This document is meant to be the central place of everything related to the cryptographic scheme the threshold network will employ.

It describes the cryptographic goals the threshold network wants to achieve & the different protocols one can use to get there with some implementation links.

Notation

We note $n$ the number of nodes that have a secret share, and $t < n$ the threshold of the network. Each node $i$ is identified by their long term public key $P_i$ and have a secret key $sk_i$.

We call $Q$ the set of qualified node that have successfully ran the DKG, i.e. each node in $Q$ have a partial share $s_i$ corresponding to the distributed secret key $s$ and public key $P = sG$ where $G$ is the generator of the group (without indices means we refer to the "keys of the DKG").

We call the threshold network $GT$ as Generalized Threshold.

We call the Lagrange basis polynomials the following:

$$ \delta_j(x) = \prod_ {i, i \neq j} \frac{x - x_i}{x_j - x_i} $$

such that $\delta_j(x_j) = 1$ and $\delta_j(x_i) = 0$ with $i ≠ j$

When not specified otherwise, we will use a pairing equipped elliptic curve of type III. Namely:

Distributed Key Generation

Given the choice is not exactly settled, here are some potential solutions:

Pedersen DKG

The Pedersen based DKG works in synchronous rounds and is described succinctly here.