Crypto Island

ElectionGuard + Cardano Dev Update #3: Election Tests

2025-12-23T00:00:00Z

How to run elections
- Single Election
- Test Suite
What’s tested?
What’s not tested?

This is dev update #3 for my fund13 project. You can find the code here, and a companion YouTube video here.

Today I’m excited to show a little more systematic suite of tests to verify that the elections I’m running work with a variety of parameters, and can withstand some hypothetical attacks. This isn’t meant to be a comprehensive security audit or cover the game theory or anything like that; it’s mainly meant to catch straightforward coding errors.

How to run elections

I plan to make this part of the main codebase going forward, so I kept the single election entrypoint and added a new one for tests.

Single Election

Edit election.json and run election.sh to try things.

cd electionguard-cardano/milestone1/tests
nix develop
./election.sh

There’s one new attacks field, which we’ll get to below. The old dev options also still work.

The other change is that the admin, guardians, and independent verifiers automatically do their own verifications now. The admin’s takes the place of the separate official summary JSON I used in the first version.

$ tree data/public/4_verify
data/public/4_verify
├── admin_1.json
├── guardian_1.json
├── guardian_2.json
├── guardian_3.json
└── verifier_1.json

Test Suite

More interestingly, test.sh uses Hypothesis to generate arbitrary election configs, runs the corresponding test elections, and verifies some properties of the output files. The elections can be slow (2.5 hours to run 143 of them on my laptop), but it caches the output files so at least editing and re-running the property tests is fast.

cd electionguard-cardano/milestone1/tests
nix develop
./test.sh

============================= test session starts ==============================
platform linux -- Python 3.12.11, pytest-8.3.5, pluggy-1.5.0 -- ...
... collected 51 items

election.py::test_json_voteconfig <- config.py PASSED                    [  1%]
election.py::test_json_contestconfig <- config.py PASSED                 [  3%]
election.py::test_json_electionconfig <- config.py PASSED                [  5%]
election.py::test_json_attackcfg <- config.py PASSED                     [  7%]
election.py::test_json_honestrun <- config.py PASSED                     [  9%]
election.py::test_json_attackrun <- config.py PASSED                     [ 11%]
election.py::test_honest_always_verified PASSED                          [ 13%]
election.py::test_honest_all_verifiers_agree_exactly PASSED              [ 15%]
election.py::test_honest_n_verifications_matches_cfg PASSED              [ 17%]
election.py::test_honest_cast_votes_match_config PASSED                  [ 19%]
election.py::test_honest_spoiled_votes_match_config PASSED               [ 21%]
election.py::test_honest_manifest_verified PASSED                        [ 23%]
election.py::test_honest_ceremony_details_verified PASSED                [ 25%]
election.py::test_honest_gather_announce_verified PASSED                 [ 27%]
election.py::test_honest_all_guardian_backups_verified PASSED            [ 29%]
election.py::test_honest_all_guardian_verifications_verified PASSED      [ 31%]
election.py::test_honest_gather_ceremony_verified PASSED                 [ 33%]
election.py::test_honest_joint_key_verified PASSED                       [ 35%]
election.py::test_honest_build_election_verified PASSED                  [ 37%]
election.py::test_honest_constants_verified PASSED                       [ 39%]
election.py::test_honest_context_verified PASSED                         [ 41%]
election.py::test_honest_gather_constants_verified PASSED                [ 43%]
election.py::test_honest_all_devices_verified PASSED                     [ 45%]
election.py::test_honest_gather_config_verified PASSED                   [ 47%]
election.py::test_honest_all_ballots_submitted_verified PASSED           [ 49%]
election.py::test_honest_all_ballots_cast_verified PASSED                [ 50%]
election.py::test_honest_all_ballots_spoiled_verified PASSED             [ 52%]
election.py::test_honest_all_spoiled_results_verified PASSED             [ 54%]
election.py::test_honest_n_spoiled_decrypted_verified PASSED             [ 56%]
election.py::test_honest_n_cast_spoiled_submitted_verified PASSED        [ 58%]
election.py::test_honest_set_spoiled_decrypted_verified PASSED           [ 60%]
election.py::test_honest_set_cast_spoiled_submitted_verified PASSED      [ 62%]
election.py::test_honest_ballot_sets_verified PASSED                     [ 64%]
election.py::test_honest_ciphertext_tally_verified PASSED                [ 66%]
election.py::test_honest_tally_aggregation_verified PASSED               [ 68%]
election.py::test_honest_plaintext_tally_verified PASSED                 [ 70%]
election.py::test_honest_tally_decryption_verified PASSED                [ 72%]
election.py::test_honest_gather_tally_verified PASSED                    [ 74%]
election.py::test_honest_gather_decryptions_verified PASSED              [ 76%]
election.py::test_honest_gather_election_verified PASSED                 [ 78%]
election.py::test_attack_admin_withhold_manifest PASSED                  [ 80%]
election.py::test_attack_admin_ghost_after_vote PASSED                   [ 82%]
election.py::test_attack_device_withhold_submitted_ballot PASSED         [ 84%]
election.py::test_attack_device_withhold_cast_ballot PASSED              [ 86%]
election.py::test_attack_device_withhold_spoiled_ballot PASSED           [ 88%]
election.py::test_attack_device_mutate_submitted_ballot PASSED           [ 90%]
election.py::test_attack_device_mutate_spoiled_ballot PASSED             [ 92%]
election.py::test_attack_guardian_withhold_tally_share PASSED            [ 94%]
election.py::test_attack_guardian_withhold_spoiled_share PASSED          [ 96%]
election.py::test_verifiers_notice_attacks PASSED                        [ 98%]
election.py::test_attacks_are_logged PASSED                              [100%]

======================= 51 passed in 9118.83s (2:31:58) ========================

$ tree -L 2 tests
tests
├── test01ac1
│   ├── data
│   ├── election.json
│   └── election.log
├── test02b86
│   ├── data
│   ├── election.json
│   └── election.log
├── ...
└── testffd9e
    ├── data
    ├── election.json
    └── election.log

287 directories, 286 files

As you can see, each test is like the single elections we’ve been looking at so far. They’re deterministic (random seeds based on config file hashes), so you can delete one and re-run the tests to have the same config recreated and run again.

Side note: the tests could probably be sped up significantly by running them in parallel. I didn’t do that yet because I wanted to make sure they all pass before introducing any potential issues related to interactions between Docker networks.

What’s tested?

Besides some small details like round-tripping config files, the main things are:

for any honest (non-attacked) election, the verifiers should verify a bunch of properties
for any attacked election, the verifiers should fail to certify gather_election
for specific types of attacks, there are specific additional DAG nodes that should fail to verify
some attacks cause certain phases of the election to be skipped, but verifiers should always run at the end

Honest Runs

The most important properties being verified here are probably that the verifiers always certify honest elections, and the final tally always equals the cast votes from the JSON config.

@given_honest_election()
def test_honest_gather_election_verified(testdir: ElectionTestDir):
  assert_verifiers_verified(testdir, 'gather_election')

@given_honest_election()
def test_honest_cast_votes_match_config(testdir: ElectionTestDir):

    cfg = load_config_json(testdir)
    expected_cast_totals = cast_vote_totals_from_config(cfg)

    # admin isn't special here; could use any verifier
    summary = load_summary_json(testdir, 'admin_1')
    actual_cast_totals = sorted(summary['Final tally of cast ballots'])

    assert len(expected_cast_totals) == len(actual_cast_totals)
    for (expected, actual) in zip(expected_cast_totals, actual_cast_totals):

        assert set(expected['answers'].keys()) == set(actual['answers'].keys())

        for (answer, n_actual) in actual['answers'].items():
            assert n_actual == expected['answers'][answer]

Attack Runs

Just as import important, and probably more fun, are the attack tests! Here are the ones I’ve written so far:

ATTACKS = { 
    'admin_ghost_after_vote'          : {'who': 'admin', 'when': ['tally', 'decrypt_results']},
    'admin_withhold_manifest'         : {'who': 'admin', 'when': ['build_manifest']},
    'device_mutate_spoiled_ballot'    : {'who': 'device', 'when': ['vote_reveal_all']},
    'device_mutate_submitted_ballot'  : {'who': 'device', 'when': ['vote_commit_all']},
    'device_withhold_cast_ballot'     : {'who': 'device', 'when': ['vote_reveal_all']},
    'device_withhold_spoiled_ballot'  : {'who': 'device', 'when': ['vote_reveal_all']},
    'device_withhold_submitted_ballot': {'who': 'device', 'when': ['vote_commit_all']},
    'guardian_withhold_spoiled_share' : {'who': 'guardian', 'when': ['decrypt_shares']},
    'guardian_withhold_tally_share'   : {'who': 'guardian', 'when': ['decrypt_shares']},
}

The way they’re implemented is that in the main election function in [election.py][elpy], I’ve added an optional attack after each step.

def election(cfg, log):
    try:
        build_manifest(cfg, log)        ; attack_all(cfg, log, 'build_manifest')
        announce_key_ceremony(cfg, log) ; attack_all(cfg, log, 'announce_key_ceremony')
        key_ceremony_round1(cfg, log)   ; attack_all(cfg, log, 'key_ceremony_round1')
        key_ceremony_round2(cfg, log)   ; attack_all(cfg, log, 'key_ceremony_round2')
        key_ceremony_round3(cfg, log)   ; attack_all(cfg, log, 'key_ceremony_round3')
        publish_joint_key(cfg, log)     ; attack_all(cfg, log, 'publish_joint_key')
        build_election(cfg, log)        ; attack_all(cfg, log, 'build_election')
        add_devices(cfg, log)           ; attack_all(cfg, log, 'add_devices')
        ids = vote_commit_all(cfg, log) ; attack_all(cfg, log, 'vote_commit_all')
        vote_reveal_all(cfg, log, ids)  ; attack_all(cfg, log, 'vote_reveal_all')
        tally(cfg, log)                 ; attack_all(cfg, log, 'tally')
        decrypt_shares(cfg, log)        ; attack_all(cfg, log, 'decrypt_shares')
        decrypt_results(cfg, log)       ; attack_all(cfg, log, 'decrypt_results')
    except Exception as e:
        print(e)
    finally:
        verify(cfg, log) ; attack_all(cfg, log, 'verify')

Attacks are listed by name in election.json. When attack_all is called with the relevant step, it randomly corrupts one of the containers with the relevant role and has it run an attack function from attack.py. Then the rest of the election continues normally.

Example “mutate” attack

Let’s look at one particular attack I think is cool, and that helps give some confidence the cryptography is working as intended. Here’s the implementation.

# election.py
@given_attacked_election('device_mutate_submitted_ballot', max_examples=50)
def test_attack_device_mutate_submitted_ballot(testdir: ElectionTestDir):
    assert_verifiers_reject(testdir, [
        'all_ballots_submitted',

        # The tally will still validate if the mutated ballot
        # was spoiled rather than cast, so this may work:
        # 'ciphertext_tally',

        'gather_election',
    ])

# scripts/attack.py
@announce_attack
def device_mutate_submitted_ballot(log, pubdir, privdir, step):
    submitted_ballots = set(d['ballot_id'] for d in list_submitted_ballot_fmtargs(pubdir))
    own_ballots       = set(d['ballot_id'] for d in list_own_ballot_fmtargs(privdir))
    valid_choices = [{'ballot_id': i} for i in own_ballots.intersection(submitted_ballots)]
    ballot_fmtargs = random.choice(valid_choices)
    mutate_public_record_crypto_in_place(
        log, pubdir, 'ballot_submitted',
        [

            # These can be changed without verifiers noticing:
            # 'description_hash',
            # 'manifest_hash',
            # 'pad',

            # These can't:
            'challenge',
            'crypto_hash',
            'data'
            'proof_one_data',
            'proof_one_pad',
            'proof_one_response',
            'proof_zero_data',
            'proof_zero_pad',
            'proof_zero_response',

        ],
        **ballot_fmtargs
    )

Attack calls are logged in the main election log, and more detailed logs are available in the private data of the corrupted container.

# election.log
### attack ###

docker exec testbea22-device2-1 poetry run /scripts/attack.py attack --public-dir /data/public --private-dir /data/private --logfile /data/private/attack.log --attack-fn device_mutate_submitted_ballot --step vote_commit_all --random-seed 62058

# data/private/device_2/attack.log
### running device_mutate_submitted_ballot ###

targeting /data/public/2_ballots/1_submitted/ballot-ba77bc54-df81-11f0-a9fc-32689d655a73.json
there are 31 matching keys
targeting match 6, proof_one_response
mutated char 22: 9 -> 6
old: BA796CFF96207D51E84852955ED4719023799ED479F5F86271F6AC7E9696C87D
new: BA796CFF96207D51E84852655ED4719023799ED479F5F86271F6AC7E9696C87D
overwrote /data/public/2_ballots/1_submitted/ballot-ba77bc54-df81-11f0-a9fc-32689d655a73.json

### finished device_mutate_submitted_ballot ###

As you can see it targets a specific device, then a submitted ballot, then a crypto field within that ballot, and a character in that field. It changes that one character to a different random hex value and saves the file.

