This part of the process is what makes possible that mathematical proof of the

equivalence between the information that is published after the election and the

tally results. The process is a little bit complicated.

So I want to walk you through it in a slightly simplified version.

But this will get you, give you some idea of, of how that proof is constructed.

During the preparation phase, the election officials run software that computes these

three different tables. The table on the left shows for each

ballot, all of the different verification codes that would come up if the voter

voted for each candidate. Now, the column order doesn't match the

order of the candidates on the ballot. The different codes for a given ballot are

shuffled around so that there's an added protection for voter secrecy.

The table on the right is initially empty, but this will eventually show which

choices voters have marked on ballots. The table in the middle establishes a

correspondence between the entries in the left table and the right table.

The column in the left in the middle table is a reference to one of the entries in

the table on the left, and the column on the right in the middle of the middle

table is a reference to one of the cells in the table on the right.

But these are in permuted or shuffled order.

So, it's going to establish a kind of shuffling of the entries in the left table

mapped onto the entries in the right table.

Lets see what happens during counting. Let, lets suppose that the three ballots

in this race voted for, yes on the first ballot, no on the second, and no on the

third. We can also suppose that these three

confirmation codes circled in purple, were the ones corresponding to those choices on

the ballot. Now, what we can do is we can follow the

arrows that are mapping those circled choices through the middle table and

onward to the right table. What we'll do in the middle table is mark

an x in each row that is pointed to, on a voter's choice on the left table.

And then, we'll follow the arrows to the right table and check off those boxes.

Now, the table on the right shows the results.

Two votes for no, one for yes, and we have our official count.

So, all of this is happening at election headquarters in software.

None of this is being made available for anyone to see.

So, it's not public information yet. So, let's see what's actually published in

order to verify the election. So, instead of revealing all of the

entries in these tables, the election authorities start by only publishing

encrypted versions, these are what are known as cryptographic commitments, to

most of the cells. Then, they'll open up some of them,

they'll open up in the confirmation code table on the left, the table entries that

are corresponding to confirmation codes for choices voters have actually made on

their ballots, so the codes that voters took home.

On the right, they'll open up the whole table, so everyone will be able to see

which entries have been marked for which choice and be able to total that up and

make sure it matches the tally. In the table in the middle, they'll reveal

which entries have been marked with an x. But initially, they won't reveal any of

the left or right column entries. The things that tell you which table,

which entries in the left table correspond to which entries in the right one.

So, here comes the magic part. The election officials after publishing

this information, will pick a random number.

Maybe again, they'll choose something based on the stock market closing price on

the appointed day of the audit. And based on this number, for each row in

the middle table, they will decrypt and reveal either the encrypted value on the

left or the encrypted value on the right. So, here we'll decrypt in the first row,

the left value and the second one, the right value and so on.

If they open the value on the left, this reveals the correspondence between that

row and one of the confirmation codes in the left table.

If they open the right one, it reveals the correspondence between the, the middle

table and one of the entries in the right table but there's no place where they're

going to open and decrypt both of those values, and you'll be able to see a direct

path from one of the confirmation codes to a voted choice.

However since these values were published after they were encrypted there's no way

that the election officials could go back and change what was in one of those one of

those encrypted envelopes after it was decided that it should be revealed.

They've committed to them. And because of that, we can convince

ourselves that all of the confirmation codes are accurately, are accurately

recorded. We can check on the left side that any of

the voted codes for which the correspondence has been revealed actually

maps to a row in the middle table that has an x, that is one that was supposed to be

a choice marked by a voter. And we can also check that any of the

non-revealed confirmation codes on the left, for which the correspondence has

been revealed, maps to a row without an x. On the right half of the screen, we can

verify that each of the correspondences also matches if there is a correspondence

that is not marked with an x, it's not marked with a check in the voted choice

table. If it is marked with an X, there's a check

in the voted choice table. So, this is an example of what's called a,

a cut and choose protocol where we're either going to reveal some information or

other information but there's no way to tell in advance.

So someone who is trying to cheat would, in order to look consistent after some of

the information was revealed would have to be extremely lucky and we can make it

arbitrarily hard for them by increasing the complexity of the system.

It does get a little complicated though and I'm, I'm not even showing you the full

detail. But this gives you some sense of how E2E

would work. End-to-end verifiable voting has a

tremendous amount of promise but there's still several difficult questions about

it. One has to do with the complexity.

This isn't exactly simple stuff. And the question is, how much added burden

is it going to add to election procedures. And election official duties that, that

are already considerably difficult given the given the scale and messiness of real

elections. Is this going to be something that's

simple enough to actually practice on a large scale?

Another question has to do with usability. Is the process of end-to-end is something

that regular voters can follow what they're supposed to do, and complete the

steps correctly? And how many voters are going to even

bother to, say, write down the confirmation codes in Scantegrity?

If the system isn't usable, then it's not going to be able to be verifiable either.

Another question is comprehensibility and I, I think this the biggest issue of all

with E2E. By comprehensibility, we, we mean the

ability of voters to understand why their votes are being counted correctly.

And it seems most E2E schemes, anyway require quite a bit of knowledge and

understanding to follow the, the intricacies of, of the procedures.

We want, ideally, for voting systems to be something that, that non-experts can

understand, that, that anyone can follow. And if it takes special cryptographic

training to understand exactly why your vote is being secured that's, that's less

an ideal amount of transparency and comprehensibility.

Finally, there are security questions certainly about end-to-end voting if

practiced as an internet voting scheme but also about some of the offline traditional

voting forms of E2E, too. Researchers are still working to, to

strengthen the proofs of security that are available for the different properties and

to understand everything that could possibly go wrong.

Despite these problems I think end-to-end is one of the most exciting and most

promising new technologies in, in election research.

And I, I'm confident that in some form, someday this is going to be a widely-used

technology to strengthen the way we all vote.