Skip to content

Commit 037a72e

Browse files
jonasnickjonasnick
committed
participant_step2: add unfinalized session warning
1 parent 980146f commit 037a72e

File tree

2 files changed

+24
-0
lines changed

2 files changed

+24
-0
lines changed

README.md

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -833,6 +833,18 @@ def participant_step2(hostseckey: bytes, state1: ParticipantState1, cmsg1: Coord
833833

834834
Perform a participant's second step of a ChillDKG session.
835835

836+
*Warning:*
837+
After sending the returned message to the coordinator, this participant
838+
**must not** erase the hostseckey, even if this participant does not receive
839+
the coordinator reply needed for the `participant_finalize` call. The
840+
underlying reason is that some other participant may receive the coordinator
841+
reply, deem the DKG session successful and use the resulting threshold
842+
public key (e.g., by sending funds to it). If the coordinator reply remains
843+
missing, that other participant can, at any point in the future, convince
844+
this participant of the success of the DKG session by presenting recovery
845+
data, from which this participant can recover the DKG output using the
846+
`recover` function.
847+
836848
*Arguments*:
837849

838850
- `hostseckey` - Participant's long-term host secret key (32 bytes).

python/chilldkg_ref/chilldkg.py

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -490,6 +490,18 @@ def participant_step2(
490490
) -> Tuple[ParticipantState2, ParticipantMsg2]:
491491
"""Perform a participant's second step of a ChillDKG session.
492492
493+
**Warning:**
494+
After sending the returned message to the coordinator, this participant
495+
**must not** erase the hostseckey, even if this participant does not receive
496+
the coordinator reply needed for the `participant_finalize` call. The
497+
underlying reason is that some other participant may receive the coordinator
498+
reply, deem the DKG session successful and use the resulting threshold
499+
public key (e.g., by sending funds to it). If the coordinator reply remains
500+
missing, that other participant can, at any point in the future, convince
501+
this participant of the success of the DKG session by presenting recovery
502+
data, from which this participant can recover the DKG output using the
503+
`recover` function.
504+
493505
Arguments:
494506
hostseckey: Participant's long-term host secret key (32 bytes).
495507
state1: The participant's session state as output by

0 commit comments

Comments
 (0)