But you cannot observe it. You see that someone with a hash X has voted. How do you know whether it was a real person, a real person voting under boss supervision, a real person who actually didn't take part in elections, or just sysadmin inserting records into the database?
- You see the number of records aggregated, it should not exceed the amount of voters
- You can somehow identify your own vote and thus verify it was properly counted
- Everyone else can do the same, thus fraudsters would have to find a protocol weakness to add additional votes
One attack vector might be whatever you use to identify your vote. Aka find a way to make two people think the same record is their own vote, then use the other yourself. This seems like a tricky problem, since everyone shouldn't just be able to see their own vote was included but also not not be able to show others how you voted. The article seems to indicate they solved this somehow, but I'm not familiar enough with the details / homomorphic encryption to understand that or even just trust that specific kind of encryption.
Watch person enter booth with fresh ballot, watch person leave booth with filled ballot, and check to see that person doesn't take pictures of their ballot. Seems pretty clear they voted and their vote can't be influenced.
Though the article is light on details, it does seem to provide for an identical level of verification. I'm more than happy to be corrected if I'm missing something, but it sure sounds like they are proposing an effectively identical verification scheme.
