Thanks to the IPC Foundation for open sourcing the asynchronous, interactive, distributed ECDSA key generation scheme. If I understand correctly, the resharing scheme should allow resharing threshold shares to new sets of nodes (larger or smaller than the previous set) without changing the ECDSA public key.
Do I understand correctly that reshares are produced from products of old shares? I haven’t been able to understand the difference between masked and unmasked resharings, shown here. Are masked and unmasked defined somewhere? Is there an example in the code where a set of shares are reshared to a larger number of shares, where some nodes are new with no previously existing shares?
Masked and unmasked appear to be defined here.
A masked dealing is a Pedersen commitment, while an unmasked dealing is a discrete log commitment.
This helps. Still attempting to find an example or understand the protocol for resharing to a larger set of shares with an increased threshold.
There was a really great survey paper on this technology … I think resharing is not that complex :
“When [sk] is already a Shamir sharing, the parties
simply generate a zero secret sharing which they add to
the existing secret.”
This is section 4.2.
Thanks, this paper did help improve my understanding of what might be going on, but @victorshoup mentions in this video as well as this post that none of the ECDSA threshold sharing protocols described in that paper satisfied their needs so they designed a new protocol. I couldn’t find a description of the ECDSA threshold protocol that was decided upon.
The full cryptographic details of the interactive DKG and threshold ECDSA signing will be published in a paper that should appear in the following weeks.
I just found the paper, it came out a couple of weeks ago, here.
This is what I needed to understand what’s going on, and I was able to reproduce resharing to a larger number of nodes. The key insights I was missing were:
- Lambda values can simply be created with the
- The previous set of dealers can reshare to a larger number of recipients using the same protocol