This is admittedly a biologist’s approach to cryptography, but hey it works! Hypothesis generates up to 50 election configs with that attack in them, runs the elections, and asserts that the verifiers always catch the error.

They do, and they give a reassuringly reasonable (if long) error message:

{                                                                                                          
    "ballot_submitted": {                                                                                              
      "ballot-ba77bc54-df81-11f0-a9fc-32689d655a73": "chaum_pedersen.py.is_valid:#L114: found an invalid Disjunctive Ch
aum-Pedersen proof: {'in_bounds_alpha': True, 'in_bounds_beta': True, 'in_bounds_a0': True, 'in_bounds_b0': True, 'in_b
ounds_a1': True, 'in_bounds_b1': True, 'in_bounds_c0': True, 'in_bounds_c1': True, 'in_bounds_v0': True, 'in_bounds_v1'
: True, 'consistent_c': True, 'consistent_gv0': True, 'consistent_gv1': False, 'consistent_kv0': True, 'consistent_gc1k
v1': False, 'k': 'E02A3CB1BAD36433B3357541B946B2BA791428A0B870A0D4A048B64025B2BFD365C5C0874EF9A9DE65808BC9AB458A6815CD7
1A9B2F290B486EBD141DEC7ED40647379B1A4431B12353E84F40D989AD1B127992E88FA8C273FF1706F4B736CDF45DFF70959F5CA4088256620E4AC
BA3E62172B5F4F53FE8CFE9664F5C965887686C66F3CB679F7BF497EF025CCC4F49C56DEF9AC6DA73537D4C85ED35D1E1C3E6E30B7215CB2C207A90
07178C1F1E20A58D466F53340E445220D034B612EDA7D37DEC72B6C4F63C2F775358B32AFC221366DFE256B2BA5EC1CEDDB183823329FF0CB9C68FD
42B679FCD792411712E955B10BD6BA9AEEE3C6CB898075744AB70FDBD7241618EA6644BEF1E94BB10CB995F641915BE625330B29929BCF3B1C0010A
527502469CF86475DFA1BF155ADC4D146E7ECF62691137329D5EADF4D6089327CAF5FEC77C9A122BB905D818418CEBB13102E5CD8823949775DADAA
4A4715B19B749C43ECD7BD13A1432DBFC977CDBDE0595F1CC6F9098E0226000DDD2B035DA458D11C2899A8A9FE36B3066A347D971B15EB0CC045C4B
E5727F29468FAD0467E6A7676C76A3A8220CD02E3A59013B31C22E8078F4638D59361DC726A312ECAC1D09F22874023E0C2EF7F52C2C51E460EE989
C4E64E832271F32F06BB74BC5514B8B3163709E65029DA46CBCBEC0262768781B87D7F01843DBBFFA19C2E7BDE', 'proof': DisjunctiveChaumP
edersenProof(proof_zero_pad='9994F4B2E5F5C6AA5A0EE7B5042C96FEA1231DC87A474D2A658FF8FFA01334F78688013A8D1F2E8D9B5F6B6201
70D40A12B166B1E3F59227F9336B01B8E664E032088758295A89BDCDDF8B3029695742C881A0FF833181C06DD27671DF6FD21561DF97B06203D8F67
04AD0DAFD82CA053E9882B67AA3752FCC45D79E87FC3F130410A5D66794695E3C67F7D4F82A816D3812BA0E780351900B525D94CDCA208861830987
095E22F04E5035B05F65A31D66292682A1FD0EC61D257DD0A21E8846BAADCF6F7057AE06236B7881726D8FC4D833557D8154A00D5F7CDE21D843058
65E1C8661D196EB32369137D0C2F149BF2C42AE1927DD43813BFAD71E0C8A1EF7BA058C5A4E47B42BD2E5C490ED2F090FFFFEC9755F4E4DED1FD428
8AC797290701FDDE425E36AE2E116D30BF2B6389F25CBE7C7366C68F3E4260F09E31C5FDBA6CC4EF3BD80DF9970CC69E594C003D5403F6F351957D7
2672A04DF01DA764EA51490329A3C330187DBAA67F33BD2F0F409DDD78E5E452E1FE34F1767021BD77FC1AC62C3A2F3CD1F54E263AA91363B2F2252
40F1E3F317B87CBA9806E148E3AEA61910EF29AAD1A2992BB988F6C78E44BFB16277D3FD5A09F7F5A3C66E9F0E8F2965279128D647A6653D08020D9
92083DDA80D9CE44276A9F457C25CA7AC8EBC894E4479540C81C540B95381E54A73D2F5BCE9C7E0DB68BD444835988759B8D3', proof_zero_data
='ED6BE23226ED3B1B863CCC9D675A60E1C050700AAE44050197B0AE710A9C6CD99611F9AD2862D31D4CBDCA81361E29BA3A40C13A9383A7AD6BFDC
7FAE9BAC9136E680AE09272A31A24A93646614E8B4A8D2913D6DCF5A1586B2D938B6D2BFA9407744C6600712A99C75CA15079B63B89855CC20ED305
F1F4D92C071738C54F2A5379C1D8602BA3D9CA6CA798B0AE0B8E61E08E16621DC93F70FBBFEA4919BDEFF03580A9BC54768DB81BA24BFA66FB97BAB
3BF694739AB7BAF25400EA9E6878C5FBC26ECE97400C8E5A947BC936F1CA009B79AB2686D663DE16E76CD15436E75E4EEF8644C23B5D203095C318B
BC7CD4F0CE581382CB3D84678C5DB8AE75B778EE1858845B97C57F3809DE570C2EC356FF28D4AE6A6E7193A9AA370703088F12998FB1ACBD71AA237
A8E051ECE15C7891D00E29A3CE390344B4A153C21A179CA086EE0B0194A1D3661C0481DFC41C3AE59371A4B4DD598D2BF4FEF835FD1079374673377
5E74C23C851BE1795429148A416F9D1807B6B96830F8EF0B47E982894D51CF2B4DE933A43FA7BB9A52C92F9CE5405E704C58E100F102D26A95558F1
724B7F39E5AE1B405FC13289949F7E6B84BC22B132FB60925A3402C1544E17C8E110ECF19BD4573C05811CAE10A8AD482268B861B59C82B9F156357
891A9CA5B0A8D59003220A2D3C9EC1D22A118AB7EEB407433427F95D737E6CE34B2C20E154', proof_one_pad='4F6FE8E88B79B0C82F48247305C
4302ACD9AA8FA5050A517D7ED473FFDF8C129E50AF31B0482C586A16B4DF4E7DDDC0677BBB1C78F1F0E4B9256630CAC74144CCA5954D621D1CC347EF
ED3D13A39D3556FBE9023C17EAD2E77CDC96F7BD9C8C0FCEC8D934F02702B01C85DEE0C67B1F4C167F4D00931F4B7B918268CCCE4351261333F2C90E
1D9FC89BA86086CE1B0D828F4A9B9F2982F7A538ACAA74390237EFDDA83F2ECC3B960606050663E087AB9F2FE51139AE9831FC8418DA4D74AFFF20A4
E09F336B3A17FE33F21CD7403EC1B049FBEBF3EBE00A17386E2082675A3AA74E9E171779D027D7F658F2C46858C8A586A3787F4BF6DEDB185DCC8BF0
C547B695D7E5C3DEC654074F19F79100FB67B3D82E360B5E69F00C6CC1D26520F699929B509DEB690CA639912718574886D845811196E89BB589F4C4
F755943302D704ED4EB31A84E5A78F0D4D9C1AB3AA0E3C58DF0C59CE140E4047EC5303C300443F0A94C3391B6DAE4DC5C01BFCF9F8D7F146BD767CAF
5AE3365D365A385023BAACD23294B4D41B86ADFDF61319808BD809027ACE7399E555E4D32505433C3E14F87B7CBFEC49FA3B12FEE90C924B303C306F
7BE9EA1F3EFB47AFB56B5583CAA9938609C5636184A5E8FE8E6586E0A34E1112957296DE96874488DAF85CE1A2B21CA81765D5DDF0862AFEFEB6A179
E66DEC9F110B3F0B7C819CF5841D91F0997E2', proof_one_data='9D47AA0A0C4F7E948594C8C0898B18CE46922F1DB97D15C0E7001DDF571DCB60
3FA20CF667A1D422A0B69C3978DA1FCE209F27F6C5BE9A3D81A6E241FF40C068DB43B8CEB933C95F5CB71CEB98AA1841B8A10215B043861E4785F04E
FD54FB87C20541C3C4066735E97104FD1AC4C6101258F28FF6CE1DC0B4335AA5A1CA059C559584E867C4EE38A83919196E655734169E153F069B1993
013862C95DAFBEEA73BFFFC5640692C2AB744F7036D54E71D9DFC4457C8FF000EBE60213BA0035B7258E9AB812822AB47AB1A5B84CBB4CD4C51C615E
D0FB07C6310D98465EB031C8C3FFDAD52BB994C86C9773D4927AE9AA89B124764047B8EBC8F0FB1019D292E242F40881EBAF61E2937EA2536DF4F3B8
9CE3B42F99AFD53DEF6086358BD080639997A4498BE84345A81A1C24B6E822F30187024FF1FFA60A50D48404A6BD96C0E2CFD82E7182602BBA01A5D8
A188B5A829964396C70D4316050C8A694DE17C7CC32B66AE88AE276CE37C05ECF54E0319627F96F572127556319E3395D0D539DC06AF17F8E11225CA
6807F5CA0E23C14C7CB85B2E58D9B65401EA2F3FC4DA19CD00ACC36F66880A097A282D9F9CF7A88F1AFE7E82AE370ACFDDAB7A368ABB0898EB0544F1
392D6E42D2BD904A4931FD6BACB9FD1CC7A6DD6440729042F153C4A962FA3B54BF214F917CB77A6433E820675DBE4B2C6535D70C6F9932CAA293543D',
proof_zero_challenge='A29D945FF0E85DFB371DD51FE7ED6962D1C5AACF7F571B1557B69FCF9EE5999E', proof_one_challenge='44DD7A11F2
26AC02D72AC6A7DA7ABE8AF00111832AB512F95DF72F1E72782600', challenge='E77B0E71E30F09FE0E489BC7C26827EDC1C6BC52AA0C2E0EB5AD
CEEE115DBF9E', proof_zero_response='6A4B3ECBBB601F0DB1D49EA22D1888667706D0BD3C19D850CE48511EBC93EAA1', proof_one_respons
e='BA796CFF96207D51E84852655ED4719023799ED479F5F86271F6AC7E9696C87D', usage=\"Prove selectio
n's value (0 or 1)\">)}\nballot_validator.py.ballot_is_valid_for_election:#L30: ballot_is_valid_for_election: mismatchin
g ballot encryption ballot-ba77bc54-df81-11f0-a9fc-32689d655a73"
    },

What’s not tested?

These test can catch some things, but as I said above, they’re not comprehensive. One important thing that they can’t test for by design is whether the encryption devices are honestly encrypting the right votes or changing them.

For example, say I’m trying to vote for Alice. The encryption device says “OK, here’s your encrypted vote for Alice.” But it actually broadcasts a (properly) encrypted vote for Bob.

There’s no way to test for that without keeping a list of who each voter voted for, and that would violate ballot secrecy. Instead, ElectionGuard has separate mechanisms to catch it:

the Benaloh challenge (the “cast or spoil” thing)
risk-limiting audits

That’s all for today. Happy Holidays! The next dev update will be about publishing election artifacts via IPFS.

ElectionGuard + Cardano Dev Update #2: Election Verifier

2025-12-23T00:00:00Z

What I did
Official election artifacts
Don’t trust, verify!
- Human-readable Log
- Parsable JSON Summary
Design
- DAG
- verify_ functions
Can we break it?

This is dev update #2 for my fund13 project. You can find the code here, and a companion YouTube video here.

In the last update I packaged the ElectionGuard Python reference implementation into a Docker container and ran an election using multiple instances of it communicating via a shared folder. Today I want to show how to verify the artifacts in that folder.

