Nonce generation incorrect

[weaversa]

I understand that this repository is deprecated, but we did find one last issue by using Cryptol and SAW, and I guess it's possible that the same issue exists in the newer Python code, but we don't have plans to analyze that. So, just in case, here is the bug --

The correctness of the ElectionGuard system relies on a random nonce being generated in Z q. Instead, the nonce that's generated is a random 4096-bit number.

Specifically, Crypto_encrypt in crypto.c generates the nonce using RandomSource_uniform_bignum_o when (we guess) it should be using RandomSource_uniform_bignum_o_q.

We've identified this issue, but we have not ruled out that this same kind of error isn't also happening elsewhere, so it might be worthwhile to take a second look at nonce generation over the whole codebase.