Currently the VSS Feldman primitive in Curv is vulnerable to n-t+1 attack, where there are n-t+1 malicious collaborators that can take over the protocol if one of them publishes 0-th polynomial coefficient commitment that is equal to s*G - \sum (Honest Participants' 0-th coefficient commitments). If there are n-t+1 adversaries, then the attackers can solve the system of linear equations and alter their polynomial coefficient commitments so that the honest participants don't notice that the attacker's 0-th coefficient commitment is poisoned. To defend from this attack I've added a proof of knowledge of the dlog of the 0-th commitment.
Currently the VSS Feldman primitive in Curv is vulnerable to n-t+1 attack, where there are n-t+1 malicious collaborators that can take over the protocol if one of them publishes 0-th polynomial coefficient commitment that is equal to s*G - \sum (Honest Participants' 0-th coefficient commitments). If there are n-t+1 adversaries, then the attackers can solve the system of linear equations and alter their polynomial coefficient commitments so that the honest participants don't notice that the attacker's 0-th coefficient commitment is poisoned. To defend from this attack I've added a proof of knowledge of the dlog of the 0-th commitment.