manifestFile ByteArray must be the exact file you use to create the Manifest.

[JohnLCaron]

data class ElectionConfig(
    val configVersion: String,
    val constants: ElectionConstants,
    val manifestFile: ByteArray, // the exact bytes of the original manifest File
    val manifest: Manifest, // the parsed objects
   ...

so I think its wrong to store the Manifest also, It should be recreated..

Further, you have to deal with proto/json conversions.

[JohnLCaron]

So you dont serialize the manifest, but recreate it each time.
Given that the Manifest might evolve, you need to be backwards compatible.
Perhaps for insurance you need a seperate manifest version.

Its possible you need a canonical form, eg the Json. But ony might pretty print or not. The verifier needs to read the manifest file, so you cant assume proto, must be json.

Note that if a verifier didnt have a proto reader, then one could convert to json. except for the manifest faile, which must be byte-for-byte identical with the original file.

So, if the manifest is sent to the keycermony as a proto, convert to JSON and use that as the manifestFile ByteArray.

[JohnLCaron]

The idea here is an attacker manages to insert a modified manifest into your encryptor, if you store the manifest as a plaintext file somewhere. You have to be able to verify that the plaintext file matches the ByteArray used when generating Hm, Hb and He. EGK just uses the He stored in electionInit to do encryption.

So what if manifest has been hacked, and attacker can feed bogus ballots to the encryptor? One could set contestLimit to > 1 and vote > 1. I think the encryption would validate.