Right now, if we're asked to encrypt an overvoted ballot, the resulting proofs will not correctly verify. Resolving this issue requires two things:
interpreting an overvoted contest down to a blank input
placing something meaningful into the extended data
The extended data is meant to hold write-in data, original (uninterpreted) votes, and other such things, all encrypted with hashed ElGamal but the spec doesn't provide detailed guidance on this.
Right now, if we're asked to encrypt an overvoted ballot, the resulting proofs will not correctly verify. Resolving this issue requires two things:
The extended data is meant to hold write-in data, original (uninterpreted) votes, and other such things, all encrypted with hashed ElGamal but the spec doesn't provide detailed guidance on this.