Refresh Shares with DKG #766
Conversation
| @@ -114,3 +118,260 @@ pub fn refresh_share<C: Ciphersuite>( | |||
|
|
|||
| Ok(new_key_package) | |||
| } | |||
|
|
|||
| /// Part 1 of refresh share with DKG. A refreshing_key is generated and a new package and secret_package are generated. | |||
| /// The identity commitment is removed from the packages. | |||
There was a problem hiding this comment.
Nitpick: This line about the identity commitment is an implementation detail, I don't think it needs to be part of the public documentation
| let proof_of_knowledge = | ||
| compute_proof_of_knowledge(identifier, &coefficients, &commitment, &mut rng)?; |
There was a problem hiding this comment.
This builds a kind of "nonsensical" proof of knowledge since it uses the first coefficient (zero) and the commitment to the second coefficient (now first in the list). Which is not an issue, since we simply don't verify it. But it may be confusing to whoever is reading the source.
My suggestion is to directly build a dummy Signature using Signature::new() and passing a generator element (generator()) and a 1 scalar (one()), and adding a comment saying that we are building a dummy proof of knowledge because the secret is always zero and the proof isn't needed (and couldn't be encoded since it would have an identity element)
This closes #663
This adds the refresh share functionality with DKG. It needs some tidying up but that will be done in another PR.