omershlo
commented
3 years ago Thanks @DmytroTym !! I agree that on first look something seems odd there. @nmahendru - can you also take a look ?
Closed DmytroTym closed 2 years ago
omershlo
commented
3 years ago Thanks @DmytroTym !! I agree that on first look something seems odd there. @nmahendru - can you also take a look ?
nmahendru
commented
3 years ago That looks wrong.. and you are right @DmytroTym . I'll try to put up a pr to fix this.
DmytroTym
commented
3 years ago Great, thanks for the quick response!
DmytroTym
commented
2 years ago I have another question, but don't want to open a separate issue as I am not sure it deserves it. When we do MtAwc for k_i and w_i, the fact that g^{w_i} is public, is used. But in the code of sign/rounds.rs parties do not compute g^{w_i} themselves, but just send their values to each other during the first round. I understand that this is about identifiable aborts, which are not completely implemented anyway. But still, wanted to make sure that in the final version, g^{w_i} should be computed by everyone using public VSS commitments.
omershlo
commented
2 years ago Thanks @DmytroTym your feedback is extremely helpful. We identified this issue as well and it will be resolved in the upcoming PR. please send me an email to omer@zengo.com or ping me in telegram @omershlo - I would like to offer you a reward
omershlo
commented
2 years ago fixed in #130
Hello,
I was going through the library and got stuck at
sign_stage6method oforchestrate.rs. If I understand correctly, it corresponds to this line at page 15 of GG20 (specifically, the zero-knowledge proof part of it):But from the code it seems that we actually prove the statement
ttimes, just with different Fujisaki-Okamoto commitments, and then verify our own proofs instead of broadcasting them. Also, I don't really understand why this stage is called in online stage of signing protocol (paper seems to suggest it can be done offline). Am I missing something?Thanks!