Research parity of blinding key in `tpke` and and validator's decryption key in `ferveo`

Question

Research parity of blinding key in `tpke` and and validator's decryption key in `ferveo`

piotr-roslaniec opened this issue a year ago · 2 comments

Make sure these abstractions are matching and overlapping
Is the simple tDec variant supposed to use blinding? (Docs)
Share encryption in ferveo PVSS vs blinding factor in tpke

Answer 1 · 2023-02-01T10:57:56.000Z

Make sure these abstractions are matching and overlapping

Share encryption in ferveo PVSS vs blinding factor in tpke

The blinding key in tpke and the validator's decryption key in ferveo are analogous. See e.g. how ShareEncryptions are computed in ferveo:

let shares = dkg
            .validators
            .iter()
            .map(|val| {
                fast_multiexp(
                    &evals.evals[val.share_start..val.share_end],
                    val.validator.public_key.encryption_key.into_projective(),
                )
            })
            .collect::<Vec<ShareEncryptions<E>>>();

or the ShareEncryptions type definition:

/// These are the blinded evaluations of weight shares of a single random polynomial
pub type ShareEncryptions<E> = Vec<<E as PairingEngine>::G2Affine>;

Is the simple tDec variant supposed to use blinding?

It is when used in combination with a PVSS that contains the private key share that each node is supposed to use. Without blinding, the share would be exposed. Blinding with a simple point-scalar multiplication allows the share to be "encrypted" while enabling aggregation in a homomorphic way

Answer 2 · 2023-02-01T14:07:40.000Z

Closing this issue as the research by @cygnusv clearly shows parity. Keeping this issue for posterity as a reference.