Yeah, not like there's any sort of transparent way to audit a public chain of data blocks representing votes associated with an anonymous certificates that would allow end users (verified with registration cards and authorized with their mobile device biometrics) to check their votes were recorded correctly and for 3rd parties to easily audit the vote totals.
That's a problem that hasn't been solved at all by the current applications of cryptography.
Even if my computer gets hacked, as long as I can trivially search my "confirmation id" from another device to ensure it's what I cast, I'm going to see if it was or wasn't tampered with.
Having public records of votes on a per vote basis with multiple layers of cryptographic signatures at each stage of processing them would be a world of improvement over the current system, both client side and server side attacks considered.
Being able to easily validate what individual people voted for is exactly the opposite of what you want in a voting system, as it make vote buying/selling trivial. I suggest looking into the huge list of previous electoral fraud for all the different kind of attacks that need to be defended against: https://en.wikipedia.org/wiki/Electoral_fraud
Voter coercion and retaliation for voting 'the wrong way' is probably even more important than vote buying/selling.
A key feature of a secret ballot is that it must remove the ability for anyone to verify how you voted even with your cooperation (no matter if willing, coerced or bought) - you must have plausible deniability i.e. any reasonable "demonstration" to others how you voted must be possible even if you actually voted differently.
This argument never really made sense to me, because it's already completely undermined by mail in voting in which you can not only sell your vote but even have the guy you sold it to turn it in for you so he can be 100% certain he's getting what he wanted. You can even give him a 'blank check' by filling out your personal data/signature, and leave the vote slots blank for him.
And for context on the scale of this, in the 2020 election there were 65,642,049 mail-in-votes cast. And the outcome of the presidential election was decided by 42,921 votes. [1]
> it's already completely undermined by mail in voting
This keeps coming up but is not generally true. See my comment from another thread [0]:
I don't know how it's done in the USA, but in Germany voting by post has to be carried out before the day of the election. The actual postal votes are stored and only opened on the day of the election. After somebody send in their postal vote they can go to the public voting office and declare to invalidate their postal vote. The people counting the postal votes will get a list with invalidated votes and remove these envelopes before the votes are opened. The person who invalidated can then either do another postal vote or vote at the ballot box.
So in Germany postal voting is secured against selling votes.
> verified with registration cards and authorized with their mobile device biometrics
What does "verified" even mean here? At the end of the day, you need to convert it to some cryptographic key, and then that key is vulnerable to attack: either it's kept in the voting machine, in which case the machines themselves are a single point of failure, or else it's given to voters, in which case their insecure phones, computers, etc are easily compromised to get the keys.
Checking your votes doesn't help: a significant number of people do not vote. An attacker can submit votes on behalf of those people using their keys and noone will know, and even if you find someone who claimed that they didn't vote, how would you ever prove it either way?
The advantage of a physical system is that there is no single point of failure: changing the overall election result requires a physical presence at multiple polling locations. All electronic voting solutions are intrinsically worse in that respect.
That's a problem that hasn't been solved at all by the current applications of cryptography.
Even if my computer gets hacked, as long as I can trivially search my "confirmation id" from another device to ensure it's what I cast, I'm going to see if it was or wasn't tampered with.
Having public records of votes on a per vote basis with multiple layers of cryptographic signatures at each stage of processing them would be a world of improvement over the current system, both client side and server side attacks considered.