You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: README.md
+6-2
Original file line number
Diff line number
Diff line change
@@ -91,7 +91,11 @@ This will enable bandwidth optimizations and is common also in implementations o
91
91
Participants are identified and authenticated via long-term public keys.
92
92
93
93
The basic building block of ChillDKG is the SimplPedPop protocol (a simplified variant of PedPop),
94
-
which has been proven to be secure when combined with FROST [[CGRS23](https://eprint.iacr.org/2023/899)].
94
+
which has been designed specifically for FROST.
95
+
SimplPedPop is proven to be secure when combined with FROST [[CGRS23](https://eprint.iacr.org/2023/899)],
96
+
and its output contains, in addition to the threshold public key, separate per-participant public shares thereof,
97
+
which allow for partial verification of contributions in a FROST signing session.
98
+
95
99
Besides external secure channels, SimplPedPop depends on an external *equality check protocol*.
96
100
The equality check protocol serves as an abstraction of a consensus mechanism:
97
101
Its only purpose is to check that, at the end of SimplPedPop, all participants have received identical protocol messages.
@@ -139,7 +143,7 @@ In summary, we aim for the following design goals:
139
143
-**Broad applicability**: ChillDKG supports a wide range of scenarios, from those where the signing devices are owned and connected by a single individual to those where multiple owners manage the devices from distinct locations.
140
144
-**Simple backups**: ChillDKG allows recovering the DKG output using the host secret key and common recovery data shared among all participants and the coordinator. This eliminates the need for session-specific backups, simplifying user experience.
141
145
-**Untrusted coordinator**: Like FROST, ChillDKG uses a coordinator that relays messages between the participants. This simplifies the network topology, and the coordinator additionally reduces communication overhead by aggregating some of the messages. A malicious coordinator can force the DKG to fail but cannot negatively affect the security of the DKG.
142
-
-**Per-participant public keys**: When ChillDKG is used with FROST, partial signature verification is supported.
146
+
-**Per-participant public shares**: ChillDKG supports partial signature verification in FROST signing sessions.
143
147
-**Taproot-safe threshold public key**: ChillDKG prevents malicious participants from embedding a hidden [[BIP 341]](https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki) Taproot commitment to a script path in the threshold public key.
144
148
-**Blame functionality**: If a ChillDKG session aborts, it is possible to identify and blame a single party responsible for the failure (assuming the network, and, depending on the circumstances, the coordinator, is reliable).
0 commit comments