i.e. the attack scenario is a small town, where you record each person as they come in. Then later you can look at the vote in order and know who voted what.
> Presumably the forces doing the coercion wouldn't have access to the audit tape.
That is not a valid assumption. Your machine must be resistant even to that attack.
> If they did, then we're already screwed no matter what system we implement.
No. The audit must not be able to be correlated with the person, the order, or the time.
"zero knowledge proofs" is a textbook solved problem. Your local college library has books that explain how to do secure voting. It is how AWS and HTTPS works.
i.e. the attack scenario is a small town, where you record each person as they come in. Then later you can look at the vote in order and know who voted what.
> Presumably the forces doing the coercion wouldn't have access to the audit tape.
That is not a valid assumption. Your machine must be resistant even to that attack.
> If they did, then we're already screwed no matter what system we implement.
No. The audit must not be able to be correlated with the person, the order, or the time.