GG20 DKG Related Issues

[notbdu]

Have been trying to integrate the gg20 dkg implementation into a distributed service and wanted to raise a few things.

• DkgParticipant has no external CTOR a calling lib can use
  • Ended up adding one in our fork
• DkgRound2P2PSend's xij is private and cannot be serialized
  • Ended up exposing this so it can be serialized but feels like its unsafe to share in unencrypted form
• Didn't see any usage of the paillier encryption key in the keygen spec. Does xij needed to be encrypted?
  • It looks like the swingby's forked tss-lib implementation encrypts the share:
    https://github.com/SwingbyProtocol/tss-lib/blob/668d0061fadf08bf2ba9f7e9287516fc173b6b9c/ecdsa/keygen/round_3.go#L127-L133

[mikelodder7]

Xij can be made public so it can be serialized. You should encrypt everything sent between participants since the paper states its only secure in the presence of a secure channel.

[mvrshvl]

@notbdu
Hello! Faced the same problem. Please help, Were you able to make a signer from the DKG result?? In my case, round 3 ends with an error. I will be glad for your help!

func (f *Flow) DKGToSigner(dkg *participant.DkgResult) (*participant.Signer, error) {
	encryptKeys := make(map[uint32]*paillier.PublicKey)
	proofParams := make(map[uint32]*dealer.ProofParams)
	pubShares := make(map[uint32]*dealer.PublicShare)

	cosigners := []uint32{
		f.index,
	}
	// result of 1 round from this player
	r1Bcast := f.R1.GetBcast()

	proofParams[f.index] = &dealer.ProofParams{
		N:  r1Bcast[f.index].Ni,
		H1: r1Bcast[f.index].H1i,
		H2: r1Bcast[f.index].H2i,
	}

	for id, pk := range dkg.ParticipantData {
		encryptKeys[id] = pk.PublicKey
		proofParams[id] = pk.ProofParams

		cosigners = append(cosigners, id)
	}

	for i, point := range dkg.PublicShares {
		pubShares[uint32(i+1)] = &dealer.PublicShare{Point: point}
	}

	field := curves.NewField(f.dkgParticipant.Curve.Params().N)

	share := v1.NewShamirShare(f.index, dkg.SigningKeyShare.Bytes(), field)

	publicShare, err := curves.NewScalarBaseMult(f.dkgParticipant.Curve, share.Value.BigInt())
	if err != nil {
		return nil, err
	}

	return participant.NewSigner(&dealer.ParticipantData{
		Id:         f.index,
		DecryptKey: dkg.EncryptionKey,
		SecretKeyShare: &dealer.Share{
			ShamirShare: share,
			Point:       publicShare,
		},
		EcdsaPublicKey: dkg.VerificationKey,
		KeyGenType:     dealer.DistributedKeyGenType{ProofParams: proofParams},
		PublicShares:   pubShares,
		EncryptKeys:    encryptKeys,
	}, cosigners)
}