3.6.8 Simplify offset splitting

This wasn't done prior to be 'leaderless', as now the participant with the lowest ID has an extra step, yet this is still trivial. There's also notable performance benefits to not taking the previous dividing approach, which performed an exp.
2025-12-08 20:29:23 +00:00 · 2023-03-01 01:06:13 -05:00
parent a42a84e1e8
commit c6284b85a4
3 changed files with 23 additions and 21 deletions
--- a/crypto/dkg/src/lib.rs
+++ b/crypto/dkg/src/lib.rs
@@ -401,31 +401,35 @@ impl<C: Ciphersuite> ThresholdKeys<C> {
    self.core.serialize()
  }

-  pub fn view(&self, included: &[Participant]) -> Result<ThresholdView<C>, DkgError<()>> {
+  pub fn view(&self, mut included: Vec<Participant>) -> Result<ThresholdView<C>, DkgError<()>> {
    if (included.len() < self.params().t.into()) || (usize::from(self.params().n) < included.len())
    {
      Err(DkgError::InvalidSigningSet)?;
    }
+    included.sort();

-    let offset_share = self.offset.unwrap_or_else(C::F::zero) *
-      C::F::from(included.len().try_into().unwrap()).invert().unwrap();
-    let offset_verification_share = C::generator() * offset_share;
+    let mut secret_share =
+      Zeroizing::new(lagrange::<C::F>(self.params().i, &included) * self.secret_share().deref());
+
+    let mut verification_shares = self.verification_shares();
+    for (i, share) in verification_shares.iter_mut() {
+      *share *= lagrange::<C::F>(*i, &included);
+    }
+
+    // The offset is included by adding it to the participant with the lowest ID
+    let offset = self.offset.unwrap_or_else(C::F::zero);
+    if included[0] == self.params().i() {
+      *secret_share += offset;
+    }
+    *verification_shares.get_mut(&included[0]).unwrap() += C::generator() * offset;

    Ok(ThresholdView {
-      offset: self.offset.unwrap_or_else(C::F::zero),
+      offset,
      group_key: self.group_key(),
-      secret_share: Zeroizing::new(
-        (lagrange::<C::F>(self.params().i, included) * self.secret_share().deref()) + offset_share,
-      ),
+      secret_share,
      original_verification_shares: self.verification_shares(),
-      verification_shares: self
-        .verification_shares()
-        .iter()
-        .map(|(l, share)| {
-          (*l, (*share * lagrange::<C::F>(*l, included)) + offset_verification_share)
-        })
-        .collect(),
-      included: included.to_vec(),
+      verification_shares,
+      included,
    })
  }
 }