diff --git a/lib/frost/dkg/package.rb b/lib/frost/dkg/package.rb index 2a5f253..249896e 100644 --- a/lib/frost/dkg/package.rb +++ b/lib/frost/dkg/package.rb @@ -24,6 +24,19 @@ def initialize(identifier, commitments, proof) def verification_key commitments.first end + + # Verify share. + # @param [FROST::SecretShare] share + # @return [Boolean] + def verify_share(share) + x = share.identifier + result = commitments[1..-1].inject(commitments.first) do |sum, com| + tmp = com * x + x *= x + sum + tmp + end + result == share.to_point + end end end end \ No newline at end of file diff --git a/spec/frost/dkg_spec.rb b/spec/frost/dkg_spec.rb index d9d3526..fb71b24 100644 --- a/spec/frost/dkg_spec.rb +++ b/spec/frost/dkg_spec.rb @@ -11,7 +11,8 @@ secrets = {} round1_outputs = {} - # Round 1: For each participant, perform the first part of the DKG protocol. + # Round 1: + # For each participant, perform the first part of the DKG protocol. 1.upto(max_signer) do |i| polynomial, package = FROST::DKG.part1(i, min_signer, max_signer, group) secrets[i] = polynomial @@ -30,6 +31,28 @@ expect(FROST::DKG.verify_proof_of_knowledge(package)).to be true end end + + # Round 2: + # Each participant generate share for other participants. + received_shares = {} + 1.upto(max_signer) do |i| + polynomial = secrets[i] # own secret + 1.upto(max_signer) do |o| + next if i == o + received_shares[o] ||= [] + received_shares[o] << polynomial.gen_share(i) + end + end + + # Each participant verify received shares. + 1.upto(max_signer) do |i| + received_shares[i].each do |share| + target_package = received_package[i].find{|package| package.identifier == share.identifier} + (min_signer - 1).times do |degree| + expect(target_package.verify_share(share)).to be true + end + end + end end end