As illustrated in the
demo-cai.sh script, the voter now gets some audit codes out of the ballot generation. She can then form an audit mask by selecting one for each voting option with the
reveal-audit-mask command. This audit mask is sent along the ballot to the bulletin board.
Since the encrypted audit codes and a zero-knowledge proof of
v + a = b mod mu is included in the ballot, the verification step checks that the zkp is valid and that the audit masks correspond to the selected codes.