The presence of an open audit trail back to the source alleviates the requirement for "computer security" measures. Cryptography and balloting security have somewhat different requirements. They also have different operational parameters. For example, with cryptography, the primary concern is preventing compromise of the encrypted data. In voter tally tracking, what's important is ensuring accuracy.

Now, I proposed one method that would certainly be difficult to crack for the simple reason that several points in the process are required to have the same numbers. If they lack them, there's a deeper audit possible, i.e. reevaluation of the paper record. This is possible at two stages. Tampering with tallies from "unfriendly" precincts, as is the usual tampering practice, would require that both the stage 1 and stage 2 paper records be altered. Naturally, that couldn't be done, so they'd probably be "lost." However, there's also a stored magnetic or optical record. Our government has demonstrated, at least to limited extent, that they've managed to implement the ages-old technique of using locks and chains with considerable effectiveness. That SHOULD make tamplering with these auditable records more difficult, particularly if the paper records and machine-readable magnetic or optical records were stored in separate facilities.

That doesn't require that the end-station in the process verify that the tally was received from one and only one collection point, though that might not be a bad idea, and the actual content of the record need not be protected.

A really long CRC might be sufficient to ensure integrity of the recorded data.

RE