Currently, Aggregator::sign will verify all of the signature shares before aggregating. But we later verify the aggregate signature as well.
Since the aggregate signature will fail to verify if any of the signature shares are bad, there is no reason to do the expensive signature share check first. Instead do the aggregation and verify the resulting signature; if it's good, great. If not, then do the expensive check and find out which shares were bad.
Currently,
Aggregator::signwill verify all of the signature shares before aggregating. But we later verify the aggregate signature as well.Since the aggregate signature will fail to verify if any of the signature shares are bad, there is no reason to do the expensive signature share check first. Instead do the aggregation and verify the resulting signature; if it's good, great. If not, then do the expensive check and find out which shares were bad.