Closed akileshtangella closed 1 year ago
Say you have $t$ Shamir secret shares of a $t-1$ degree polynomial $(x_{i1},...,x{i_{t}})$ and a corresponding secret $x$.
Let the corresponding Lagrange basis polynomials be $(l_{i1},...,l{i_t})$.
Then: $$x = (x_{i1},...,x{i{t}}) \cdot (l{i1}(0),...,l{i_t}(0))$$
So to convert the $xi$ to additive shares simply multiply by $l{i}(0)$. Where do we get the Lagrange basis polynomials evaluated at 0...Zengo has already done it for us here. So we don't have to reimplement.
Say you have $t$ Shamir secret shares of a $t-1$ degree polynomial $(x_{i1},...,x{i_{t}})$ and a corresponding secret $x$.
Let the corresponding Lagrange basis polynomials be $(l_{i1},...,l{i_t})$.
Then: $$x = (x_{i1},...,x{i{t}}) \cdot (l{i1}(0),...,l{i_t}(0))$$
So to convert the $xi$ to additive shares simply multiply by $l{i}(0)$. Where do we get the Lagrange basis polynomials evaluated at 0...Zengo has already done it for us here. So we don't have to reimplement.