What I did

I’m not a cryptographer, so I didn’t attempt to verify or rewrite any of the low level crypto code in the reference implementation here. This was more about rearranging it to be:

a little more comprehensive
clearer to read
compatible with my data file format
less monolithic and easier to run incrementally during an election

Official election artifacts

Files generated during a typical election look like this. You can create them by running the code in the first dev update.

data/
├── private
│   ├── admin_1
│   ├── device_1
│   │   └── plaintext_ballots
│   │       ├── ballot-f2f71be0-e023-11f0-8779-ce89c2e804da.json
│   │       ├── ballot-f512d9a0-e023-11f0-8c36-ce89c2e804da.json
│   │       └── ballot-f71c771a-e023-11f0-8c68-ce89c2e804da.json
│   ├── device_2
│   │   └── plaintext_ballots
│   │       ├── ballot-f38097b2-e023-11f0-bd15-faf5e3d58ded.json
│   │       ├── ballot-f595f4d4-e023-11f0-aea1-faf5e3d58ded.json
│   │       └── ballot-f79e812e-e023-11f0-920c-faf5e3d58ded.json
│   ├── device_3
│   │   └── plaintext_ballots
│   │       ├── ballot-f408e6e4-e023-11f0-ba1e-2eb40f2ca782.json
│   │       ├── ballot-f616747e-e023-11f0-b569-2eb40f2ca782.json
│   │       └── ballot-f82655ae-e023-11f0-bb16-2eb40f2ca782.json
│   ├── device_4
│   │   └── plaintext_ballots
│   │       ├── ballot-f48c8210-e023-11f0-9bda-66b350748407.json
│   │       ├── ballot-f69b75b6-e023-11f0-a295-66b350748407.json
│   │       └── ballot-f8a750f0-e023-11f0-b410-66b350748407.json
│   ├── guardian_1
│   │   └── election_key_pair.json
│   ├── guardian_2
│   │   └── election_key_pair.json
│   └── guardian_3
│       └── election_key_pair.json
└── public
    ├── 1_config
    │   ├── 1_announce
    │   │   ├── 1_manifest.json
    │   │   └── 2_ceremony.json
    │   ├── 2_ceremony
    │   │   ├── 1_pubkeys
    │   │   │   ├── guardian_1.json
    │   │   │   ├── guardian_2.json
    │   │   │   └── guardian_3.json
    │   │   ├── 2_backups
    │   │   │   ├── guardian_1_backup_2.json
    │   │   │   ├── guardian_1_backup_3.json
    │   │   │   ├── guardian_2_backup_1.json
    │   │   │   ├── guardian_2_backup_3.json
    │   │   │   ├── guardian_3_backup_1.json
    │   │   │   └── guardian_3_backup_2.json
    │   │   └── 3_verifications
    │   │       ├── guardian_1_backup_2.json
    │   │       ├── guardian_1_backup_3.json
    │   │       ├── guardian_2_backup_1.json
    │   │       ├── guardian_2_backup_3.json
    │   │       ├── guardian_3_backup_1.json
    │   │       └── guardian_3_backup_2.json
    │   ├── 3_election
    │   │   ├── constants.json
    │   │   ├── context.json
    │   │   └── joint_key.json
    │   └── 4_devices
    │       ├── device_1.json
    │       ├── device_2.json
    │       ├── device_3.json
    │       └── device_4.json
    ├── 2_ballots
    │   ├── 1_submitted
    │   │   ├── ballot-f2f71be0-e023-11f0-8779-ce89c2e804da.json
    │   │   ├── ballot-f38097b2-e023-11f0-bd15-faf5e3d58ded.json
    │   │   ├── ballot-f408e6e4-e023-11f0-ba1e-2eb40f2ca782.json
    │   │   ├── ballot-f48c8210-e023-11f0-9bda-66b350748407.json
    │   │   ├── ballot-f512d9a0-e023-11f0-8c36-ce89c2e804da.json
    │   │   ├── ballot-f595f4d4-e023-11f0-aea1-faf5e3d58ded.json
    │   │   ├── ballot-f616747e-e023-11f0-b569-2eb40f2ca782.json
    │   │   ├── ballot-f69b75b6-e023-11f0-a295-66b350748407.json
    │   │   ├── ballot-f71c771a-e023-11f0-8c68-ce89c2e804da.json
    │   │   ├── ballot-f79e812e-e023-11f0-920c-faf5e3d58ded.json
    │   │   ├── ballot-f82655ae-e023-11f0-bb16-2eb40f2ca782.json
    │   │   └── ballot-f8a750f0-e023-11f0-b410-66b350748407.json
    │   ├── 2_cast
    │   │   ├── ballot-f48c8210-e023-11f0-9bda-66b350748407.json
    │   │   ├── ballot-f616747e-e023-11f0-b569-2eb40f2ca782.json
    │   │   ├── ballot-f69b75b6-e023-11f0-a295-66b350748407.json
    │   │   ├── ballot-f79e812e-e023-11f0-920c-faf5e3d58ded.json
    │   │   ├── ballot-f82655ae-e023-11f0-bb16-2eb40f2ca782.json
    │   │   └── ballot-f8a750f0-e023-11f0-b410-66b350748407.json
    │   └── 3_spoiled
    │       ├── ballot-f2f71be0-e023-11f0-8779-ce89c2e804da.json
    │       ├── ballot-f38097b2-e023-11f0-bd15-faf5e3d58ded.json
    │       ├── ballot-f408e6e4-e023-11f0-ba1e-2eb40f2ca782.json
    │       ├── ballot-f512d9a0-e023-11f0-8c36-ce89c2e804da.json
    │       ├── ballot-f595f4d4-e023-11f0-aea1-faf5e3d58ded.json
    │       └── ballot-f71c771a-e023-11f0-8c68-ce89c2e804da.json
    └── 3_results
        ├── 1_tally.json
        ├── 2_decrypt
        │   ├── 1_shares
        │   │   ├── 1_tally
        │   │   │   ├── tally_guardian_1.json
        │   │   │   ├── tally_guardian_2.json
        │   │   │   └── tally_guardian_3.json
        │   │   └── 2_spoiled
        │   │       ├── ballot-f2f71be0-e023-11f0-8779-ce89c2e804da_guardian_1.json
        │   │       ├── ballot-f2f71be0-e023-11f0-8779-ce89c2e804da_guardian_2.json
        │   │       ├── ballot-f2f71be0-e023-11f0-8779-ce89c2e804da_guardian_3.json
        │   │       ├── ballot-f38097b2-e023-11f0-bd15-faf5e3d58ded_guardian_1.json
        │   │       ├── ballot-f38097b2-e023-11f0-bd15-faf5e3d58ded_guardian_2.json
        │   │       ├── ballot-f38097b2-e023-11f0-bd15-faf5e3d58ded_guardian_3.json
        │   │       ├── ballot-f408e6e4-e023-11f0-ba1e-2eb40f2ca782_guardian_1.json
        │   │       ├── ballot-f408e6e4-e023-11f0-ba1e-2eb40f2ca782_guardian_2.json
        │   │       ├── ballot-f408e6e4-e023-11f0-ba1e-2eb40f2ca782_guardian_3.json
        │   │       ├── ballot-f512d9a0-e023-11f0-8c36-ce89c2e804da_guardian_1.json
        │   │       ├── ballot-f512d9a0-e023-11f0-8c36-ce89c2e804da_guardian_2.json
        │   │       ├── ballot-f512d9a0-e023-11f0-8c36-ce89c2e804da_guardian_3.json
        │   │       ├── ballot-f595f4d4-e023-11f0-aea1-faf5e3d58ded_guardian_1.json
        │   │       ├── ballot-f595f4d4-e023-11f0-aea1-faf5e3d58ded_guardian_2.json
        │   │       ├── ballot-f595f4d4-e023-11f0-aea1-faf5e3d58ded_guardian_3.json
        │   │       ├── ballot-f71c771a-e023-11f0-8c68-ce89c2e804da_guardian_1.json
        │   │       ├── ballot-f71c771a-e023-11f0-8c68-ce89c2e804da_guardian_2.json
        │   │       └── ballot-f71c771a-e023-11f0-8c68-ce89c2e804da_guardian_3.json
        │   └── 2_combined
        │       ├── 1_tally.json
        │       └── 2_spoiled
        │           ├── ballot-f2f71be0-e023-11f0-8779-ce89c2e804da.json
        │           ├── ballot-f38097b2-e023-11f0-bd15-faf5e3d58ded.json
        │           ├── ballot-f408e6e4-e023-11f0-ba1e-2eb40f2ca782.json
        │           ├── ballot-f512d9a0-e023-11f0-8c36-ce89c2e804da.json
        │           ├── ballot-f595f4d4-e023-11f0-aea1-faf5e3d58ded.json
        │           └── ballot-f71c771a-e023-11f0-8c68-ce89c2e804da.json
        └── 3_summary.json

34 directories, 93 files

In milestone 2 I plan to post everything under data/public to Cardano + IPFS.

Later, in a real election, I hope these files will be published by election officials in close to real time (allowing for optional delays to post batches of ballots for improved voter privacy). There will be an indexer app (developed in milestone 2 + 3) to allow any interested observer to keep their local copy in sync as an election progresses.

Side note: the plaintext ballots should not be kept by actual ElectionGuard voting machines. In a future hypothetical version of the protocol with staking, I might even favor having them post a signed message saying they’ve securely deleted each cast ballot so that they can be slashed if anyone can produce the plaintext.

The artifacts come with a summary of the results:

{
  "Tally of all cast ballots": [
    {
      "question": "Should pineapple be banned on pizza?",
      "votes": {
        "Unsure": 3,
        "No": 2,
        "Yes": 1
      }
    }
  ],
  "Individual spoiled ballots": {
    "f512d9a0-e023-11f0-8c36-ce89c2e804da": [
      {
        "Should pineapple be banned on pizza?": "No"
      }
    ],
    "f38097b2-e023-11f0-bd15-faf5e3d58ded": [
      {
        "Should pineapple be banned on pizza?": "Yes"
      }
    ],
    "f595f4d4-e023-11f0-aea1-faf5e3d58ded": [
      {
        "Should pineapple be banned on pizza?": "No"
      }
    ],
    "f2f71be0-e023-11f0-8779-ce89c2e804da": [
      {
        "Should pineapple be banned on pizza?": "Yes"
      }
    ],
    "f408e6e4-e023-11f0-ba1e-2eb40f2ca782": [
      {
        "Should pineapple be banned on pizza?": "Yes"
      }
    ],
    "f71c771a-e023-11f0-8c68-ce89c2e804da": [
      {
        "Should pineapple be banned on pizza?": "Unsure"
      }
    ]
  }
}

But, can we really trust the election officials to report that honestly?

Don’t trust, verify!

Any interested observer will be able to run one of hopefully many independently developed and audited verifiers to double check that the ElectionGuard protocol is being followed correctly, and (in later versions) to post certifications or disputes on chain.

Today’s code is a first draft of one possible verifier. Here’s how you can try it.

