Ken Johnson wrote:
"As I understand it, a ballot receipt contains no information about the 
voter's identity, which only becomes potentially knowable when the voter 
presents the receipt for validation/verification. But how would the 
process verify that only legally registered voters have voted, and that 
no one voted twice? I don't quite understand the basis of the claim that 
"...it can lift the requirement that voters must vote from their home 
precinct ... inter-jurisdiction voting becomes workable ...".

I respond:
I assume that verifying only registered voters voted and no one voted twice would be done the same way this is currently done and the same ways your proposed method does.  For example, the voting machine would have to be reset by election volunteers after each vote before the next vote can occur.  Voters would have to sign in with an approved ID.  The voter registration data would be cross checked with other data bases. Etc.  Even your suggestion of machine readable stamps placed in  the registration logs immediately after the vote could be implemented to make it easier to verify that the number of votes and ballots match.

Ken Johnson wrote:
"I question whether a method with this level of technical sophistication 
and complexity would be practical or whether voters would trust the 
"mathematical magic" behind the secure encryption scheme - especially in 
emerging democracies where most voters may be barely literate, much less 
computer literate or technologically literate. One particular weakness 
is the reliance on a small number of "trustees" - holders of the private 
encryption keys - to ensure voter secrecy. The trustees might have the 
highest level of professionalism and integrity, but probably not much 
technical sophistication or understanding of cryptography, so you might 
find someday that a hacker has gotten hold of the private keys and 
posted them on the Internet, along with all of the decrypted ballots."

I respond:
Keeping the secret keys secret is always essential to public/private key encryption.  Like the article says, government and businesses have been relying on this method for years now and so far it has been successful.  As I understand it the number of trustees (and therefore the number of private keys) can be increased or decreased to provide more or less secrecy protection.

Ken Johnson wrote:
"Following is an outline of a comparatively "low-tech" voting process 
that I think probably accomplishes the same objectives as Chaum's 
method, while overcoming its weaknesses. (Whether it actually does, I 
pose as an open question.)"

I respond:
I disagree. I don't think your method accomplishes the same objectives.  For example, under the half pixel half receipt method it is likely that any attempt to swap a real voted ballot with a fraudulent replacement voted ballot would be detected.  Under your method anyone with access to the voted ballots, the ballot stamp, and the blank ballots could swap real voted ballots with his own fraudulent ballots without any chance of being detected (provided they could swap ballots when no one outside the vote rigging conspiracy who is willing to report the fraud was present as a witness).

Ken then presented the properties and steps for his method of conducting secure elections which I won't repeat here.