Sensus has been designed as an easily adaptable modular system. The polling protocol requires the existence of validator, tallier, and pollster modules. Additional modules may augment the Sensus system.
The responsibilities of the essential modules include all of the tasks described in Section 2, with the exception of the registration task (which many be performed by human officials or by an optional registrar module). The validator is responsible for the validation task, and the tallier is responsible for the tallying and collection tasks. The pollster acts as a voter's agent, performing all cryptographic and data transfer functions on a voter's behalf.
The Sensus protocol is based closely on a scheme proposed by Fujioka,
Okamoto, and Ohta [10] that uses blind
signatures
to provide security while protecting voters' privacy.
The Sensus protocol requires the voter to prepare a voted ballot,
encrypt it with a secret key, and blind it. The voter then signs the
ballot and sends it to the validator. The validator verifies that the
signature belongs to a registered voter who has not yet voted. If the
ballot is valid, the validator signs the ballot and returns it to the
voter. The voter removes the blinding encryption layer, revealing an
encrypted ballot signed by the validator. The voter then sends the
resultant signed encrypted ballot to the tallier. The tallier checks
the signature on the encrypted ballot. If the ballot is valid, the
tallier places it on a list of valid ballots to be published after all
voters vote. The tallier then signs the encrypted ballot and returns
it to the voter as a receipt. Upon receiving the receipt, the voter
sends the tallier the ballot decryption key. The tallier uses the key
to decrypt the ballot and add the vote to the tally.