$ cd electionguard-cardano/milestone1/verifier
$ nix develop
$ ./verifier.py

/nix/store/wy5s1xijg5v4m1y26gk25vzz1xzd5m60-docker-compose.yaml
 Container verifier-verifier1-1  Starting
 Container verifier-verifier1-1  Started
docker exec verifier-verifier1-1 poetry run /scripts/verifier.py verify --public-dir /data/public --verifier-id verifier1 --logfile /data/public/verify.log

 Container verifier-verifier1-1  Stopping
 Container verifier-verifier1-1  Stopped
 Container verifier-verifier1-1  Removing
 Container verifier-verifier1-1  Removed
 Network verifier  Removing
 Network verifier  Removed

The terminal output isn’t very interesting; the files we want to look at are:

data/public/verify.log (a temporary location for the human-readable log)
data/public/4_verify/verifier1.json (the part that will go on chain)

Human-readable Log

Verifying announcement:
✅ manifest
✅ ceremony_details

Verifying key ceremony:
✅ guardian_pubkey {'guardian_id': 'guardian_1'}
✅ guardian_pubkey {'guardian_id': 'guardian_2'}
✅ guardian_pubkey {'guardian_id': 'guardian_3'}
✅ guardian_backup {'guardian_id': 'guardian_1', 'backup_order': 2}
✅ guardian_backup {'guardian_id': 'guardian_1', 'backup_order': 3}
✅ guardian_backup {'guardian_id': 'guardian_2', 'backup_order': 1}
✅ guardian_backup {'guardian_id': 'guardian_2', 'backup_order': 3}
✅ guardian_backup {'guardian_id': 'guardian_3', 'backup_order': 1}
✅ guardian_backup {'guardian_id': 'guardian_3', 'backup_order': 2}
✅ guardian_verification {'guardian_id': 'guardian_1', 'backup_order': 2}
✅ guardian_verification {'guardian_id': 'guardian_1', 'backup_order': 3}
✅ guardian_verification {'guardian_id': 'guardian_2', 'backup_order': 1}
✅ guardian_verification {'guardian_id': 'guardian_2', 'backup_order': 3}
✅ guardian_verification {'guardian_id': 'guardian_3', 'backup_order': 1}
✅ guardian_verification {'guardian_id': 'guardian_3', 'backup_order': 2}

Verifying election constants:
✅ joint_key
✅ constants
✅ internal_manifest
✅ context

Verifying 4 encryption devices:
✅ device {'device_number': 1}
✅ device {'device_number': 2}
✅ device {'device_number': 3}
✅ device {'device_number': 4}

Verifying 12 submitted ballots:
✅ ballot_submitted {'ballot_id': 'ballot-f8a750f0-e023-11f0-b410-66b350748407'}
✅ ballot_submitted {'ballot_id': 'ballot-f48c8210-e023-11f0-9bda-66b350748407'}
✅ ballot_submitted {'ballot_id': 'ballot-f82655ae-e023-11f0-bb16-2eb40f2ca782'}
✅ ballot_submitted {'ballot_id': 'ballot-f512d9a0-e023-11f0-8c36-ce89c2e804da'}
✅ ballot_submitted {'ballot_id': 'ballot-f79e812e-e023-11f0-920c-faf5e3d58ded'}
✅ ballot_submitted {'ballot_id': 'ballot-f38097b2-e023-11f0-bd15-faf5e3d58ded'}
✅ ballot_submitted {'ballot_id': 'ballot-f616747e-e023-11f0-b569-2eb40f2ca782'}
✅ ballot_submitted {'ballot_id': 'ballot-f595f4d4-e023-11f0-aea1-faf5e3d58ded'}
✅ ballot_submitted {'ballot_id': 'ballot-f69b75b6-e023-11f0-a295-66b350748407'}
✅ ballot_submitted {'ballot_id': 'ballot-f2f71be0-e023-11f0-8779-ce89c2e804da'}
✅ ballot_submitted {'ballot_id': 'ballot-f408e6e4-e023-11f0-ba1e-2eb40f2ca782'}
✅ ballot_submitted {'ballot_id': 'ballot-f71c771a-e023-11f0-8c68-ce89c2e804da'}

Verifying 6 cast ballots:
✅ cast_notice {'ballot_id': 'ballot-f8a750f0-e023-11f0-b410-66b350748407'}
✅ cast_notice {'ballot_id': 'ballot-f48c8210-e023-11f0-9bda-66b350748407'}
✅ cast_notice {'ballot_id': 'ballot-f82655ae-e023-11f0-bb16-2eb40f2ca782'}
✅ cast_notice {'ballot_id': 'ballot-f79e812e-e023-11f0-920c-faf5e3d58ded'}
✅ cast_notice {'ballot_id': 'ballot-f616747e-e023-11f0-b569-2eb40f2ca782'}
✅ cast_notice {'ballot_id': 'ballot-f69b75b6-e023-11f0-a295-66b350748407'}

Verifying 6 spoiled ballots:
✅ ballot_spoiled {'ballot_id': 'ballot-f512d9a0-e023-11f0-8c36-ce89c2e804da'}
✅ ballot_spoiled {'ballot_id': 'ballot-f38097b2-e023-11f0-bd15-faf5e3d58ded'}
✅ ballot_spoiled {'ballot_id': 'ballot-f595f4d4-e023-11f0-aea1-faf5e3d58ded'}
✅ ballot_spoiled {'ballot_id': 'ballot-f2f71be0-e023-11f0-8779-ce89c2e804da'}
✅ ballot_spoiled {'ballot_id': 'ballot-f408e6e4-e023-11f0-ba1e-2eb40f2ca782'}
✅ ballot_spoiled {'ballot_id': 'ballot-f71c771a-e023-11f0-8c68-ce89c2e804da'}

Verifying 6 spoiled ballot decyptions:
✅ spoiled_result {'ballot_id': 'ballot-f512d9a0-e023-11f0-8c36-ce89c2e804da'}
✅ spoiled_result {'ballot_id': 'ballot-f38097b2-e023-11f0-bd15-faf5e3d58ded'}
✅ spoiled_result {'ballot_id': 'ballot-f595f4d4-e023-11f0-aea1-faf5e3d58ded'}
✅ spoiled_result {'ballot_id': 'ballot-f2f71be0-e023-11f0-8779-ce89c2e804da'}
✅ spoiled_result {'ballot_id': 'ballot-f408e6e4-e023-11f0-ba1e-2eb40f2ca782'}
✅ spoiled_result {'ballot_id': 'ballot-f71c771a-e023-11f0-8c68-ce89c2e804da'}

Verifying ballot ID sets:
✅ 6 ballots spoiled = 6 ballots decrypted
✅ 6 ballots cast + 6 ballots spoiled = 12 ballots submitted
✅ set(spoiled ballot IDs) = set(decrypted ballot IDs)
✅ set(cast ballot IDs) + set(spoiled ballot IDs) = set(submitted ballot IDs)

Verifying final tally:
✅ ciphertext_tally format is valid
✅ ciphertext_tally is the correct aggregation of the 6 cast ballots
✅ plaintext_tally format is valid
✅ plaintext_tally guardian decryption shares are valid

Individual spoiled ballots:

f512d9a0-e023-11f0-8c36-ce89c2e804da
  Should pineapple be banned on pizza? No

f38097b2-e023-11f0-bd15-faf5e3d58ded
  Should pineapple be banned on pizza? Yes

f595f4d4-e023-11f0-aea1-faf5e3d58ded
  Should pineapple be banned on pizza? No

f2f71be0-e023-11f0-8779-ce89c2e804da
  Should pineapple be banned on pizza? Yes

f408e6e4-e023-11f0-ba1e-2eb40f2ca782
  Should pineapple be banned on pizza? Yes

f71c771a-e023-11f0-8c68-ce89c2e804da
  Should pineapple be banned on pizza? Unsure

Final tally of cast ballots:

Should pineapple be banned on pizza?
  3 Unsure
  2 No
  1 Yes

🎉 The election has been verified!

The summary looks the same as the one printed out by the admin container in the original election.py run, but now we (an observer) can trust it because we ran all the crypto operations locally ourselves.

Parsable JSON Summary

This is the version that will be posted on chain. I also hope independent observers will run dashboards showing live incremental verification progress, so I’ll evolve this format to make that as easy as possible.

{
  "Verified": {
    "manifest": true,
    "ceremony_details": true,
    "gather_announce": true,
    "all_guardian_backups": true,
    "all_guardian_verifications": true,
    "gather_ceremony": true,
    "joint_key": true,
    "build_election": true,
    "constants": true,
    "internal_manifest": true,
    "context": true,
    "gather_constants": true,
    "all_devices": true,
    "gather_config": true,
    "all_ballots_submitted": true,
    "all_ballots_cast": true,
    "all_ballots_spoiled": true,
    "all_spoiled_results": true,
    "n_spoiled_decrypted": true,
    "n_cast_spoiled_submitted": true,
    "set_spoiled_decrypted": true,
    "set_cast_spoiled_submitted": true,
    "ballot_sets": true,
    "ciphertext_tally": true,
    "tally_aggregation": true,
    "plaintext_tally": true,
    "tally_decryption": true,
    "gather_tally": true,
    "gather_decryptions": true,
    "gather_election": true
  },
  "Errors": {},
  "Final tally of cast ballots": [
    {
      "question": "Should pineapple be banned on pizza?",
      "answers": {
        "Unsure": 3,
        "No": 2,
        "Yes": 1
      }
    }
  ],
  "Individual spoiled ballots": {
    "f512d9a0-e023-11f0-8c36-ce89c2e804da": [
      {
        "Should pineapple be banned on pizza?": "No"
      }
    ],
    "f38097b2-e023-11f0-bd15-faf5e3d58ded": [
      {
        "Should pineapple be banned on pizza?": "Yes"
      }
    ],
    "f595f4d4-e023-11f0-aea1-faf5e3d58ded": [
      {
        "Should pineapple be banned on pizza?": "No"
      }
    ],
    "f2f71be0-e023-11f0-8779-ce89c2e804da": [
      {
        "Should pineapple be banned on pizza?": "Yes"
      }
    ],
    "f408e6e4-e023-11f0-ba1e-2eb40f2ca782": [
      {
        "Should pineapple be banned on pizza?": "Yes"
      }
    ],
    "f71c771a-e023-11f0-8c68-ce89c2e804da": [
      {
        "Should pineapple be banned on pizza?": "Unsure"
      }
    ]
  }
}

Design

I implemented the verifier as a DAG (directed acyclic graph) of Python functions to make it easier to extend and run incrementally. The idea is that when one artifact fails to verify, that failure should spread to any other checks that depend on it, but we should also still verify as many properties of the election as we can without it.

DAG

The colors are a little bit idiosyncratic:

orange is a “regular” node that checks one artifact.
blue is a map/list node that checks all the orange nodes of a particular type
blue is a trivial “gather” node, like a phony Makefile target, to make the log print nicely
yellow is one of the nodes we’ll look at in more detail in the next section

`verify_` functions

Each node corresponds to a function verify_ Let’s look at the code for the first yellow one above. It prints this part of the log:

Verifying ballot ID sets:
✅ 6 ballots spoiled = 6 ballots decrypted
✅ 6 ballots cast + 6 ballots spoiled = 12 ballots submitted
✅ set(spoiled ballot IDs) = set(decrypted ballot IDs)
✅ set(cast ballot IDs) + set(spoiled ballot IDs) = set(submitted ballot IDs)

def verify_ballot_sets(results, pubdir, log) -> bool:
    "Make sure the various sets of ballot IDs match up (nothing missing or extra)"
    log.info('\nVerifying ballot ID sets:')
    deps = verify_deps(
        n_spoiled_decrypted        = verify(results, pubdir, log, 'n_spoiled_decrypted'),
        n_cast_spoiled_submitted   = verify(results, pubdir, log, 'n_cast_spoiled_submitted'),
        set_spoiled_decrypted      = verify(results, pubdir, log, 'set_spoiled_decrypted'),
        set_cast_spoiled_submitted = verify(results, pubdir, log, 'set_cast_spoiled_submitted'),
    )
    return True

Besides the function per node, there are two special “verify” functions:

When a node depends on other checks to run first, it should load their results via verify_deps. That makes sure that all dependencies verify and short circuits the rest of the current function if one of them fails.
Within verify_deps, each dependency should be checked via verify. That caches results so each check only runs once.

Some functions correspond directly to a section of the log, but some don’t. For example, verify_tally_aggregation only prints one line:

def verify_tally_aggregation(results, pubdir, log):

    deps = verify_deps(
        manifest = verify(results, pubdir, log, 'manifest'),
        context = verify(results, pubdir, log, 'context'),
        all_ballots_cast = verify(results, pubdir, log, 'all_ballots_cast'),
        ciphertext_tally = verify(results, pubdir, log, 'ciphertext_tally'),
    )   

    n_cast = len(deps['all_ballots_cast'])

    def verify_closure():
        new_tally = CiphertextTally(
            "verify-tally",
            InternalManifest(deps['manifest']),
            deps['context']
        )   
        for ballot in deps['all_ballots_cast']:
            assert(new_tally.append(ballot, should_validate=True))
        assert new_tally.contests == deps['ciphertext_tally'].contests

    with_checkmark_message(
        f'ciphertext_tally is the correct aggregation of the {n_cast} cast ballots',
        verify_closure,
        log 
    )   

    return True

✅ ciphertext_tally is the correct aggregation of the 6 cast ballots

That’s because by the time it gets called in main, all the dependencies have already been checked.

def main(pubdir, log, verifier_id):

    # main program state
    # accumulates successful result objects and error messages
    results: ResultsCache = {}
    
    # these partially overlap, which is fine
    verify(results, pubdir, log, 'gather_config')
    verify(results, pubdir, log, 'all_ballots_submitted')
    verify(results, pubdir, log, 'all_ballots_cast')
    verify(results, pubdir, log, 'all_ballots_spoiled')
    verify(results, pubdir, log, 'all_spoiled_results')
    verify(results, pubdir, log, 'ballot_sets')
    verify(results, pubdir, log, 'gather_tally')
    verify(results, pubdir, log, 'gather_decryptions')
    verify(results, pubdir, log, 'gather_election')
    
    (successes, errors, bools) = simplify_and_partition(results, log)

    summarize_results(
        successes, errors, bools,
        pubdir, log, verifier_id,
    )

Can we break it?

