JohnLCaron
commented
5 months ago // TODO KeyShare should include ξi,ℓOut implementation doesnt use nonce ξi,ℓ . Not sure if thats a problem.
// spec 2.0.0, p 24 "Share verification"
// If the recipient guardian Gℓ reports not receiving a suitable value Pi (ℓ), it becomes incumbent on the
// sending guardian Gi to publish this Pi (ℓ) together with the nonce ξi,ℓ it used to encrypt Pi (ℓ)
// under the public key Kℓ of recipient guardian Gℓ . If guardian Gi fails to produce a suitable Pi (ℓ)
// and nonce ξi,ℓ that match both the published encryption and the above equation, it should be
// excluded from the election and the key generation process should be restarted with an alternate
// guardian. If, however, the published Pi (ℓ) and ξi,ℓ satisfy both the published encryption and the
// equation above, the claim of malfeasance is dismissed, and the key generation process continues undeterred.
// footnote 28 It is also permissible to dismiss any guardian that makes a false claim of malfeasance. However, this is not
// required as the sensitive information that is released as a result of the claim could have been released by the claimant
// in any case.
if the trustees are not trusted, we could do other verification tests in keyCeremonyExchange. // are the public keys valid? // are the encrypted shares valid? // are the unencrypted shares valid?