You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It may be useful if any key share holder could prove separately, without invoking the rest of the holders, that they still control the share (that is, have its secret data). The secret data in a KeyShare is, currently:
the share itself (a Scalar)
an RSA key (a pair of primes)
a power lambda for ring-Pedersen commitment (an Uint), where the commitment is a public pair (s, t) such that s = t^lambda. This power is currently not stored in the keyshare since it is not used anymore, but it may be, for the purpose of implementing the functionality in this issue.
The API is probably that of an interactive challenge, where the user will provide some data, and we generate a proof that can be verified with the public part of a key share. For the Scalars just using them as signing keys to sign the data would probably work, as for the lambda and the RSA keys, not sure at the moment.
The text was updated successfully, but these errors were encountered:
It may be useful if any key share holder could prove separately, without invoking the rest of the holders, that they still control the share (that is, have its secret data). The secret data in a
KeyShare
is, currently:Scalar
)lambda
for ring-Pedersen commitment (anUint
), where the commitment is a public pair (s
,t
) such thats = t^lambda
. This power is currently not stored in the keyshare since it is not used anymore, but it may be, for the purpose of implementing the functionality in this issue.Scalar
) (currently unused, intended for use in Implement Presigning/Signing withO(N)
identification cost #36)The API is probably that of an interactive challenge, where the user will provide some data, and we generate a proof that can be verified with the public part of a key share. For the
Scalar
s just using them as signing keys to sign the data would probably work, as for thelambda
and the RSA keys, not sure at the moment.The text was updated successfully, but these errors were encountered: