Let me put it a different way. Let us suppose that you are in New York State in 2016, voting for the US president, and let's ignore the strange things that can happen with write-ins. After a random shuffle your ballot might look like this:

                         | BALLOT #5846
                         |
    1. Hillary Clinton   |  [  ]  [barcode]
       Democratic Party  |
    2. Jill Stein        |  [  ]  [barcode]
       Green Party       |
    3. Gary Johnson      |  [  ]  [barcode]
       Libertarian Party |
    4. Donald Trump      |  [  ]  [barcode]
       Republican Party  |

The right hand side is scanned and it is what we make public. Everyone can confirm that you voted in this past election, and you punched the third (say) square in your ballot. But we also make it really easy for you to take, outside of the voting booth, any of a number of other left-hand sides in other random permutations. So if you wanted a left-hand side that said "Trump, Johnson, Stein, Clinton" that is easily available for you to take out of the booth.

Now after the election you can keep either or both papers and go to a government-run website and confirm that that right-hand side corresponds to who you voted for, and you can start a political watchdog group to make sure that the homomorphic operations were properly done on all of these peoples' right-hand-sides-of-ballots. But that web site is not saying "Oh hi it's you, you voted for Gary Johnson," it's saying "Oh hi it's you, you voted for the third person on your ballot." You know that the left-hand side you have says that candidate #3 was Gary Johnson, you saw the paper cut with your own eyes. But to everyone else, that left-hand-side is just a piece of paper.

So: we have made it very easy for you to forge any other vote, as far as any other party would be able to verify. Nobody else can confirm the connection between the piece of paper you hold in your hand and the piece of paper that has been scanned and appears in the public database. And since this is very easy to forge it is very valueless as a piece of information for vote-buying purposes.

So that stuff is all really straightforward. The only dodgy thing is, what if I were to hand you a ballot like this where every vote on the right hand side happened to be a bar code for Jill Stein? Since the number is encrypted, that is not something you would otherwise have access to.

And the solution there is burning ballots on-demand. You can make requests to the election authority asking to decrypt a ballot during the election; indeed we print a lot of extra ballots expecting folks to do this and we declare it their civic duty. When you do so, you get to reveal the "true" left-hand-side for a given right-hand-side and confirm that they are the same—but that ballot is thereafter invalidated and cannot participate in the election. As more and more people do this, it becomes more and more costly to do less and less vote-rigging in this way. So you get an implicit assurance that no tampering has happened in the process of getting this ballot to you, if you can trust that your communication pipeline to the decryption authority is secure and they are not compromised. (And if they are compromised there is very little you can do in any case.)

(The other mechanism just has a ballot which is two pieces of paper attached above each other with labels on the one piece of paper and holes that let you punch out the other piece of paper -- you can go online after the election and verify that the hole which was punched was the one you punched, but your ability to get other front-sheets at the voting booth makes it very easy for you to forge a ballot for say your employer where you appear to have publicly voted for their preferred candidate but secretly you voted for another one.)