Implement FROST::DKG::Package#verify_share

lib/frost/dkg/package.rb

@@ -24,6 +24,19 @@ def initialize(identifier, commitments, proof)
       def verification_key
         commitments.first
       end
+
+      # Verify share.
+      # @param [FROST::SecretShare] share
+      # @return [Boolean]
+      def verify_share(share)
+        x = share.identifier
+        result = commitments[1..-1].inject(commitments.first) do |sum, com|
+          tmp = com * x
+          x *= x
+          sum + tmp
+        end
+        result == share.to_point
+      end
     end
   end
 end

spec/frost/dkg_spec.rb

@@ -11,7 +11,8 @@
 
       secrets = {}
       round1_outputs = {}
-      # Round 1: For each participant, perform the first part of the DKG protocol.
+      # Round 1:
+      # For each participant, perform the first part of the DKG protocol.
       1.upto(max_signer) do |i|
         polynomial, package = FROST::DKG.part1(i, min_signer, max_signer, group)
         secrets[i] = polynomial
@@ -30,6 +31,28 @@
           expect(FROST::DKG.verify_proof_of_knowledge(package)).to be true
         end
       end
+
+      # Round 2:
+      # Each participant generate share for other participants.
+      received_shares = {}
+      1.upto(max_signer) do |i|
+        polynomial = secrets[i] # own secret
+        1.upto(max_signer) do |o|
+          next if i == o
+          received_shares[o] ||= []
+          received_shares[o] << polynomial.gen_share(i)
+        end
+      end
+
+      # Each participant verify received shares.
+      1.upto(max_signer) do |i|
+        received_shares[i].each do |share|
+          target_package = received_package[i].find{|package| package.identifier == share.identifier}
+          (min_signer - 1).times do |degree|
+            expect(target_package.verify_share(share)).to be true
+          end
+        end
+      end
     end
   end