Sensus has been designed as an easily adaptable modular system. The polling protocol requires the existence of validator, tallier, and pollster modules. Additional modules may augment the Sensus system.
The responsibilities of the essential modules include all of the tasks described in Section 2, with the exception of the registration task (which many be performed by human officials or by an optional registrar module). The validator is responsible for the validation task, and the tallier is responsible for the tallying and collection tasks. The pollster acts as a voter's agent, performing all cryptographic and data transfer functions on a voter's behalf.
The Sensus protocol is based closely on a scheme proposed by Fujioka, Okamoto, and Ohta [10] that uses blind signatures to provide security while protecting voters' privacy. The Sensus protocol requires the voter to prepare a voted ballot, encrypt it with a secret key, and blind it. The voter then signs the ballot and sends it to the validator. The validator verifies that the signature belongs to a registered voter who has not yet voted. If the ballot is valid, the validator signs the ballot and returns it to the voter. The voter removes the blinding encryption layer, revealing an encrypted ballot signed by the validator. The voter then sends the resultant signed encrypted ballot to the tallier. The tallier checks the signature on the encrypted ballot. If the ballot is valid, the tallier places it on a list of valid ballots to be published after all voters vote. The tallier then signs the encrypted ballot and returns it to the voter as a receipt. Upon receiving the receipt, the voter sends the tallier the ballot decryption key. The tallier uses the key to decrypt the ballot and add the vote to the tally.