Here are a few reasons why 1 vote, 1 person, 1 identity CANNOT EVER BE safe: a) 1 vote, 1 person, 1 identity ALWAYS means that you can tie an individuals identity to their vote. Any voting system that cannot be guaranteed to be secret ballot cannot be gurataneed to be free. The reason that is true is the single master key problem. In an electronic system, a single master key can NOT ONLY match the identities to the votes eliminating any and all possibilities of ever having a secret ballot, a single master key can change votes instantly AND cover all of their tracks forever. And, yes, blockchain cannot solve the issue because a single master key can just wipe out the original blockchain and replace it in a fraction of a second with one that is altered to favour the parties. For every cryptographically sound solution you will bring up in response to this, I will be able to proposed a method to subvert it without ever having to break the cryptography. Please note that if you start to argue that the code should be open source, I agree. However, I will require you to argue that all of the firmware, virtualization layers AND all schematics for all pieces of hardware will need to be open sourced and verifiably confirmed as valid representations of the hardware it represents, because both of us know that the people that own the virtualization layers on cpus, operating systems on cpus, TPM chips, firmware on the nic cards and never mind the insertion of middle men in chip form on to the motherboard bus are THE REAL PEOPLE THAT CONTROL THE ELECTION. Not the os, not the software counting the votes and writing them to a public blockchain, not the sysadmins, not the owners of the companies making the vote counting machines and most certainly not the voters. In other words, what you meant to write is that the only thing that has been verified secure is a veeeeeeeeery thin layer of software and processes sitting on top of a morass of an ecosystem underneath that HAS NOT AND CANNOT BE VERFIED in any shape, method or form. b) The only method that we know of that allows for reasonable guarantee of a secret ballot is the paper vote. The reason for this is that even with multiple master key access, there is no way to discard all of the votes and replace them with new ones. All that you can do is pollute the vote. In addition to that, the evidence is ALWAYS MATERIAL and never ephemeral, which means, a normal person WITHOUT any special training can audit the vote, and the vote can be audited publicly while remaining a slient vote in order to guarantee freedom of opinion. Or to put it another way, those that own the voting computer own the caluclations used to count the votes. Or, to put it yet another way, the reason the last election was so easily stolen was that the computers allowed for syadmins to go in after the election and change / delete evidence, go in during the vote and adjoudicate votes and then delete the evidence AND on top of that, take all of your paper ballots in a few vans in the back and shuffle them through the computerized scanners (as opposed to humans) and do it so quickly as not to even hold anyone up. You are incorrect.