Research parity of blinding key in `tpke` and and validator's decryption key in `ferveo`
piotr-roslaniec opened this issue · 2 comments
piotr-roslaniec commented
- Make sure these abstractions are matching and overlapping
- Is the simple tDec variant supposed to use blinding? (Docs)
- Share encryption in
ferveo
PVSS vs blinding factor intpke
cygnusv commented
- Make sure these abstractions are matching and overlapping
- Share encryption in ferveo PVSS vs blinding factor in tpke
The blinding key in tpke
and the validator's decryption key in ferveo
are analogous. See e.g. how ShareEncryptions
are computed in ferveo:
let shares = dkg
.validators
.iter()
.map(|val| {
fast_multiexp(
&evals.evals[val.share_start..val.share_end],
val.validator.public_key.encryption_key.into_projective(),
)
})
.collect::<Vec<ShareEncryptions<E>>>();
or the ShareEncryptions
type definition:
/// These are the blinded evaluations of weight shares of a single random polynomial
pub type ShareEncryptions<E> = Vec<<E as PairingEngine>::G2Affine>;
- Is the simple tDec variant supposed to use blinding?
It is when used in combination with a PVSS that contains the private key share that each node is supposed to use. Without blinding, the share would be exposed. Blinding with a simple point-scalar multiplication allows the share to be "encrypted" while enabling aggregation in a homomorphic way
piotr-roslaniec commented
Closing this issue as the research by @cygnusv clearly shows parity. Keeping this issue for posterity as a reference.