One more thing for today: what happens if the artifacts aren’t all valid? Here’s an example of it failing because I manually removed one of the submitted ballots:

$ ./verify.py

# ... mostly same output as above ...
# ...
❌ ballot_submitted {'ballot_id': 'ballot-f2f71be0-e023-11f0-8779-ce89c2e804da'}
# ...

----------------------------------------
Final tally of cast ballots
----------------------------------------

Should pineapple be banned on pizza?
  Yes: 3
  No: 2
  Unsure: 1

⛔ The election could NOT be verified!
⛔ There were 9 errors.
⛔ See verifier1.json for details.

$ cat ../election/data/public/4_verify/verifier1.json | jq

{
  "Verified": {
    "manifest": true,
    "ceremony_details": true,
    "gather_announce": true,
    "all_guardian_backups": true,
    "all_guardian_verifications": true,
    "gather_ceremony": true,
    "joint_key": true,
    "build_election": true,
    "constants": true,
    "internal_manifest": true,
    "context": true,
    "gather_constants": true,
    "all_devices": true,
    "gather_config": true,
    "all_ballots_submitted": true,
    "all_ballots_cast": true,
    "all_ballots_spoiled": false,
    "all_spoiled_results": true,
    "n_spoiled_decrypted": false,
    "n_cast_spoiled_submitted": false,
    "set_spoiled_decrypted": false,
    "set_cast_spoiled_submitted": false,
    "ballot_sets": false,
    "ciphertext_tally": true,
    "tally_aggregation": true,
    "plaintext_tally": true,
    "tally_decryption": true,
    "gather_tally": true,
    "gather_decryptions": true,
    "gather_election": false
  },
  "Errors": {
    "ballot_submitted": {
      "ballot-f2f71be0-e023-11f0-8779-ce89c2e804da": "[Errno 2] No such file or directory: '/data/public/2_ballots/1_submitted/ballot-f2f71be0-e023-11f0-8779-ce89c2e804da.json'"
    },
    "ballot_spoiled": {
      "ballot-f2f71be0-e023-11f0-8779-ce89c2e804da": "dependencies failed: ballot_submitted"
    },
    "all_ballots_spoiled": "dependencies failed: ballot-f2f71be0-e023-11f0-8779-ce89c2e804da",
    "n_spoiled_decrypted": "dependencies failed: all_ballots_spoiled",
    "n_cast_spoiled_submitted": "dependencies failed: all_ballots_spoiled",
    "set_spoiled_decrypted": "dependencies failed: all_ballots_spoiled",
    "set_cast_spoiled_submitted": "dependencies failed: all_ballots_spoiled",
    "ballot_sets": "dependencies failed: n_cast_spoiled_submitted, n_spoiled_decrypted, set_cast_spoiled_submitted, set_spoiled_decrypted",
    "gather_election": "dependencies failed: ballot_sets"
  },
  "Final tally of cast ballots": [
    {
      "question": "Should pineapple be banned on pizza?",
      "answers": {
        "Unsure": 3,
        "No": 2,
        "Yes": 1
      }
    }
  ],
  "Individual spoiled ballots": {
    "f512d9a0-e023-11f0-8c36-ce89c2e804da": [
      {
        "Should pineapple be banned on pizza?": "No"
      }
    ],
    "f38097b2-e023-11f0-bd15-faf5e3d58ded": [
      {
        "Should pineapple be banned on pizza?": "Yes"
      }
    ],
    "f595f4d4-e023-11f0-aea1-faf5e3d58ded": [
      {
        "Should pineapple be banned on pizza?": "No"
      }
    ],
    "f2f71be0-e023-11f0-8779-ce89c2e804da": [
      {
        "Should pineapple be banned on pizza?": "Yes"
      }
    ],
    "f408e6e4-e023-11f0-ba1e-2eb40f2ca782": [
      {
        "Should pineapple be banned on pizza?": "Yes"
      }
    ],
    "f71c771a-e023-11f0-8c68-ce89c2e804da": [
      {
        "Should pineapple be banned on pizza?": "Unsure"
      }
    ]
  }
}

Because the ballot I removed turned out to be spoiled rather than cast, the final tally is valid and verifies normally. We want that, because otherwise it would be possible to hold up the entire election by messing with any single ballot and that could become a DDoS vector. But it also loudly warns which DAG nodes are invalid: the submitted ballot I removed, the corresponding spoiled one, and then all the nodes that depend on the list of spoiled ballots.

That’s all for now! If you want to play with breaking it in interesting ways I suggest starting from the dev update #3 code instead. It includes a test framework where you can implement custom attack functions.

ElectionGuard + Cardano Dev Update #1: Election Demo

2025-12-23T00:00:00Z

Architecture
The Pineapple Referendum
Dev options

Today’s code runs an ElectionGuard election locally using a set of Docker containers. It comes with a companion YouTube video and Asciinema demo.

Since this is the first update, here are some other project resources too:

jefdaj/electionguard-cardano is the main codebase
jefdaj/electionguard-python is my fork of the EG reference implementation
The Catalyst project page

Architecture

This is my rough plan for building out the demo:

Stage 1 is a Docker container packaging the reference implementation, which I did already.

Today’s demo is the first part of stage 2. It’s a top-level Python script controlling a set of Docker containers. election.py reads election.json, spins up the containers using Arion, and runs docker exec commands telling them what to do at each step:

The containers each have a private state in data/private/, and they communicate only via a shared data/public folder. For now we’ll just pretend it enforces the rules of a blockchain: files in there are timestamped, immutable, and digitally signed by the wallet of the party that added them. In milestone 2 (confusingly referred to as stage 3 in the diagram above) I’ll work on publishing these files over Cardano + IPFS.

I chose to set it up with Docker containers this way rather than my initial thought (pure Nix) for three main reasons:

It’ll make adding other components like Cardano, IPFS, Ogmios, Kupo easier
It’ll make the system easier to set up for technical users who want to host their own elections
The reference implementation depends on very specific library versions that I had trouble satisfying using anything other than Ubuntu or Debian from around the time it was published.

The Pineapple Referendum

This is a minimal ballot for testing purposes with only one question. The options in the reference implementation were “yes” and “no”, but I added an “unsure” option to check that I understand how to change them. (It’s a bit of a hack and involves making each answer a “candidate”.)

election.json scripts the number of votes for each option, so we can check at the end that the decrypted tally matches.

{
  "arion": {
    "project_name": "election",
    "bind_mounts": {
      "scripts": "/scripts",
      "public": "/data/public",
      "private": "/data/private"
    }
  },
  "election": {
    "guardians": {"count": 3, "quorum": 2},
    "devices": {"count": 4},
    "question": "Should pineapple be banned on pizza?"
  },
  "votes": {
    "Yes":    {"cast": 1, "spoil":3},
    "No":     {"cast": 2, "spoil":2},
    "Unsure": {"cast": 3, "spoil":1}
  }
}

Assuming you have Docker and Nix installed, and Nix flakes enabled, you can run the referendum.

cd electionguard-cardano/milestone1/election
nix develop
./election.sh

When it asks for your password, that’s only to delete ./data and possibly to enable Docker commands. Then it should run a bunch of docker exec commands, like this:

### setup ###

/nix/store/0hnya01zxwfsnd30l8lb9aiqqg2in27a-docker-compose.yaml
 Network election  Creating
 Network election  Created
 Container election-guardian1-1  Creating
 ...
 Container election-guardian1-1  Started

### build_manifest ###

docker exec election-admin1-1 poetry run /scripts/admin.py build-manifest --public-dir /data/public --referendum-question Should pineapple be banned on pizza?

### announce_key_ceremony ###

docker exec election-admin1-1 poetry run /scripts/admin.py announce-key-ceremony --public-dir /data/public --guardian-count 3 --guardian-quorum 2

### key_ceremony_round1 ###

docker exec election-guardian1-1 poetry run /scripts/guardian.py key-ceremony --public-dir /data/public --private-dir /data/private --ceremony-round 1 --guardian-id guardian_1 --guardian-sequence-order 1

docker exec election-guardian2-1 poetry run /scripts/guardian.py key-ceremony --public-dir /data/public --private-dir /data/private --ceremony-round 1 --guardian-id guardian_2 --guardian-sequence-order 2

docker exec election-guardian3-1 poetry run /scripts/guardian.py key-ceremony --public-dir /data/public --private-dir /data/private --ceremony-round 1 --guardian-id guardian_3 --guardian-sequence-order 3

### key_ceremony_round2 ###

docker exec election-guardian1-1 poetry run /scripts/guardian.py key-ceremony --public-dir /data/public --private-dir /data/private --ceremony-round 2 --guardian-id guardian_1 --guardian-sequence-order 1

docker exec election-guardian2-1 poetry run /scripts/guardian.py key-ceremony --public-dir /data/public --private-dir /data/private --ceremony-round 2 --guardian-id guardian_2 --guardian-sequence-order 2

docker exec election-guardian3-1 poetry run /scripts/guardian.py key-ceremony --public-dir /data/public --private-dir /data/private --ceremony-round 2 --guardian-id guardian_3 --guardian-sequence-order 3

### key_ceremony_round3 ###

docker exec election-guardian1-1 poetry run /scripts/guardian.py key-ceremony --public-dir /data/public --private-dir /data/private --ceremony-round 3 --guardian-id guardian_1 --guardian-sequence-order 1

docker exec election-guardian2-1 poetry run /scripts/guardian.py key-ceremony --public-dir /data/public --private-dir /data/private --ceremony-round 3 --guardian-id guardian_2 --guardian-sequence-order 2

docker exec election-guardian3-1 poetry run /scripts/guardian.py key-ceremony --public-dir /data/public --private-dir /data/private --ceremony-round 3 --guardian-id guardian_3 --guardian-sequence-order 3

### publish_joint_key ###

docker exec election-admin1-1 poetry run /scripts/admin.py publish-joint-key --public-dir /data/public

### build_election ###

docker exec election-admin1-1 poetry run /scripts/admin.py build-election --public-dir /data/public

### add_devices ###

docker exec election-device1-1 poetry run /scripts/device.py add-device --public-dir /data/public --device-number 1

docker exec election-device2-1 poetry run /scripts/device.py add-device --public-dir /data/public --device-number 2

docker exec election-device3-1 poetry run /scripts/device.py add-device --public-dir /data/public --device-number 3

docker exec election-device4-1 poetry run /scripts/device.py add-device --public-dir /data/public --device-number 4

### vote_all ###

docker exec election-device1-1 poetry run /scripts/device.py vote --public-dir /data/public --private-dir /data/private --device-number 1 --candidate Yes --spoil True

docker exec election-device2-1 poetry run /scripts/device.py vote --public-dir /data/public --private-dir /data/private --device-number 2 --candidate Yes --spoil True

docker exec election-device3-1 poetry run /scripts/device.py vote --public-dir /data/public --private-dir /data/private --device-number 3 --candidate Yes --spoil True

docker exec election-device4-1 poetry run /scripts/device.py vote --public-dir /data/public --private-dir /data/private --device-number 4 --candidate Yes --spoil False

docker exec election-device1-1 poetry run /scripts/device.py vote --public-dir /data/public --private-dir /data/private --device-number 1 --candidate No --spoil True

docker exec election-device2-1 poetry run /scripts/device.py vote --public-dir /data/public --private-dir /data/private --device-number 2 --candidate No --spoil True

docker exec election-device3-1 poetry run /scripts/device.py vote --public-dir /data/public --private-dir /data/private --device-number 3 --candidate No --spoil False

docker exec election-device4-1 poetry run /scripts/device.py vote --public-dir /data/public --private-dir /data/private --device-number 4 --candidate No --spoil False

docker exec election-device1-1 poetry run /scripts/device.py vote --public-dir /data/public --private-dir /data/private --device-number 1 --candidate Unsure --spoil True

docker exec election-device2-1 poetry run /scripts/device.py vote --public-dir /data/public --private-dir /data/private --device-number 2 --candidate Unsure --spoil False

docker exec election-device3-1 poetry run /scripts/device.py vote --public-dir /data/public --private-dir /data/private --device-number 3 --candidate Unsure --spoil False

docker exec election-device4-1 poetry run /scripts/device.py vote --public-dir /data/public --private-dir /data/private --device-number 4 --candidate Unsure --spoil False

### tally ###

docker exec election-admin1-1 poetry run /scripts/admin.py tally --public-dir /data/public

