Thanks for all the nice work you are putting into this.
Here are some comments I have after reading through the spec. Some
might seem as nits, but I am erring on the side of sharing more than
less.
I have not read through the code, so some questions might be answered
there. However, I hope these comments are helpful.
Lack of robustness will be a problem for online services that need
to make progress in the face of benign or byzantine failures of
some of the nodes. Services face production issues and online
services will want to continue making progress. The lack of
robustness is understandable from a custody wallet perspective, and
chilldkg suits those use cases really well.
a BIP340 Schnorr signature pop on message i with secret key
a_i[0] to the coordinator.
Here message i was confusing. I had to stare at it for a while to
figure out that you mean a message with only the identifier i as
the content. Just a nit, but might help to restate it.
The encryption relies on ephemeral-static ECDH key exchange...
Is this Noise_KX? If so, might help to highlight it as a footnote
to make it easier to digest. If it isn't, then I misunderstood this
and maybe we can add how this is different from Noise_KX.
EncPedPop appends to the transcript eq_input of SimplPedPop
I imagine you mean the entire log of messages received and sent -
excluding the private messages? Or with cipher text of the secret
messages sent?
It is not clear from the BIP text what is the transcript that
CertEq reaches agreement on.
I like the simplicity of CertEq. It seems like it can finish in a
single round. Is that so?
Thanks for all the nice work you are putting into this.
Here are some comments I have after reading through the spec. Some might seem as nits, but I am erring on the side of sharing more than less.
I have not read through the code, so some questions might be answered there. However, I hope these comments are helpful.
Lack of robustness will be a problem for online services that need to make progress in the face of benign or byzantine failures of some of the nodes. Services face production issues and online services will want to continue making progress. The lack of robustness is understandable from a custody wallet perspective, and chilldkg suits those use cases really well.
Here
message iwas confusing. I had to stare at it for a while to figure out that you mean a message with only the identifierias the content. Just a nit, but might help to restate it.Is this Noise_KX? If so, might help to highlight it as a footnote to make it easier to digest. If it isn't, then I misunderstood this and maybe we can add how this is different from Noise_KX.
I imagine you mean the entire log of messages received and sent - excluding the private messages? Or with cipher text of the secret messages sent?
It is not clear from the BIP text what is the transcript that CertEq reaches agreement on.
I like the simplicity of CertEq. It seems like it can finish in a single round. Is that so?