the much much simpler, better way would be to provide working code that can be poked at, live demonstrating a time-travel-simulator proof of soundness and proof of zero-knowledge, per Matthew Green's Zero Knowledge Proofs: An illustrated primer examples "What makes it ‘zero knowledge’?" and "A thought experiment (with time machines)"
Why?
All three of these TODOs would be especially useful for NDP, since it provided unforgeable auth signature proofs, in order to be able to say anyone can independently verify end-to-end that every vote came from a single unique (anonymized) US passport.
Backstory
We hadn't leaned hard into these shuffle & decrypt proofs historically, since we usually don't have independently verifiable auth proofs, so the threat model usually was that the SIV server already could have switched out votes in the pre-shuffle steps. So voter's already needed to confirm their vote is in the final unlocked tallies anyway.
(Another related solution we've also been exploring is a better guarantee that accepted votes don't get lost between when vote is received (protocol step 3) and when votes get shuffled (protocol step 4). Then the independently verifiable Step 4 Shuffle Proofs and Step 5 Partial Decryption Proofs would also be more useful, because voters would get much more verification power from just checking their submitted vote at time-cast, with less need to come back after the final results are posted.)
SIV itself has been using the shuffle and decryption proofs to ensure that other Privacy Protectors aren't cheating (e.g. tampered client), so they were still useful to us.
But they alone weren't enough for independent verifiers to protect against a malicious SIV server. Unlike Verification #s, which do let voters fully verify steps 2, 3, 4, and 5 against a malicious SIV, and are much simpler to explain and understand, anyway. So we had always emphasized those far more.
The current SIV election status page doesn't currently:
/api/election/[election_id]/trustees/latest, but how are they to know that?Why?
All three of these TODOs would be especially useful for NDP, since it provided unforgeable auth signature proofs, in order to be able to say anyone can independently verify end-to-end that every vote came from a single unique (anonymized) US passport.
Backstory
We hadn't leaned hard into these shuffle & decrypt proofs historically, since we usually don't have independently verifiable auth proofs, so the threat model usually was that the SIV server already could have switched out votes in the pre-shuffle steps. So voter's already needed to confirm their vote is in the final unlocked tallies anyway.
(Another related solution we've also been exploring is a better guarantee that accepted votes don't get lost between when vote is received (protocol step 3) and when votes get shuffled (protocol step 4). Then the independently verifiable Step 4 Shuffle Proofs and Step 5 Partial Decryption Proofs would also be more useful, because voters would get much more verification power from just checking their submitted vote at time-cast, with less need to come back after the final results are posted.)
SIV itself has been using the shuffle and decryption proofs to ensure that other Privacy Protectors aren't cheating (e.g. tampered client), so they were still useful to us.
But they alone weren't enough for independent verifiers to protect against a malicious SIV server. Unlike Verification #s, which do let voters fully verify steps 2, 3, 4, and 5 against a malicious SIV, and are much simpler to explain and understand, anyway. So we had always emphasized those far more.