### decrypt_shares ###

docker exec election-guardian1-1 poetry run /scripts/guardian.py decrypt-shares --public-dir /data/public --private-dir /data/private --guardian-id guardian_1

computed guardian_1 decryption share of election tally
computed guardian_1 decryption share of ballot-f512d9a0-e023-11f0-8c36-ce89c2e804da
computed guardian_1 decryption share of ballot-f38097b2-e023-11f0-bd15-faf5e3d58ded
computed guardian_1 decryption share of ballot-f595f4d4-e023-11f0-aea1-faf5e3d58ded
computed guardian_1 decryption share of ballot-f2f71be0-e023-11f0-8779-ce89c2e804da
computed guardian_1 decryption share of ballot-f408e6e4-e023-11f0-ba1e-2eb40f2ca782
computed guardian_1 decryption share of ballot-f71c771a-e023-11f0-8c68-ce89c2e804da

docker exec election-guardian2-1 poetry run /scripts/guardian.py decrypt-shares --public-dir /data/public --private-dir /data/private --guardian-id guardian_2

computed guardian_2 decryption share of election tally
computed guardian_2 decryption share of ballot-f512d9a0-e023-11f0-8c36-ce89c2e804da
computed guardian_2 decryption share of ballot-f38097b2-e023-11f0-bd15-faf5e3d58ded
computed guardian_2 decryption share of ballot-f595f4d4-e023-11f0-aea1-faf5e3d58ded
computed guardian_2 decryption share of ballot-f2f71be0-e023-11f0-8779-ce89c2e804da
computed guardian_2 decryption share of ballot-f408e6e4-e023-11f0-ba1e-2eb40f2ca782
computed guardian_2 decryption share of ballot-f71c771a-e023-11f0-8c68-ce89c2e804da

docker exec election-guardian3-1 poetry run /scripts/guardian.py decrypt-shares --public-dir /data/public --private-dir /data/private --guardian-id guardian_3

computed guardian_3 decryption share of election tally
computed guardian_3 decryption share of ballot-f512d9a0-e023-11f0-8c36-ce89c2e804da
computed guardian_3 decryption share of ballot-f38097b2-e023-11f0-bd15-faf5e3d58ded
computed guardian_3 decryption share of ballot-f595f4d4-e023-11f0-aea1-faf5e3d58ded
computed guardian_3 decryption share of ballot-f2f71be0-e023-11f0-8779-ce89c2e804da
computed guardian_3 decryption share of ballot-f408e6e4-e023-11f0-ba1e-2eb40f2ca782
computed guardian_3 decryption share of ballot-f71c771a-e023-11f0-8c68-ce89c2e804da

### decrypt_results ###

docker exec election-admin1-1 poetry run /scripts/admin.py decrypt-results --public-dir /data/public

decrypted tally
decrypted ballot-f512d9a0-e023-11f0-8c36-ce89c2e804da
decrypted ballot-f38097b2-e023-11f0-bd15-faf5e3d58ded
decrypted ballot-f595f4d4-e023-11f0-aea1-faf5e3d58ded
decrypted ballot-f2f71be0-e023-11f0-8779-ce89c2e804da
decrypted ballot-f408e6e4-e023-11f0-ba1e-2eb40f2ca782
decrypted ballot-f71c771a-e023-11f0-8c68-ce89c2e804da

### summary ###

docker exec election-admin1-1 poetry run /scripts/admin.py summary --public-dir /data/public

----------------------------------------
Individual spoiled ballots
----------------------------------------

f512d9a0-e023-11f0-8c36-ce89c2e804da
  Should pineapple be banned on pizza? No

f38097b2-e023-11f0-bd15-faf5e3d58ded
  Should pineapple be banned on pizza? Yes

f595f4d4-e023-11f0-aea1-faf5e3d58ded
  Should pineapple be banned on pizza? No

f2f71be0-e023-11f0-8779-ce89c2e804da
  Should pineapple be banned on pizza? Yes

f408e6e4-e023-11f0-ba1e-2eb40f2ca782
  Should pineapple be banned on pizza? Yes

f71c771a-e023-11f0-8c68-ce89c2e804da
  Should pineapple be banned on pizza? Unsure


----------------------------------------
Tally of all cast ballots
----------------------------------------

Should pineapple be banned on pizza?
  Unsure: 3
  No: 2
  Yes: 1

### teardown ###

 Container election-device3-1  Stopping
 Container election-guardian3-1  Stopping
 ...
 Container election-guardian2-1  Removed
 Network election  Removing
 Network election  Removed

We’ll go into detail about what’s going on at each stage in the protocol in future updates. For now, just try editing election.json and re-running it to convince yourself that the vote totals in data/public/3_results/3_summary.json always match. They should look something like this.

{
  "Tally of all cast ballots": [
    {
      "question": "Should pineapple be banned on pizza?",
      "votes": {
        "Unsure": 3,
        "No": 2,
        "Yes": 1
      }
    }
  ],
  ...
}

In dev update #2 I’ll show how independent observers can verify the public files.

Dev options

When hacking on election.py, it might be helpful to run one step in the election protocol at a time:

nix develop
./election.sh --single-step setup
./election.sh --single-step build_manifest
./election.sh --single-step ...
./election.sh --single-step teardown

There’s also a --pause-to-explain option, which I wrote for the video but also use to inspect the generated files as it runs.

nix develop
./election.sh --pause-to-explain

Crypto Taxes the Hard Way: Transfer Accounts

2025-11-24T00:00:00Z

The easy way
The elegant, sustainable way
Handling many accounts
Handling many currencies

Disclaimer: nothing on this blog is advice about the substance of your taxes. I have no background in accounting and no idea whether this code will produce valid results in your (or any!) tax situation.

Transfer accounts are relatively standard accounting trick that I took a while to figure out. You should learn them straight away though! It’ll save a lot of time when using Hledger or plain text accounting generally, and they’re especially useful for crypto taxes.

The easy way

Suppose you have accounts with BigBank and MockEx, along with a Bitcoin wallet, and you’re in the USA. Here’s a diagram of the accounts, transfers, and currencies you probably need to track:

The easiest way to represent it in hledger is probably to parse all the transfers from the MockEx data and ignore them in the BigBank + Wallet data, like this:

# mockex.rules

# One account is always the main one for the current file
account1 assets:mockex

# The other account and currency can be decided by regex matches
if (Incoming|Outgoing).*USD
  account2 assets:bigbank
  currency USD
if (Withdrawal|Deposit).*BTC
  account2 assets:wallet
  currency BTC

# bigbank.rules
# Regex to match the bank's descriptions
if TRANSFER (TO|FROM) MOCKEX
  skip

# wallet.rules
# Regex to match your own annotations
# (Alternatively, can use individual TXIDs)
if mockex
  skip

If this is your only way of trading crypto, you might even be able to finish your taxes without parsing the bank or wallet data at all!

The elegant, sustainable way

Sadly, the easy way doesn’t scale. As you add accounts it’ll become harder to remember which transfers should be parsed and which should be ignored. At some point, you should really add transfer accounts:

Each transfer will now be recorded as two halves: into the transfer account, and back out (not necessarily in that order). For the cost of adding a few extra hledger accounts, we get a graph that can be neatly decomposed to match the data files.

Now we can parse all the transfers from each source and dump them into the main journal, and they should all balance.

# bigbank.rules
currency USD
account1 assets:bigbank
if TRANSFER (TO|FROM) MOCKEX
  account2 transfers:USD

# mockex.rules
account1 assets:mockex
if (Incoming|Outgoing).*USD
  account2 transfers:USD
  currency USD
if (Withdrawal|Deposit).*BTC
  account2 transfers:BTC
  currency BTC

# wallet.rules
currency BTC
account1 assets:wallet
if mockex
  account2 transfers:BTC

This isn’t only an ergonomic improvement. It also makes it much easier to double check that the amounts reported by each institution match up. (You might be surprised—or not—to learn that several large US exchanges do weird rounding errors in their own favor.) By checking that the transfer accounts zero out periodically, we can catch various errors.

Speaking of which, it would also be reasonable to call these “error” accounts rather than “transfers”, because their accumulated balances track imbalances in your accounting. That might be more appealing if you already have an error account for other reasons.

Handling many accounts

What if you have more than one bank account, or more than one wallet? This will handle it automatically with no additional work!

It also handles multiple accounts within the same bank. For example if you have checking, credit, and savings/money market accounts you can just regex match on whatever description the accounts use for incoming and outgoing transfers, and call them all transfers:USD.

# bigbank-checking.rules

currency USD

# Other accounts will be the same except this line
account1 assets:bigbank:checking

# ... unless they also need different regexes
if ^TRANSFER.*
  account2 transfers:USD

# (The credit accounts might also have their + and -
# signs flipped, but that's out of scope for today.)

Handling many currencies

Only a little bit of additional work this time. Suppose you have an Ethereum wallet, and it transacts in multiple currencies: moving ERC20 tokens, paying fees in ETH, getting airdrops or spam, etc. Technically you could send them all via the same transfers:ETH account, but I find it easier to make one per token. That way I don’t have to remember that transfers:ETH can contain other currencies, which used to trip me up a lot. Either way is fine though.

Here’s what a transfer might look like in this style after parsing a csv from each of your wallets and dumping them both into the main journal:

2025-11-01 wallet1 send LINK
  assets:wallet1  -10.000 LINK
  assets:wallet1   -0.001 ETH
  expenses:fees     0.001 ETH
  transfers:LINK   10.000 LINK

2025-11-01 wallet2 receive LINK
  assets:wallet2   10.000 LINK
  transfers:LINK  -10.000 LINK

The last pro tip for today is that if you name your transfer accounts based on tickers (LINK rather than chainlink), you can generate them as needed in your rules files.

Introducing BigTrees!

2025-07-16T00:00:00Z

Test data
Minimal dedup command
- Using a .bigtree file
Minimal diff command
Minimal find command

I’ve been working on a Haskell program to dedup large collections of files efficiently. It’s still under heavy development, but I think it’s at the point now where it could be useful for a few intrepid testers/power users.

Most people should default to using an established tool like fdupes for now. Then again, if you’re reading this you may be an exception… consider trying bigtrees if you like/need some of the features I’m working on, or have an idea about how it could be made to fit your workflow better than the established tools!

I’ll go into more detail on all the cool things you can do with each of these commands and others “soon”; for now here are 3 short examples.

Test data

You can already try bigtrees on your own data, of course! But maybe you’re a little more careful than that? If so, use this Python script. It’ll download the Linux kernel source code and a nice git repo with some example pictures, music etc. Then it’ll duplicate them a few times to get ~1 million test files taking up 18G total.

$ export TMPDIR=/tmp
$ time ./fetch-test-files.py
downloading '/tmp/test-files/josef-friedrichj.zip'... ok
unzipping '/tmp/test-files/josef-friedrichj.zip'... ok
copying '/tmp/test-files/josef-friedrichj' -> '/tmp/test-files/josef-friedrichj-dupe1'... ok
copying '/tmp/test-files/josef-friedrichj' -> '/tmp/test-files/josef-friedrichj-dupe2'... ok
copying '/tmp/test-files/josef-friedrichj' -> '/tmp/test-files/josef-friedrichj-dupe3'... ok
copying '/tmp/test-files/josef-friedrichj' -> '/tmp/test-files/josef-friedrichj-dupe4'... ok
copying '/tmp/test-files/josef-friedrichj' -> '/tmp/test-files/josef-friedrichj-dupe5'... ok
copying '/tmp/test-files/josef-friedrichj' -> '/tmp/test-files/josef-friedrichj-dupe6'... ok
copying '/tmp/test-files/josef-friedrichj' -> '/tmp/test-files/josef-friedrichj-dupe7'... ok
copying '/tmp/test-files/josef-friedrichj' -> '/tmp/test-files/josef-friedrichj-dupe8'... ok
copying '/tmp/test-files/josef-friedrichj' -> '/tmp/test-files/josef-friedrichj-dupe9'... ok
downloading '/tmp/test-files/linux-source-code.zip'... ok
unzipping '/tmp/test-files/linux-source-code.zip'... ok
copying '/tmp/test-files/linux-source-code' -> '/tmp/test-files/linux-source-code-dupe1'... ok
copying '/tmp/test-files/linux-source-code' -> '/tmp/test-files/linux-source-code-dupe2'... ok
copying '/tmp/test-files/linux-source-code' -> '/tmp/test-files/linux-source-code-dupe3'... ok
copying '/tmp/test-files/linux-source-code' -> '/tmp/test-files/linux-source-code-dupe4'... ok
copying '/tmp/test-files/linux-source-code' -> '/tmp/test-files/linux-source-code-dupe5'... ok
copying '/tmp/test-files/linux-source-code' -> '/tmp/test-files/linux-source-code-dupe6'... ok
copying '/tmp/test-files/linux-source-code' -> '/tmp/test-files/linux-source-code-dupe7'... ok
copying '/tmp/test-files/linux-source-code' -> '/tmp/test-files/linux-source-code-dupe8'... ok
copying '/tmp/test-files/linux-source-code' -> '/tmp/test-files/linux-source-code-dupe9'... ok

real    3m11.745s
user    0m23.659s
sys     0m22.355s

$ find test-files | wc -l
957363

$ du -h test-files | tail -n1
18G     test-files

$ tree -L 1 test-files
test-files
├── josef-friedrichj
├── josef-friedrichj-dupe1
├── josef-friedrichj-dupe2
├── josef-friedrichj-dupe3
├── josef-friedrichj-dupe4
├── josef-friedrichj-dupe5
├── josef-friedrichj-dupe6
├── josef-friedrichj-dupe7
├── josef-friedrichj-dupe8
├── josef-friedrichj-dupe9
├── josef-friedrichj.zip
├── linux-source-code
├── linux-source-code-dupe1
├── linux-source-code-dupe2
├── linux-source-code-dupe3
├── linux-source-code-dupe4
├── linux-source-code-dupe5
├── linux-source-code-dupe6
├── linux-source-code-dupe7
├── linux-source-code-dupe8
├── linux-source-code-dupe9
└── linux-source-code.zip

21 directories, 2 files

Minimal dedup command

I’m quite pleased with how simple this looks! It took a lot of work to get it that way.

