To give you a better sense of how E2E voting actually works I'm going to show you a few more details about one of the systems and, and walk you through the process. So, let's talk about Scantegrity. Before the election, the election officials do a bunch of cryptography during a preparation phase, and among other things, what they do is they figure out what the verification codes are going to be on all of the ballots. This lets them print the ballots and prepare them. The codes are printed in invisible ink. So, what the voter sees in the election booth is something like the middle image here. There's a serial number on the ballot, but all of the choices are blank until the voter actually votes using their special pen. And reveals the invisible ink on the candidates they vote for. After voting, the voter can detach that little paper chit on the bottom of the ballot. And write down the verifications codes that showed up, if they want. The piece of paper also has the valid serial number printed on it, and the voter can later use this to look up their codes when the election results and cryptographic verification information are posted in public. Behind the scenes, before the election the election workers do, do other preparations, too. And part of the process is that they run some software that's going to set up the system so that it can later be, be verified by voters. This part of the process is what makes possible that mathematical proof of the equivalence between the information that is published after the election and the tally results. The process is a little bit complicated. So I want to walk you through it in a slightly simplified version. But this will get you, give you some idea of, of how that proof is constructed. During the preparation phase, the election officials run software that computes these three different tables. The table on the left shows for each ballot, all of the different verification codes that would come up if the voter voted for each candidate. Now, the column order doesn't match the order of the candidates on the ballot. The different codes for a given ballot are shuffled around so that there's an added protection for voter secrecy. The table on the right is initially empty, but this will eventually show which choices voters have marked on ballots. The table in the middle establishes a correspondence between the entries in the left table and the right table. The column in the left in the middle table is a reference to one of the entries in the table on the left, and the column on the right in the middle of the middle table is a reference to one of the cells in the table on the right. But these are in permuted or shuffled order. So, it's going to establish a kind of shuffling of the entries in the left table mapped onto the entries in the right table. Lets see what happens during counting. Let, lets suppose that the three ballots in this race voted for, yes on the first ballot, no on the second, and no on the third. We can also suppose that these three confirmation codes circled in purple, were the ones corresponding to those choices on the ballot. Now, what we can do is we can follow the arrows that are mapping those circled choices through the middle table and onward to the right table. What we'll do in the middle table is mark an x in each row that is pointed to, on a voter's choice on the left table. And then, we'll follow the arrows to the right table and check off those boxes. Now, the table on the right shows the results. Two votes for no, one for yes, and we have our official count. So, all of this is happening at election headquarters in software. None of this is being made available for anyone to see. So, it's not public information yet. So, let's see what's actually published in order to verify the election. So, instead of revealing all of the entries in these tables, the election authorities start by only publishing encrypted versions, these are what are known as cryptographic commitments, to most of the cells. Then, they'll open up some of them, they'll open up in the confirmation code table on the left, the table entries that are corresponding to confirmation codes for choices voters have actually made on their ballots, so the codes that voters took home. On the right, they'll open up the whole table, so everyone will be able to see which entries have been marked for which choice and be able to total that up and make sure it matches the tally. In the table in the middle, they'll reveal which entries have been marked with an x. But initially, they won't reveal any of the left or right column entries. The things that tell you which table, which entries in the left table correspond to which entries in the right one. So, here comes the magic part. The election officials after publishing this information, will pick a random number. Maybe again, they'll choose something based on the stock market closing price on the appointed day of the audit. And based on this number, for each row in the middle table, they will decrypt and reveal either the encrypted value on the left or the encrypted value on the right. So, here we'll decrypt in the first row, the left value and the second one, the right value and so on. If they open the value on the left, this reveals the correspondence between that row and one of the confirmation codes in the left table. If they open the right one, it reveals the correspondence between the, the middle table and one of the entries in the right table but there's no place where they're going to open and decrypt both of those values, and you'll be able to see a direct path from one of the confirmation codes to a voted choice. However since these values were published after they were encrypted there's no way that the election officials could go back and change what was in one of those one of those encrypted envelopes after it was decided that it should be revealed. They've committed to them. And because of that, we can convince ourselves that all of the confirmation codes are accurately, are accurately recorded. We can check on the left side that any of the voted codes for which the correspondence has been revealed actually maps to a row in the middle table that has an x, that is one that was supposed to be a choice marked by a voter. And we can also check that any of the non-revealed confirmation codes on the left, for which the correspondence has been revealed, maps to a row without an x. On the right half of the screen, we can verify that each of the correspondences also matches if there is a correspondence that is not marked with an x, it's not marked with a check in the voted choice table. If it is marked with an X, there's a check in the voted choice table. So, this is an example of what's called a, a cut and choose protocol where we're either going to reveal some information or other information but there's no way to tell in advance. So someone who is trying to cheat would, in order to look consistent after some of the information was revealed would have to be extremely lucky and we can make it arbitrarily hard for them by increasing the complexity of the system. It does get a little complicated though and I'm, I'm not even showing you the full detail. But this gives you some sense of how E2E would work. End-to-end verifiable voting has a tremendous amount of promise but there's still several difficult questions about it. One has to do with the complexity. This isn't exactly simple stuff. And the question is, how much added burden is it going to add to election procedures. And election official duties that, that are already considerably difficult given the given the scale and messiness of real elections. Is this going to be something that's simple enough to actually practice on a large scale? Another question has to do with usability. Is the process of end-to-end is something that regular voters can follow what they're supposed to do, and complete the steps correctly? And how many voters are going to even bother to, say, write down the confirmation codes in Scantegrity? If the system isn't usable, then it's not going to be able to be verifiable either. Another question is comprehensibility and I, I think this the biggest issue of all with E2E. By comprehensibility, we, we mean the ability of voters to understand why their votes are being counted correctly. And it seems most E2E schemes, anyway require quite a bit of knowledge and understanding to follow the, the intricacies of, of the procedures. We want, ideally, for voting systems to be something that, that non-experts can understand, that, that anyone can follow. And if it takes special cryptographic training to understand exactly why your vote is being secured that's, that's less an ideal amount of transparency and comprehensibility. Finally, there are security questions certainly about end-to-end voting if practiced as an internet voting scheme but also about some of the offline traditional voting forms of E2E, too. Researchers are still working to, to strengthen the proofs of security that are available for the different properties and to understand everything that could possibly go wrong. Despite these problems I think end-to-end is one of the most exciting and most promising new technologies in, in election research. And I, I'm confident that in some form, someday this is going to be a widely-used technology to strengthen the way we all vote.
