1. Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else voted  No one can duplicate anyone else's vote  No one can change anyone else's vote without being discovered  Every voter can make sure that his vote has been properly counted

2. Simplistic Voting Protocol  The voter creates a ballot (perhaps via DRE machine).  The voter sends his vote to a central tabulating facility, or CTF.  The CTF decrypts the votes, adds them up, and makes the results public.

3. Voting Using Public-Key Cryptography  Each voter creates a ballot and signs it with his private key.  Each voter then encrypts the vote with the CTF's public key.  Each voter sends his vote to the CTF.  The CTF decrypts the votes with its private key and verifies the signatures with the voters' public keys.

4. Voting Using Blind Signatures  Each voter generates n sets of messages, each containing a valid vote for each possible outcome. Each includes a unique, randomly generated ID number.  Each message is blinded using a unique blinding factor. These are then sent to the CTF.

5. Voting Using Blind Signatures  The CTF first verifies that the voter has not previously submitted any votes. It then chooses n-1 of the sets and gets their blinding factors from the voter.  The CTF unblinds those sets, verifies that they are properly formed. It then signs the remaining blinded set, sends it back to the voter, and marks that the voter has cast his ballot.

6.  The voter removes the blinding factor, producing a set of votes signed by the CTF.  The voter chooses one of the votes, encrypts it with the CTF's public key, and sends it in. Voting Using Blind Signatures

7.  The CTF decrypts the votes, validates the signatures, makes sure the ID number is unique, and tabulates the votes. It then publishes the results of the election with every ID number and the corresponding vote.

8. Voting With a Centralized Legitimization Authority  The voter generates a ballot, blinds it and sends it to the CLA with his username and password (encrypted using the CLA's public key).  The CLA decrypts the data, validates the username and password, and remembers that this voter has submitted a ballot. The CLA then signs the ballot, and returns it to the voter.

9. Voting With a Centralized Legitimization Authority  The voter removes the blinding factor, thus producing a signed ballot.  The ballot is sent in anonymously along with a cryptographically secure checksum, to the CTF.  The CTF verifies the ballot and adds it to the tally.  Each ballot and its checksum are posted so that the voter may verify his vote.

10. Secret Ballot Receipts