$ time bigtrees dupes test-files

# This is the default 'suggestions' output format.
# It just suggests what you might delete manually yourself.

# You could save 861228 inodes by deleting all but one of these 10 duplicate directories
test-files/linux-source-code
test-files/linux-source-code-dupe1
test-files/linux-source-code-dupe2
test-files/linux-source-code-dupe3
test-files/linux-source-code-dupe4
test-files/linux-source-code-dupe5
test-files/linux-source-code-dupe6
test-files/linux-source-code-dupe7
test-files/linux-source-code-dupe8
test-files/linux-source-code-dupe9

# You could save 414 inodes by deleting all but one of these 10 duplicate directories
test-files/josef-friedrichj
test-files/josef-friedrichj-dupe1
test-files/josef-friedrichj-dupe2
test-files/josef-friedrichj-dupe3
test-files/josef-friedrichj-dupe4
test-files/josef-friedrichj-dupe5
test-files/josef-friedrichj-dupe6
test-files/josef-friedrichj-dupe7
test-files/josef-friedrichj-dupe8
test-files/josef-friedrichj-dupe9

real    2m42.149s
user    3m29.705s
sys     0m53.310s

(I’ll go into a few cases where it’s not so perfect in future posts)

Using a `.bigtree` file

These save the directory structure as well as the hash of each file and folder. They’re used when you want to hash files once and use the results multiple times. The command above could equivalently be written like so:

$ bigtrees hash test-files --output test-files.bigtree
$ bigtrees dupes test-files.bigtree

Minimal diff command

This is meant to take an old and a new collection of files. You might use it to compare a backup to your current documents, or an older backup to a newer one. You can also mix and match actual files/dirs with saved .bigtree files. Let’s edit test-files a little, and see if it can detect the changes.

$ rm -r test-files/linux-source-code-dupe7/linux-master/
$ rm -r test-files/linux-source-code-dupe8/linux-master/drivers/pinctrl/realtek/
$ echo "a new file!" > test-files/linux-source-code-dupe8/linux-master/extra.txt

$ time bigtrees diff test-files.bigtree test-files

removed 'linux-source-code-dupe7/linux-master'
added 'linux-source-code-dupe8/linux-master/extra.txt'
removed 'linux-source-code-dupe8/linux-master/drivers/pinctrl/realtek'

real    2m25.713s
user    2m55.189s
sys     0m52.527s

You can also compare things that aren’t time ordered. Just keep in mind the changes will flip depending which you put first.

Minimal find command

Once I started hashing my drives + tarballs and keeping .bigtree files indexing their contents, I realised I could also use them to find particular files without having the drives on hand. It may not sound like a big upgrade vs find, locate, or similar commands, but it’s come to be an essential part of my workflow.

Interactive use is a bit like find or tar --list.

$ bigtrees find test-files.bigtree --search-regex '/old.*\.jpg$'

test-files/josef-friedrichj/test-files-master/jpg/old-house.jpg
test-files/josef-friedrichj-dupe1/test-files-master/jpg/old-house.jpg
test-files/josef-friedrichj-dupe2/test-files-master/jpg/old-house.jpg
test-files/josef-friedrichj-dupe3/test-files-master/jpg/old-house.jpg
test-files/josef-friedrichj-dupe4/test-files-master/jpg/old-house.jpg
test-files/josef-friedrichj-dupe5/test-files-master/jpg/old-house.jpg
test-files/josef-friedrichj-dupe6/test-files-master/jpg/old-house.jpg
test-files/josef-friedrichj-dupe7/test-files-master/jpg/old-house.jpg
test-files/josef-friedrichj-dupe8/test-files-master/jpg/old-house.jpg
test-files/josef-friedrichj-dupe9/test-files-master/jpg/old-house.jpg

How ElectionGuard counts encrypted votes

2024-12-10T00:00:00Z

Ignore the asymmetric encryption
Homomorphic addition
Multiple options per ballot
Zero knowledge proofs
Put it all together

How is it possible for ElectionGuard to add up votes, and guarantee the final tally is accurate, without being able to read any of the individual ballots?

Ignore the asymmetric encryption

This is also really cool, but I’ll gloss over it for today because it’s ubiquitous on the internet and there are lots of explanations available. You can think of it as standard public key encryption: the voting machine encrypts each ballot to the public key generated by the guardians during the key ceremony. Then they decrypt the final tally with with their (shared) private key.

Instead, today I want to go over what happens inbetween during step 2: How do all the encrypted ballots become one big final encrypted tally?

Voting machine encrypts ballots

Guardians decrypt final tally

Homomorphic addition

The trick is that the encrypted votes are encoded as exponents, and exponents have a cool property: multiplying the same base number with two different exponents is equivalent to adding the exponents.

You can get some intuition for it by playing around in any calculator app or programming language interpreter. Here I’m using R.

> 10^1 * 10^1 == 10^(1+1)
[1] TRUE

> 10^1 * 10^0 == 10^(1+0)
[1] TRUE

> 10^5 * 10^7 == 10^(5+7)
[1] TRUE

Of course the encrypted votes aren’t in base 10. They’re in base some-huge-number-you-can’t-guess, which is what keeps you from reading them! But the principle stays the same and, importantly, you can do the multiplication without knowing the base. This is the property we want:

encrypt(a) * encrypt(b) = encrypt(a + b)

For example, say the secret base number is 34. Here’s how we could encrypt and decrypt with it:

encrypt <- function(vote)
  # to encrypt, raise 34 to the `vote`th power
  34 ^ vote
  
decrypt <- function(vote)
  # to decrypt, take the base-34 logarithm
  log(vote, base=34)

> encrypt(5)
[1] 45435424

> encrypt(7)
[1] 52523350144

Now without knowing the base OR the encrypted values, someone else can still find their product, and can know that’s the encryption of the sum of the encrypted values.

> 45435424 * 52523350144
[1] 2.386421e+18

Since we know the secret base is 34, we can also get the sum back:

> decrypt(2.386421e+18)
[1] 12

Brilliant! Now, there are a couple more nuances that aren’t hard to add to our example…

Multiple options per ballot

Each ballot is really a data structure with an encrypted number per candidate/option. The main election config says which ones belong to which contests. Let’s say our ballot has two contests, one with two options and one with three. It could be represented in R using a vector:

c(n,n , n,n,n)
  ___   _____
   |      |
   |      contest 2
   |
   contest 1

(One reason to use R today is we don’t have to change our encrypt/decrypt functions. They’ll work on vectors automatically.)

Zero knowledge proofs

The other nuance is that each encrypted number should either be a 1 or a 0. Most of the data in real ballots is made of zero knowledge proofs (out of scope for today) to guarantee that each number is a 1 or a 0 without revealing which! Otherwise, it would be possible to cheat by creating one ballot with huge numbers like c(10000, -10000, ...).

Put it all together

Anyway, using our same functions from above, a little more realistic run-through might look like this.

# 6 ballots with two contests each
# (contest 1 has 2 options and contest 2 has 3)
b1 <- c(1,0 , 1,0,0)
b2 <- c(1,0 , 1,0,0)
b3 <- c(0,1 , 1,0,0)
b4 <- c(0,1 , 0,1,0)
b5 <- c(0,1 , 0,1,0)
b6 <- c(0,1 , 0,0,1)

# encryption done by voting machines
e1 <- encrypt(b1)
e2 <- encrypt(b2)
e3 <- encrypt(b3)
e4 <- encrypt(b4)
e5 <- encrypt(b5)
e6 <- encrypt(b6)

# guardian tally ceremony,
# including homomorphic addition
eSums <- e1 * e2 * e3 * e4 * e5 * e6
decrypt(eSums)
# [1] 2 4 3 2 1
#     ___ _____
#      |    |
#      |    contest 2 results
#      |
#      contest 1 results

Cool, right?? It’s as if we added up the unencrypted ballots column-wise.

This has been a simplified example, but I hope it provides some intuition—and reassurance—about one of the big questions you might have as a skeptical voter. I suspect that explaining stuff like this well will play an important role in getting election systems upgraded over the medium-to-long term.

ElectionGuard + blockchain integration ideas

2024-10-07T00:00:00Z

Welcome to the first in an ongoing series of posts about ElectionGuard! Some will explain how it works now, and some will also include ways I think it could be extended and integrated with a blockchain. I’ll try to differentiate clearly between the two.

For now I mainly want to emphasize that although blockchains and related tech aren’t required, they could be used to strengthen the security and trustworthiness of almost every step. When dealing with public elections, it’s reasonable to add some redundant safeguards!

To read a linear series of posts, click the “electionguard” tag at the top. To jump to particular topics instead, use the links below.

Who’s responsible for each part of an election, and which tools do they use?
Action	EG in Theory	EG in Practice	My Suggestion
set election parameters	administrator via website + deployments	administrator via website + deployments	administrator via blockchain
set up physical infrastructure	administrator	administrator	administrator?
manage bulletin board	administrator	administrator	blockchain
host bulletin board	administrator via website	administrator via website	decentralized quardians + anyone via IPFS
publish live stats during election	NA	anyone on own websites	anyone on own websites
perform key ceremony	independent guardians	guardians following administrator	decentralized guardians
publish ballots, mark cast or spoiled	mediators via https?	mediators via https?	mediators (and voters?) via blockchain + IPFS
verify inclusion of own vote	voter via website	voter via website	voter via blockchain + IPFS
certify or dispute inclusion of own vote	NA	NA	voter via blockchain
certify or dispute spoiled ballot decryption	NA	NA	voter via blockchain
gather artifacts to verify	anyone via website	anyone via website + news/social media	anyone via blockchain + IPFS
publish verification	anyone via news/social media	anyone via news/social media	anyone via blockchain
publish fraud proofs	NA	anyone via news/social media	anyone via blockchain
perform audits	administrator + quorum of independent guardians	administrator + quorum of loyal guardians	administrator + quorum of decentralized guardians
tally encrypted votes	quorum of independent guardians	quorum of loyal guardians	quorum of decentralized guardians
decrypt votes during audits	quorum of independent guardians	quorum of loyal guardians	quorum of decentralized guardians using blockchain random seed
publish tally + audit results	administrator via website?	administrator via website?	decentralized guardians via blockchain + IPFS

Derive Cardano staking and receive addresses offline

2025-10-14T00:00:00Z

This could be useful for a variety of purposes, but the immediate reason to post it is for anyone who has only their seed phrase (no synced online wallet), and wants to claim their NIGHT from the Midnight Glacier Drop. If that’s you, make yourself a NixOS live USB according to my earlier post. Then download and run this code in the live OS to get your addresses…

# my scripts
tar -xvf offline-ada-addrs.tar
cd offline-ada-addrs

# cardano-wallet
tarball='cardano-wallet-v2025-03-31-linux64.tar.gz'
curl -L -O "https://github.com/cardano-foundation/cardano-wallet/releases/download/v2025-03-31/${tarball}"
tar -xvf "$tarball"

# DISCONNECT NETWORK HERE

# transfer files in
cp /your/usb/drive/ada-seeds/*-seed.txt ./seeds/

# run the script
./main.sh

# transfer files out
cp addrs/*-addrs.txt /your/usb/drive/ada-addrs/

# wipe seed phrases before leaving
shred -n3 -u seeds/*

The output files should look like this, and the addresses should match what you would see in most wallets. You can check them with a block explorer like CardanoScan or AdaStat.

wallet name:
WALLETNAME

stake address:
stake1u...

receive addresses:
addr1q...
addr1q...
addr1q...
...

