Thanks to the IPC Foundation for open sourcing the asynchronous, interactive, distributed ECDSA key generation scheme. If I understand correctly, the resharing scheme should allow resharing threshold shares to new sets of nodes (larger or smaller than the previous set) without changing the ECDSA public key.
Do I understand correctly that reshares are produced from products of old shares? I haven’t been able to understand the difference between masked and unmasked resharings, shown here. Are masked and unmasked defined somewhere? Is there an example in the code where a set of shares are reshared to a larger number of shares, where some nodes are new with no previously existing shares?
Thanks, this paper did help improve my understanding of what might be going on, but @victorshoup mentions in this video as well as this post that none of the ECDSA threshold sharing protocols described in that paper satisfied their needs so they designed a new protocol. I couldn’t find a description of the ECDSA threshold protocol that was decided upon.
The full cryptographic details of the interactive DKG and threshold ECDSA signing will be published in a paper that should appear in the following weeks.
I just found the paper, it came out a couple of weeks ago, here.
This is what I needed to understand what’s going on, and I was able to reproduce resharing to a larger number of nodes. The key insights I was missing were:
Lambda values can simply be created with the Random protocol
The previous set of dealers can reshare to a larger number of recipients using the same protocol
I’m interested in your work on resharing - could you possibly share the repository where this has been implemented? Your help is greatly appreciated. Thanks in advance!