Selecting bottom-tier proxies by secret ballot sure seems like a messy problem. Depending on the problem definition (the requirements), I'm not confident that there is a solution.
For those that want to try to find a solution, I offer the following paper as inspiration: www.votegrity.com Secret-Ballot Receipts: True Voter-Verifiable Elections by David Chaum A new kind of receipt sets a far higher standard of security by letting voters verify the election outcome—even if all election computers and records were compromised. The system preserves ballot secrecy, while improving access, robustness, and adjucation, all at lower cost. This is a very interesting paper, and it's not hard to understand the outline of the solution. However, I found it very difficult to understand the details, and verify that it would work as advertised. At the time I studied it, I felt like I understood about 75% of it - enough to be reasonably confident that it would work (almost) as advertised. (The "almost" has to do with the probability of detecting tampering with the ballots. Chaum gives an example where he calculates the probability of detection at 99.9%. I think the probability is more like 95%, which I would think is still good enough to deter people from trying to tamper.) Enjoy! - Jan ---- election-methods mailing list - see http://electorama.com/em for list info