From there you can go back and follow the rest of the earlier post. You’ll need to get your claim messages from the portal, then boot back into NixOS to sign them, then go back to the portal a second time to submit everything.

Midnight Glacier Drop offline signing scripts for ADA and ETH

2025-10-11T00:00:00Z

Cardano workflow
Ethereum workflow

Today we’ll be signing Glacier Drop claims offline with cardano-signer and/or ethers. I’m not claiming this is the only or best way; it’s just a cleaned up version of what I did. Please let me know ASAP if you notice anything dumb or insecure!

This guide assumes you have your wallet(s) synced up already, but they aren’t compatible with the Glacier Drop. Maybe you still use Daedalus and don’t want to additionally trust a web wallet with your seed phrases, for example.

If you only have the seed phrases and no wallet set up, you’ll need to make a wallet or calculate a suitable destination address before making a claim message. ~~That’s out of scope for this post but I’ll write an update explaining it if anyone asks.~~ See this post for instructions.

You’ll need two USB drives.

Cardano workflow

Gather info

If you have more than a couple wallets I recommend starting a spreadsheet to keep track: wallet name, stake address, destination address, night allocation, thaw dates (fill in later). You also need to make two text files per wallet: WALLETNAME-claim.txt for the unique claim message, and WALLETNAME-seed.txt for the seed (recovery phrase).

To get each claim message you’ll need to go through the claim portal wizard up to the point where you’re supposed to sign. Instead, save the message to the text file and start over with the next wallet.

YMMV, but I had to use Chrome (Chromium) because there were lots of JS errors in Firefox, and it wasn’t able to download the PDF receipt at the end. Guess IOG isn’t supporting it?

Personally, I used the same unused receive address as both source and destination for each wallet. The portal can figure out the stake address from there. Then I double checked that it matched the stake address in the spreadsheet. It would also be fine to set a different destination address if you want to gather your NIGHT in one wallet rather than keeping them separate.

The claims should look like this.

STAR XXXXX to addr1qXXX...XXX 31a...b8b

Put them on some removable media to move to your offline signing environment. Find your seed phrases too.

Make a NixOS live USB

This can be another distro if you already have a favorite. See shell.nix in each tarball for approximate packages and JS setup commands.

iso_url='https://channels.nixos.org/nixos-25.05/latest-nixos-graphical-x86_64-linux.iso'
wget "${iso_url}.sha256"
wget "${iso_url}"
sha256sum -c latest-nixos-graphical-x86_64-linux.iso.sha256
sudo dd if=latest-nixos-graphical-x86_64-linux.iso of=/dev/YOURDEVHERE status=progress && sudo sync

Careful that you have the dd command worked out properly to avoid data destruction, or write the ISO a different way.

Set up offline environment

Boot into your live USB/DVD. Set up networking via ethernet if possible, or wifi if not. You want to be able to definitively disconnect it after installing the code.

Download and unpack this tarball, then set up and test cardano-signer:

tar -xvf mngd-offline-sign-ada.tar
cd mngd-offline-sign-ada
git clone https://github.com/gitmachtl/cardano-signer
mv shell.nix cardano-signer/src/
cd cardano-signer/src
nix-shell
cd ../..

# check that it works
cardano-signer | less -R

Now disconnect the network! (Install ETH code first too if needed) Ideally you want to unplug the ethernet cable, or maybe turn off your router? If you’re less paranoid, something like this might also be good enough:

sudo systemctl stop NetworkManager
sudo rm -rf /etc/wpa_supplicant

Sign claim messages

There are several scripts and sets of files, but all the info you need to keep ends up in portals/*.txt.

# DISCONNECT NETWORK HERE

# transfer files in
cp /your/usb/drive/ada-seeds/*-seed.txt   ./seeds/
cp /your/usb/drive/ada-claims/*-claim.txt ./claims/

# run the scripts
./1-keys.sh
./2-sign.sh # TODO adjust if needed
./3-portal.sh

# transfer files out
cp portal/*-portal-info.txt /your/usb/drive/

# optionally clean up before rebooting
./4-shred.sh

If you’re gathering all your NIGHT to one wallet, comment out the line in 2-sign.sh that asserts each destination address belongs to the wallet generated from the corresponding seed phrase.

Submit claims

The last step is to go back to the portal on your online computer. Click through the wizard again for each wallet, giving the exact same answers to get the same claim message. If you use a different destination address each time, make sure it isn’t auto-filling the previous one. Double check that everything matches before submitting: destination address, allocation, claim message, stake key.

Each portal info file should look like this.

midnight glacier drop claim info for WALLETNAME wallet

network:
cardano

destination addr:
addr1qXXX...XXX

claim message:
STAR XXXXX to addr1qXXX...XXX 31a...b8b

signature:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXX...

pubkey:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXX...

Paste the signature and pubkey, then sign + complete the claim. I saved the PDF receipts and took screenshots too for good measure.

Don’t forget to also get rid of any temporary copies of your seed phrases, especially on the USB drive. shred -n3 -u is an easy way.

Ethereum workflow

The process for ETH is similar, except that you need to create a Cardano wallet to generate your destination address(es) first. You could do that offline, but I assume most people won’t bother; making an empty web wallet is easy and low risk.

The other difference is it works with 3 kinds of keys:

WALLETNAME-seed.txt
WALLETNAME-keystore.json + WALLETNAME-password.txt
WALLETNAME-privatekey.txt

Here’s the tarball.

# make a live USB and boot into NixOS as above

# install the code
tar -xvf mngd-offline-sign-eth.tar
cd mngd-offline-sign-eth
nix-shell

# DISCONNECT NETWORK HERE

# transfer files in
cp /your/usb/drive/eth-keys/* ./seeds-and-keys/
cp /your/usb/drive/eth-claims/*-claim.txt ./claims/

# run the script
./1-main.sh

# transfer files out
cp portal/*-portal-info.txt /your/usb/drive/

# optionally clean up before rebooting
./2-shred.sh

Portal info files should look like this.

midnight glacier drop claim info for WALLETNAME wallet

network:
ethereum

origin address:
0xXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

destination address:
addr1qXXX...XXX

claim message:
STAR XXXXX to addr1qXXX...XXX 31a...b8b

signature:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXX...

Flake-based recipe for offline dev shells in NixOS

2024-12-09T00:00:00Z

Usage
Main NixOS flake
Flake per repo
- wrapperScript
- devShell

I first fell in love with Nix when my mother used to make home cooked meals back on the family farm. The smell of fresh bread would waft from the kitchen out onto the porch, gently reminding me to look up from my laptop. I noticed the grass and the insects, and the lazy sound of a plane overhead. Sunlight slanted sideways now, illuminating the garden. I’d been struggling with my vim config all afternoon. “Just a minute, mom!” I would yell. “I’ve almost got this infinite recursion bug figured out!”

Just kidding… mostly. Anyway here’s my recipe for homemade named shells like cryptoisland-shell. I’ll illustrate it with the code for this blog, but it should work for any nix shell.

The main benefit is that after a nixos-rebuild you can work on any of your repos without a network connection. It also makes it easier to update nixpkgs everywhere at once, and lets you garbage collect more aggressively without re-fetching some of the packages later.

Usage

You can generally stay offline as long as you don’t update nixpkgs or add new programs.

Rebuild the OS after updating one of your flakes:

# cd /etc/nixos
# nix flake lock --update-input cryptoisland
# nixos-rebuild switch

Use the named dev shell:

$ cd ~/cryptoisland
$ cryptoisland-shell
$ ./build.sh # or whatever

Main NixOS flake

There’s a lot of line noise here, as usual with flakes. But basically:

Add your repo as an input. You can skip following the top level nixpkgs input if the repo has more specific requirements, and you can use a URL instead of a local path.
Add the wrapperScript output to your system packages list.

# /etc/nixos/flake.nix
{
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";

    # the part we're interested in:
    cryptoisland = {
      url = path:/home/jefdaj/cryptoisland;
      inputs.nixpkgs.follows = "nixpkgs";
    };

  };

  # remember to add your flake to the inputs
  outputs = {self, nixpkgs, cryptoisland}@inputs: {
    nixosConfigurations = {
      myhostname = nixpkgs.lib.nixosSystem {
        specialArgs = { inherit inputs; };
        modules = [
          # see next section
          ./configuration.nix
        ];
      };
  };
}

# /etc/nixos/configuration.nix
# this is a standard "old style" NixOS config imported into the flake
{ config, pkgs, lib, inputs, ... }:
{
  nix.settings.experimental-features = [ "nix-command" "flakes" ];
  environment.systemPackages = with pkgs; [

    # our offline dev shells
    # don't forget to `nix flake lock --update-input` each of these after working on them
    inputs.cryptoisland.packages."${pkgs.system}".wrapperScript

  ];

  # ... rest of config here ...
}

Flake per repo

All you need for this recipe are devShell and wrapperScript outputs. The rest of the flake can be formatted differently.

# /home/jefdaj/cryptoisland/flake.nix
{
  description = "cryptoisland.blog dev shell";
  inputs = {
    nixpkgs.url = github:NixOS/nixpkgs/nixos-unstable;
  };
  outputs = {self, nixpkgs}:
    let
      system = "x86_64-linux";
      pkgs = import nixpkgs { inherit system; };
    in rec {
      packages."${system}".default = packages."${system}".wrapperScript;
      packages."${system}".wrapperScript = { ... }; # see below
      devShells."${system}".default      = { ... }; # see below
  };
}

wrapperScript

This is the unique part. It’s a little ugly but reliable.

packages."${system}".wrapperScript =
  let
    shell = devShells."${system}".default;
  in
    pkgs.writeScriptBin "cryptoisland-shell" ''
      #!/usr/bin/env bash
      export PATH=${pkgs.lib.makeBinPath shell.buildInputs}:$PATH
      ${shell.shellHook}
      ${pkgs.bashInteractive}/bin/bash $@
    '';

devShell

Set this up however you normally would. It’s a regular flake-based dev shell.

The only gotcha is that if you add fields to the mkShell call, you might also need to duplicate them in the wrapper script above. That can often be avoided by moving them inside shellHook.

devShells."${system}".default =
  let
    myGhc = pkgs.haskellPackages.ghcWithPackages (ps: with ps; [
      bytestring
      hakyll
      hakyll-images
      hakyll-sass
      filepath
      pandoc
      MissingH
      hjsmin
      text
      language-javascript
      aeson
    ]);
  in
    pkgs.mkShell {
      buildInputs = with pkgs; [
        myGhc
        rsync
        graphviz
      ];
      shellHook = ''
        export LOCALE_ARCHIVE="${pkgs.glibcLocales}/lib/locale/locale-archive"
      '';
    };

You can still use this the normal flakes way too, via nix develop. Just remember that if you have a different nixpkgs input in the repo vs your NixOS config, it’ll rebuild the dependencies.

Crypto Island

ElectionGuard + Cardano Dev Update #3: Election Tests

How to run elections

Single Election

Test Suite

What’s tested?

Honest Runs

Attack Runs

Example “mutate” attack

What’s not tested?

ElectionGuard + Cardano Dev Update #2: Election Verifier

What I did

Official election artifacts

Don’t trust, verify!

Human-readable Log

Parsable JSON Summary

Design

DAG

verify_ functions

Can we break it?

ElectionGuard + Cardano Dev Update #1: Election Demo

Architecture

The Pineapple Referendum

Dev options

Crypto Taxes the Hard Way: Transfer Accounts

The easy way

The elegant, sustainable way

Handling many accounts

Handling many currencies

Introducing BigTrees!

Test data

Minimal dedup command

Using a .bigtree file

Minimal diff command

Minimal find command

How ElectionGuard counts encrypted votes

Ignore the asymmetric encryption

Homomorphic addition

Multiple options per ballot

Zero knowledge proofs

Put it all together

ElectionGuard + blockchain integration ideas

Derive Cardano staking and receive addresses offline

Midnight Glacier Drop offline signing scripts for ADA and ETH

Cardano workflow

Gather info

Make a NixOS live USB

Set up offline environment

Sign claim messages

Submit claims

Ethereum workflow

Flake-based recipe for offline dev shells in NixOS

Usage

Main NixOS flake

Flake per repo

wrapperScript

devShell

`verify_` functions

Using a `.bigtree` file