voting machines and vote tabulators for good reasons. They are easier to use, particularly for the disabled, they are faster, they are cheaper than redundant teams of people, and they more accurate than manual methods. They are already arrived, and their use will only grow over time. Pleas like yours to "just use paper" are having little effect on their inceasing adoption.

The other option is to insist these machines and systems are end to end cryptographically verifable. That makes wholesale attacks these automated systems facilitate detectable. Currently we are deploying these systems without such safeguards. IMO this is insanity.

[croon]

> I'm not sure what you are getting at here. A voter can not verify their vote in the current paper systems.

In the current paper systems you don't have to, as you know what you put on it before it got anonymized and counted as one vote by the teams watched by teams.

> Using these systems they can.

In theory, yes. In practice, barely. If it was easy/practical it would be intrinsically susceptible to coercion.

In general, I agree with everything you write except for this paragraph:

> We are automating voting with voting machines and vote tabulators for good reasons. They are easier to use, particularly for the disabled, they are faster, they are cheaper than redundant teams of people, and they more accurate than manual methods. They are already arrived, and their use will only grow over time. Pleas like yours to "just use paper" are having little effect on their inceasing adoption.

The only "good" reason would be cost, but I wouldn't agree that it's a worthy trade-off. They could be easier to use, but it seems generally to be prone to UI issues making it unclear who/what you're voting for.

I'm sure their use will grow over time, but it won't be for any reasons that are good for democracy.

[rstuart4133]

> In the current paper systems you don't have to,

True. But the "secret ballot in a polling booth using paper" systems are disappearing. 32% of Australian votes aren't done that way now.

> In theory, yes. In practice, barely. If it was easy/practical it would be intrinsically susceptible to coercion.

It can be reduced to scanning a QR code in an app. It is a bit of a mystery to me why you think that isn't easy, practical or is susceptible to coercion.

[croon]

> It can be reduced to scanning a QR code in an app. It is a bit of a mystery to me why you think that isn't easy, practical or is susceptible to coercion.

Because "scanning a QR code in an app" would lead to:

1) integrity loss, ie reduction of peers in the secret sharing concept.

and/or

2) privacy loss, ie vote coercion, "show me you voted for our dear leader or something bad happens".

You can either confirm your encrypted ballot is present, OR you can decrypt it before being cast, in which case it can't be cast anymore. Unless I'm missing something they're mutually exclusive. The entire premise of the mix net is not being able to verify what you voted for, only that your vote is there, right?

[rstuart4133]

> Because "scanning a QR code in an app" would lead to ...

> 1) integrity loss, ie reduction of peers in the secret sharing concept.

> 2) privacy loss, ie vote coercion, "show me you voted for our dear leader or something bad happens".

Following your instincts instead of doing the work required to understand Prêt à Voter will lead you to that conclusion. Your instincts are wrong in this case. Neither of your claims are true. The first paragraph of the Wikipedia page makes that plain. It says in part:

> In particular, Prêt à Voter enables voters to confirm that their vote is accurately included in the count whilst avoiding dangers of coercion or vote buying.

In case you haven't thought about it, vote buying is the hardest problem to solve for secret ballots. It is hardest because both the voter and a malicious third party are working cooperatively to corrupt the system. If you come up with a system that prevents that, you've pretty much solved all retail voting attacks. Prêt à Voter makes a vote verifiable, while ensuring votes can't be sold.

While you can't sell your vote with the typical implementation of Prêt à Voter, you can do it with your favoured paper ballot system:

1. Mallory obtains an authentic, blank ballot, and fills it in way he wants. Perhaps he does that by voting, pocketing the ballot paper, and putting the dummy in the ballot box.

2. Mallory gives the pre-filled ballot to a voter willing to sell his vote for an agreed sum outside the voting booth, where the transaction can't be detected. The voter isn't given his payment yet.

3. The voter goes into the secure voting place and is given a blank ballot. In the privacy afforded to him to cast a secret ballot he pockets the blank ballot, replacing it with the pre-filled ballot given to him by Mallory.

4. The voter casts the paid for vote.

5. The voter meets with Mallory in their secret spot, hands over the blank ballot and gets paid.

Rinse, lather and repeat all the way to winning the election.

If you haven't seen that little caper described before you will find it surprising. I did. But it is nowhere near the surprise you will get from spending the time to learn how Prêt à Voter achieves what appears to be impossible.

[croon]

> Following your instincts instead of doing the work required to understand Prêt à Voter will lead you to that conclusion. Your instincts are wrong in this case. Neither of your claims are true. The first paragraph of the Wikipedia page makes that plain.

This is from the actual paper, not wikipedia:

> C. Audit of ballot forms Voters may wish to check that the order of candidates claimed to be encrypted on the right-hand side does indeed correspond to the list printed on the left-hand side. If this were not the case then a vote cast for one candidate may be considered after decryption as a vote for a different candidate. To provide such reassurance, voters may elect to ‘audit’ a ballot form. This involves removing the left-hand side of the ballot form, and asking the system to decrypt the candidate list from the onion on the right-hand side. The voter can then check that the decrypted list matches the list of candidates printed on the left-hand side. In principle, this audit can be carried out as often as the voter wishes. This gives the voter confidence that the ballot forms have been correctly constructed.

> However, the voter is not allowed to cast a vote on a decrypted ballot form. Once the candidate list associated with a onion is known, vote privacy, and hence resistance to coercion and vote-selling, is lost. The audit process gives an individual voter confidence that the ballot forms are correctly constructed, but does not allow her to check the ballot form that she is using to cast the vote.

What I said in GP is that you can't verify WHAT you voted for AFTER the fact, because the concept of coercion hinges on being able to threaten or pay for something the victim can provide. It's a logical proof, you can't design that away. I'm not saying it's not a valid trade-off.