search

Election-Tech-Initiative / electionguard-python

A python module implementing the ElectionGuard specification. This implementation can be used to conduct End-to-End Verifiable Elections as well as privacy-enhanced risk-limiting audits.
https://www.electionguard.vote/
MIT License
162 stars 97 forks source link

Guardian deserialization does not work correctly #317

Closed eleanor-em closed 3 years ago

eleanor-em commented 3 years ago

Bug Report

This issue was found using ElectionGuard 1.1.15 as published to PyPI.

Expected Behavior After creating a Guardian and running the key ceremony with other guardians, it should be possible (since Guardian inherits from Serializable) to serialize the guardian using

write_json(guardian, strip_privates=False)

and then to deserialize the same guardian later with

read_json(data, Guardian)

For example, this would be useful in the asynchronous case where key generation is done well in advance of the key being used to decrypt anything.

Actual Behavior This currently does not work due to a number of inconsistencies between what write_json writes, and what read_json expects. I have enumerated some of the inconsistencies below:

  1. read_json expects a top-level id key, but write_json names the key object_id instead.
  2. read_json expects top-level number_of_guardians and quorum keys, but write_json instead creates a nested object: 
    "ceremony_details": {
"number_of_guardians": 3,
"quorum": 2
}
  3. Deserialising DataStore does not work (see #316), so deserialising the following elements of Guardian also fails:
    • _backups_to_share
    • _guardian_auxiliary_public_keys
    • _guardian_election_public_keys
    • _guardian_election_partial_key_backups
    • _guardian_election_partial_key_verifications
keithrfung commented 3 years ago

The Guardian in the future will never be serialized directly. The Guardian class is designed to be a stateful helper for individuals to use functions but the artifact that needs to be serialized contains significantly less data. We are currently calling this a GuardianRecord

vteague commented 3 years ago

So @keithrfung are you saying that GuardianRecord is a different way of serialising the same data, i.e. the guardian's private key, commitment openings, etc?

keithrfung commented 3 years ago

The guardian information is serialized to be included in the published Election Record for end to end verification process.

This record ensures that all the required information for the guardian is serialized. The public key and the commitments are included, yes.