One way to achieve verifiability is through deniable tracking numbers computed locally in network-disconnected devices. To ensure that they are deniable, they can only be computed after all tracking numbers along the votes are made publically available, which can be realised by publishing a secret code that the voter inputs into the device. That way, when the coercer/briber asks for a vote to be cast in a certain way, the voter can select another tracking number from a public list and show it to them. Meanwhile, computation on the device ensures that it does not have access to resulting tracking numbers and corresponding votes with which it could deceive the voter. Meanwhile, the cryptographic proofs ensure that every voter has one unique tracking number. This is the general idea of the Selene system.

That genuinely doesn't seem to solve anything to me.

Sure you can generate all these secret codes but then why wouldn't a briber ask for you to take a picture or video of the screen with all the codes and secret? OCR and computer vision is quite good nowadays and most people are carrying a video camera in their pocket, so the process can potentially be scaled. Bonus points if its install the Purple App and ask the voter to point their camera at the screen with all the codes. Double bonus points if the app generates a nice easy password for the used to plug in to be used as your secret.

And the thing is that it doesn't need to be super accurate. Even if its only budgeted with $10 million worth of $100 gift cards and it's only about 70% of the cards were getting the desired outcome, that's still 70,000 votes going purple. Especially if you limit it to being the first 100,000 confirmed voters, you'll still get people participating if they think there is still hope for getting a card. Even more if you're convincing voters that are only voting for the sake of a gift card and don't actually care about the result of the election.

And ultimately that's just one of several attack vectors I can think of. And I'm not a smart person; I'd go as far to say that I'm actually pretty stupid. I can't imagine what a room full of actually smart folks with NSA-like budget and NSA-like permissions can come up with. Remember the gigantic mess with Dual_EC_DRBG in the FIPS 140-2 standard?

It is tough to convince oneself that all attack vectors are being considered. The key idea is that a coercer or briber cannot always monitor their subjects, which leaves a window of opportunity for voters to cast their desired vote and set up fake credentials for their devices. This assumption, however, falls apart when the coercer or briber asks for voters’ devices and corresponding PIN codes during the voting period. I am motivated by the belief that such an attack vector is, in most cases, unrealistic.

Regarding your suggested attack vector, where the briber asks for a video of the screen showing how the number is displayed on the screen, this can be resolved with fake credentials. When creating a fake PIN code, the voter can specify inputs and outputs to the device with which the video can be taken. Fake credentials can further create fake credentials, so it is not possible to distinguish them.

I have a different comment where I'm stating that one way to counter the influencing of votes is through allowing the voter to cast their ballot any number of times until it ends.

I can think of a method that allows a voter to decrypt the ballot payload only coupled with one or more keys from the parties that organized it. Ie, if I as an individual want to see the vote, I can't. But if I suspect my vote has been tampered with I can ask the organizers to audit it, and with both our keys, I can see the payload. (This is just back of the napkin theorizing, it might have other issues)

I'm not sure how the solves the issue of a voter that wants to reveal their vote.

I'm looking at the problem through the lens of "why does a voter want to see their ballot". The answer which prevents the issue of vote buying is "to audit the validity of the vote", which then is ensured through putting some stop-gaps in front of viewing the vote in the form of requiring intervention from the entities organizing the ballot.

Ie, if a malicious entity wants to make sure that the votes they have bought are corresponding with what they asked, they need to go through a more difficult process than just asking the people they bought from to reveal their vote.

> why does a voter want to see their ballot?

Because of potential malware on the client's device that can manipulate a vote before it is cast.