-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
inv-tshare: Threshold (re-)sharing protocol #542
Conversation
2b475e7
to
dc7fe6b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The schnorr proof should be over each parties final output key (so the share they generated for themselves plus the shares they received from other parties). To me it looks like the proof is just over my_private_share
unless I'm missing something, which is entirely possible.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me! Thanks for making the changes and for the code comments. I think the last thing that needs to be changed if I'm not mistaken is the confidential channel used to transmit the private shares. Once that is done we can close the ticket (or we could do that as a separate ticket if it's preferable)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remembered we said we would address the final issue in a new ticket so I'm approving this one.
This PR implements the Tshare protocol, which is responsible for transforming additive shares into Shamir shares. Beyond, a non-interactive transformation is provided to compute a t-out-of-t share, such that participants can obtain new shares that can be used in the remaining phases of the protocol.
In particular, Tshare works as follows:
Input:
t
of parties needed to reconstruct the shared secret.Rounds 1:
threshold - 1
.Rounds 2:
Rounds 3:
Output:
t
of those can reconstruct the secret.