[EM] proxies and confidentiality

[Jan Kok]

Selecting bottom-tier proxies by secret ballot sure seems like a messy
problem.  Depending on the problem definition (the requirements), I'm
not confident that there is a solution.

For those that want to try to find a solution, I offer the following
paper as inspiration:

www.votegrity.com

Secret-Ballot Receipts:
True Voter-Verifiable Elections

by David Chaum

A new kind of receipt sets a far higher standard of security
by letting voters verify the election outcome—even if all
election computers and records were compromised. The
system preserves ballot secrecy, while improving access,
robustness, and adjucation, all at lower cost.


This is a very interesting paper, and it's not hard to understand the
outline of the solution.  However, I found it very difficult to
understand the details, and verify that it would work as advertised. 
At the time I studied it, I felt like I understood about 75% of it -
enough to be reasonably confident that it would work (almost) as
advertised.  (The "almost" has to do with the probability of detecting
tampering with the ballots.  Chaum gives an example where he
calculates the probability of detection at 99.9%.  I think the
probability is more like 95%, which I would think is still good enough
to deter people from trying to tamper.)

Enjoy!
- Jan