• voter ID (Real ID or better)
• tamper-evident paper audit log of who voted when
• tamper-evident digital and printed cryptographic blockchain online distributed audit log of who voted when (with cryptographic timestamps) with cryptographic markers of closing time
• paper ballots (with or without ballot marking devices, as long as voters can see they got marked correctly)
• ballot boxes that cannot print ballots
• tamper-evident ballot boxes
• I do like the idea that ballot boxes have a camera and take a picture of every ballot dropped, and these should be sent in batches of 100 encrypted (with public keys, and signed with device private keys with device serial number attestations from the vendor) to certified watchers from all parties so that altering the ballots after the precincts close is not an option
• two or more observers/canvassers have to approve every precinct's reporting, and it must match the batches-of-100 interim reporting
• better rules for what happens when rules are violated like: automatic throwing away of ballots, re-voting by the affected voters, and so on

This all means that we can have no post-closing ballot stuffing because that would yield more ballots than people voted according to the audit log. For the same reason they could not vote for people who were registered but didn't vote.

It would mean they could not change ballots after they were cast.

We could have fast and reliable counts.

The audit logs of who voted when could be used for detecting double voting.