The Shuffle protocol only sends the ID and the User who requested
a shuffle to the other nodes.
But this is not enough for the other nodes to trust the shuffle request!
A malicious root node might send a shuffle request even though the
evoting admin never asked for it.
The decrypt protocol also should include the full message as per issue #2507
to convince other nodes that the admin effectively requested a decryption
Fix: include the whole message as per issue #2507 to the other nodes so they can verify the request is legit
Shuffleprotocol only sends theIDand theUserwho requested a shuffle to the other nodes. But this is not enough for the other nodes to trust the shuffle request! A malicious root node might send a shuffle request even though the evoting admin never asked for it.decryptprotocol also should include the full message as per issue #2507 to convince other nodes that the admin effectively requested a decryptionFix: include the whole message as per issue #2507 to the other nodes so they can verify the request is legit