The shuffling proofs might be more complex. One description is here: http://www0.cs.ucl.ac.uk/staff/J.Groth/MinimalShuffle.pdf. It's not specific to Damgard-Jurik crypto, but it seems to work for general homomorphic encryption schemes.
I'll keep looking into this to see how difficult it would be to implement these proofs.
Based on the Shuffle-Sum paper, I think we need to do two types of zero-knowledge proofs:
Luckily, the Damgard-Jurik cryptosystem has range proofs that can help with the first point: https://www.brics.dk/DS/03/9/BRICS-DS-03-9.pdf (Section 4.3.4).
The shuffling proofs might be more complex. One description is here: http://www0.cs.ucl.ac.uk/staff/J.Groth/MinimalShuffle.pdf. It's not specific to Damgard-Jurik crypto, but it seems to work for general homomorphic encryption schemes.
I'll keep looking into this to see how difficult it would be to implement these proofs.