I am a theoretical physicist (a PhD candidate) and try to learn about cryptography as a hobby. One of the interesting aspects I had found is that many respectable scientists say that electronic voting is not safe, and so I started to follow the arguments which they use. For example, submitting the trust to authority to do their job honestly or sacrificing anonymity. Or impossibility to deal with anonymous bribers on the internet. However, a formal proof for that did not exist, so was interested if I could design a better e-voting system which would be anonymous, transparent and had a mechanism to fight bribery and coercion.
The citizen has a device with display and numpad, which interfaces the ID card. No internet connection is allowed to prohibit malware. The voting for a user happens after the following steps:
The public ledger contains signatures. On the other ledger, we have public keys which must have been used for a valid vote. So the steps are as follows:
The power of anonymity on the internet is the greatest weakness for many electronic voting schemes as it is so easy to buy votes without dealing with consequences. Here I propose a defence based on activists will to look for the bribery places and to sell their votes so in the process depleting bribers capital. Afterwards, when the transaction is made, activists submit their real ballots. That could be done in secrecy to prevent bribers from gaining the knowledge of the list of activists for the next elections.
To distinguish real votes from the fake votes another login for ID card can be made where the random string added to the message would be known to the department which keeps order. The activist could have been given a choice to select the police department, which he trusts that would not leak the information to the bribers. The steps to set up such system thus are:
The activist goes to the police department, which he trusts and gives the signature to them for safekeeping.
Now to perform a fake vote, the citizen does all the steps from the voting section, but only with the PIN2 code. The police department would scan the ledger continuously for the random strings and would do it's duty when the vote would have been found. It is also pretty clear that no one would dare exploit social relations to collect card and PIN code as there is no way to distinguish real one from the fake one.
Do you see a way to abbuse the system? Let me know over a email or a twitter.