Voting and Tallying Protocol

Now we see that the most straightforward way of casting may be that the voters sign their ballots with their voting key and submit their ballots with the signature. Here, however, we divide the voting and tallying phase into two sub-phases, as mentioned in section 2. Instead of send the ballots directly, voters just submit encrypted ballots with a signature in the first sub-phase. Before the voters submit their keys to decrypt the encrypted ballots, the tallier publishes all the encrypted ballots with the attached signatures, so that every voter can check whether his or her ballot has been counted. Thus voters would have a chance to correct miscounted ballots without revealing the ballot.
Voter V:

1. Sends to T:

Tallier T:

1. Checks whether is in the authorized tallying key list, then verifies the authenticity of by computing:
   

   

2. If is in the authorized tallying key list and the equation holds for all voters, publishes:
   

   

Voter V:

1. Checks whether his or her encrypted ballot has been included in the published encrypted ballot list. If not, V can correct it by publishing:

   

   
   to the election community.

Note: If no ballot is miscounted, the protocol continues to the next sub-phase.

Voter V:

1. V sends to T:

   

Tallier T:

1. Checks the authenticity of by computing:
   

   

2. If is valid, T decrypts with as follow:
   

   

3. Publishes all the authenticated data:
   

   

   
   for universal verification.