At the end of each DKG process the function DistributedKeyGeneration<RoundTwo>::finish() outputs the group_public_key and the individual secret_key for each participant. In the subsequent steps to create the partial signature, in order to include a signer into the SignatureAggregator, the SignatureAggregator creator needs the individual public_key of other participants (which is derived from the individual secret_key). The individual secret_key is private and cannot be shared with other participants.
As of now to verify IndividualPublicKey of other participants, or to recompute it, a participant needs all the commitments of other participants, but sorted. These commitments are present in the Participant struct. There can be two approaches to a solutions:
We assume that ordering is provided outside of the Frost library, so we can implement it by ignoring this requirement, but this kind of makes the API unsafe for people who wouldn't read the requirement.
We add the participant index in the commitment of the Participant struct, which can be redundant and make the implementation heavier overall.
How should we approach the implementation?
At the end of each DKG process the function
DistributedKeyGeneration<RoundTwo>::finish()outputs thegroup_public_keyand the individualsecret_keyfor each participant. In the subsequent steps to create the partial signature, in order to include a signer into theSignatureAggregator, theSignatureAggregatorcreator needs the individualpublic_keyof other participants (which is derived from the individualsecret_key). The individualsecret_keyis private and cannot be shared with other participants.As of now to verify
IndividualPublicKeyof other participants, or to recompute it, a participant needs all the commitments of other participants, but sorted. These commitments are present in theParticipantstruct. There can be two approaches to a solutions:Participantstruct, which can be redundant and make the implementation heavier overall. How should we approach the implementation?