Voting System

So, I want a voting system with the following properties:

I'm not yet convinced that such a system is possible.

So, the easiest way to do a lot of it is have the government give out secret keys. You sign you ballot, cast it. Every ballot is trusted by the government's key, you can check that they're valid and trusted, and I can see my own.

The issue here is that the government has the ability to log which citizen got which key.

So, my current idea involves getting some sort of nonce, potentially a key, from the government, and using that to build a key such that one can verify that it's legitimate without being able to figure out who got each one. It's impossible to both be able to check which nonce generated a key, and not be able to check which nonce generated a key.

But, I don't really need that. All I need is to be able to check that no two keys came from the same nonce, and that it was generated from a sanctioned nonce. That's it.

If I can get that part, then I'm good. The government authenticates people, and hands out nonces. Then, those nonces are used to build keys such that people can tell that this ballot is unique, but not which nonce created it. Unique and authentic. Then, even if the government did log which nonces went to which people, or made that information public, you still couldn't figure out which ballot was which, just that they were all equally appropriate, and mutually exclusive.

It's possible that's also impossible, though.

I've looked into Zero Knowledge Proofs of Knowledge some, and they seem to have potential. Specifically, the non-interactive ones. All that needs to be proven is "This ballot was cast using an official nonce" without revealing the nonce. And "This ballot was cast using a different nonce than that ballot" without revealing either nonce.

I haven't done enough reading to know if either is possible or not.