I like the ideas but do have one caution. The receipt needs to be done in such a way as to prevent someone from using that receipt to see what votes were cast. If that were allowed, it would potentially allow thugs to force a voter to reveal how they voted. Think union thugs coming to a person’s home and taking the receipt and “verifying” their votes or bosses demanding the employee’s hash or be fired.
Yes, that is an absolute requirement.
I just realized I wrote the wrong thing: the ballot should be ENCRYPTED with the voting machines private key. That way, it cannot be reversed to reveal the contents.
The voting machines ID would be in cleartext (and signed) to provide a lookup into the private. key registry.
This is all off the shelf technology, and public domain. There’s no need to invent anything.