>If you can proof to yourself after the election that your correct vote went into the system, you can proof this to other people too.
The receipt doesn't prove who you voted for, just that the associated vote was counted.
>every person is able to fully understand what is happening. Additionally you do not need to have a strong trust in the implementation of the cryptography
Are you sure you fully understand what is happening with paper based systems? You don't know which people looked at your vote, who they reported to, how the votes were summed up locally, how the information was transmitted to be centralized, who handled this info and how they made their decisions etc. It's actually much easier to understand and trust an open-source computer system than the mesh of social institutions, obscure regulations and personal idiosyncrasies that make the paper systems run. And you do trust your entire wealth to cryptography each time you make an online purchase, you know.
>For a large scale attack on computer based voting, you would need to bribe way less people
No amount of bribes will break cryptography, and proof that the system worked correctly is easy to supply by opening up the machines and software for public inspection. By contrast, we'll never know what, for instance, half a dozen election officials may have discussed in a tiny room (Florida 2000, Iowa 2012) and how they arrived at their decisions.
You are correct, but I want to point out that opening the machine or software for public inspection is not the case.
Cryptography and End-to-End Verifiable Voting, give you the privilege not to trust anyone with the results, not even the designers of the system, (not because you can see the code, most people won't understand what it does anyway) and even if you don’t know anything about software you can always find a professional of your choice that would do the verification for you (simply write a program that counts the votes and verify zero-knowledge proofs. after the election is over (before it's over the key is unknown) (much alike the way people can choose their own doctors).
You are right about "end-to-end verifiable". I misunderstood that.
About understanding what is happening, I have to say: No, I do not know every detail on how we do it in Germany. But I would say that I have a pretty good overview and trust in the system. We had minor election related scandals, but never on a larger scale. Everything happens under the eyes of many. Those many consist of volunteer. When I go to vote, I know some of them personally.
If somebody does not know how our system works, it is at least possible for him/her to find out and fully understand. There are some complains about our system, but none are about the risk of large scale fraud.
I don't know much about on how you do it in the US. I heard that it is more complicated than ours, and that using a computer would help a lot. But as I said, I would prefer to get the job done manually. It is possible. It worked before.
About online shopping. It is a trade-off.
I know I should not trust my computer. I know the current state of how we use ssl and our trust in different CAs is pretty bad. But I am still doing it, since I hate to go shopping in real live. For me it would be much more risky to get into my car and drive to a shop.
I would not want to trust my computer and the current state of how we use crypto with everything in any case.
I was more about bribing people to make mistakes during the implementation. And do you know for sure that there is not yet a quantum computer in some kids basement? :)
In some cases like "xor" with a random key, you can proof that the crypto is unbreakable. But the way people use it is often faulty. There are certain requirements that apply to the key and without them, the method is not secure any more. In other cases like RSA, there is no real proof that it is working. It is hard to proof that nobody will figure out an highly efficient way to do prime factorization. All we know is that many people tried and failed.
Public inspection of those computers is not really possible. How do you trust the hardware? It is more easy to show that something does something. But it is hard to proof that something is not doing something.
We would use computers to do the calculations that prove that our votes are ok.. so we need to trust those machines again..
In the worst scenario the privacy of the system may be breached but the integrity of the system is always preserved. Let us emphasize this a bit more. Let us consider the unlikely, worst-case scenario where a hacker gets full control of both the software and all the secret keys of the system. Even in this case, the system guarantees that if the hacker tries to change the posted votes or the tallied result, then auditors would detect the attempt and reveal the forgery. Thus, if the elections pass audit and are successfully verified by voters, then voters can be assured that the election results are correct.
The receipt doesn't prove who you voted for, just that the associated vote was counted.
>every person is able to fully understand what is happening. Additionally you do not need to have a strong trust in the implementation of the cryptography
Are you sure you fully understand what is happening with paper based systems? You don't know which people looked at your vote, who they reported to, how the votes were summed up locally, how the information was transmitted to be centralized, who handled this info and how they made their decisions etc. It's actually much easier to understand and trust an open-source computer system than the mesh of social institutions, obscure regulations and personal idiosyncrasies that make the paper systems run. And you do trust your entire wealth to cryptography each time you make an online purchase, you know.
>For a large scale attack on computer based voting, you would need to bribe way less people
No amount of bribes will break cryptography, and proof that the system worked correctly is easy to supply by opening up the machines and software for public inspection. By contrast, we'll never know what, for instance, half a dozen election officials may have discussed in a tiny room (Florida 2000, Iowa 2012) and how they arrived at their decisions.