Hello herumi, I have a question about Secret Sharing API

[Senlody]

In this part, it's said that f(x) = msk[0] + msk[1] x + ... + msk[k-1] x^{k-1}, where msk[0] is the original secret key s. Does it mean that every member of the group is able to generate the final signature sH(m) without collecting signature of other members?

[herumi]

The only system setup knows msk[0]. He uses void SecretKey::set(const SecretKeyVec& msk, const Id& id); and sends f(id) to each user. see https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing

[Senlody]

Thanks for reply, I have a further question: If none of the members in the group is trusted by everyone, then who will setup the sharing?

[herumi]

Under the situation, use DKG(https://en.wikipedia.org/wiki/Distributed_key_generation).

[Senlody]

Thanks a lot, it's clear now.