ZcashFoundation / redjubjub

A minimal RedJubjub implementation for use in Zebra.
Other
28 stars 21 forks source link

Share commitments should be vectors #129

Open upbqdn opened 3 years ago

upbqdn commented 3 years ago

Description

The field share_commitment https://github.com/ZcashFoundation/redjubjub/blob/3db05e29f7d9e6a62420b928e83b126b75ee8a44/src/messages.rs#L189 should contain a vector of commitments instead of just one commitment.

In our tests, we also consider only the zeroth commitment, which is a commitment to the shared secret, and we don't consider the remaining commitments: https://github.com/ZcashFoundation/redjubjub/blob/3db05e29f7d9e6a62420b928e83b126b75ee8a44/src/messages/tests/integration.rs#L783

Rationale

The field share_commitment, as defined above, should represent the struct ShareCommitment in the FROST implementation: https://github.com/ZcashFoundation/redjubjub/blob/3db05e29f7d9e6a62420b928e83b126b75ee8a44/src/frost.rs#L93

The struct ShareCommitment is a vector, and represents a public commitment C⃗i as defined in step 3, Round 1 of Figure 1 of the FROST paper. This public commitment contains commitments to the individual coefficients of the secret polynomial.