Thank you @andrea !
For each dealing we need to collect support shares from the receivers. How many shares should we collect? In the protocol we collect 2f+1, which is actually the maximum assuming up to f corruptions: if you want to collect more support shares then the protocol cannot guarantee liveness, since you would need the participation of possibly corrupt parties to make progress. Therefore in the protocol we have that each dealing has support from 2f+1 receivers, however you don’t know a priori how many of the supporters are honest. Since we assume up to f corruptions, then it means we have at least f+1 honest supporters for each dealing. So in the worst case the f+1 honest supporters need to be able to sign, which means that the threshold can be at most f+1. AFAIK this issue applies in general to interactive DKG protocols.
Is this related to the section 3.4 of the paper?
What seems weird to me is the fact that we need 2f+1 support shares, but we say that the threshold is f+1. If at some point in the protocol, we need 2f+1 users, it means that the “global” threshold is 2f+1, even if the ecdsa threshold is f+1?
Maybe it’s because we need 2f+1 support shares, but only f+1 out of these should rely on honest supporters?
This was explained, e.g., in this forum post
Will read it in details, thanks for sharing !
How do you know how long to wait until the next dealing comes? What if the next dealing is the problematic one?
I don’t know, my idea was about running the two processes in the same time, and see which one ends first.
Note that with these parameters, you cannot achieve liveness. If you have 10 nodes, you are expecting to collect at least 9 dealings. Which means you can tolerate at most 1 corrupt party (note that corrupt/faulty nodes may never send a single message in the protocol). If you assume that more than 1 party can corrupt, then you protocol cannot achieve liveness, i.e. it could never terminate.
And even if I tolerate at most 1 corrupt party, this means that there is no need to have a threshold higher that 2, so I can directly use a (10,2) scheme instead of that (10,5) scheme, right?