How can we verify what the mint holds v. what #ecash is issued? Just a sig from a pubkey then?

I enjoy this "third" layer for the benefits and do fully know the costs (ecash is a form of use & record-keeping on a centralized source, even if its keys are distributed through musig, therefore techically a shitcoin)

How do we make this system more trustless?