- λ = MAX(One gossip duraion, transaction confirm latency)
- Signature = BLS
- Curve = BLS12_381
- n = size of
notary_set - t =
- Complaints and nack complaints are stored in governance contract; therefore, the broadcast is reliable.
- Governance contract will do the sanity check for complaints and nack complaints before adding to its state.
- Once a validator proposed
DKGFinal_i, it can no longer propose any complaint. - After DKG finished, if successful qualify nodes size is less than
of notary set size, DKG will be rerun with different set of nodes.
Each validator registers its ID(DKGMasterPublicKey_i) with stake.
After λ
Each validator i broadcasts a DKGMasterPublicKeyReady_i message.
Validator waits until seeing more than 2t+1 DKGGroupPublicKeyReady message than proceeds to Phase 2.
Each validator i generates n (n = # of ID registered in phase 1) secret key shares (SK_i,0, SK_i,1, ..., SK_i,n) of order t and the secret key share is sent to the corresponding validator (SK_i,j is sent to validator j) via a secure channel.
Each validator i broadcasts the master public key (MPK_i = {MPK_i,0, MPK_i,1, ..., MPK_i,t}) of order t associated with the secret key shares.
Each validator i calculates public key shares (PK_0,i, PK_1,i, ..., PK_n,i) using corresponding master public key (PK_j,i = F(MPK_j, i)).
Each validator i verifies if the secret key share SK_j,i is associated with the public key share of validator j, PK_j,i. If the verification fails, i broadcast complaint of j, CMP_i,j.
If validator i did not receive SK_j,i, broadcast nack complaint of j, NCMP_i,j.
If validator j sees NCMP_i,j for any i, broadcast secret key share SK_j,i.
If validator k receive SK_j,i for the first time for i != k, broadcast it again.
If validator k sees SK_j,i for i != k, verifies if the secret key share SK_j,i is associated with the public key share of validator j, PK_j,i. If the verification fails, k broadcast complaint of j, CMP_k,j.
If validator k sees NCMP_i,j for j != k and did not receive SK_j,i, k broadcast nack complaint of j, NCMP_k,j.
Each validator i broadcast a DKGFinal_i message.
Validator waits until seeing more than 2t+1 final message.
If there are more than t nack complaints to validator j ( (
i : for all validator i)), then j is marked as Disqualified.
If there is one complaint, CMP_i,j, to validator j, then j is marked as Disqualified.
Each validator i determines the combined secret key, (
k: validator k is not marked as Disqualified)
If a validator i successfully recovered combined secret key, it will broadcast a DKGSuccess_i message.
Each validator i sign the message with CSK_i and broadcast the partial signature, PSign_i.
Each validator i determines the combined public key of validator j, (
k: validator k is not marked as Disqualified)
If validator i is not Disqualified, verify PSign_i with CPK_i.
Collect more than t valid PSign_i and recover TSIG, TSIG.
Determines the group public key, (
k: validator k is not marked as Disqualified)
Verify TSIG with GPK.