Skip to content

Commit

Permalink
move DKGIndexMap formal specs up
Browse files Browse the repository at this point in the history
  • Loading branch information
@tarakby
tarakby committed Nov 29, 2024
1 parent f8a9749 commit b0f36be
Showing 1 changed file with 9 additions and 8 deletions.
17 changes: 9 additions & 8 deletions model/flow/dkg.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,9 +37,16 @@ func (state DKGEndState) String() string {
}

// DKGIndexMap completely describes the DKG committee 𝒟 of size |𝒟| = n.
//
// Formal specification:
// - If n parties are authorized to participate in the DKG, DKGIndexMap must contain exactly n
// elements, i.e. n = len(DKGIndexMap)
// - The values in DKGIndexMap must form the set {0, 1, …, n-1}, as required by the low level cryptography
// module (convention simplifying the implementation).
//
// Flow's random beacon utilizes a threshold signature scheme run by the committee 𝒟.
// In the formal cryptographic protocol for a threshold signature with n parties,
// the individual participants are identified by n public distinct non-negative integers, or simply indices.
// In the formal cryptographic protocol for a threshold signature with n parties, the
// individual participants are identified by n public distinct non-negative integers, or simply indices.
// These public indices are agreed upon by all participants and are used by the low-level
// Shamir Secret Sharing [SSS].
// In Flow, the threshold signature keys are generated by a Distributed Key Generation [DKG]. The DKG
Expand All @@ -52,12 +59,6 @@ func (state DKGEndState) String() string {
// random beacon signature shares. Hence, the protocol level needs to map nodeIDs to the indices when
// calling into the lower-level cryptographic primitives.
//
// Formal specification:
// - DKGIndexMap completely describes the DKG committee. If n parties are authorized to participate
// in the DKG, DKGIndexMap must contain exactly n elements, i.e. n = len(DKGIndexMap)
// - The values in DKGIndexMap must form the set {0, 1, …, n-1}, as required by the low level cryptography
// module (convention simplifying the implementation).
//
// CAUTION: It is important to cleanly differentiate between the consensus committee 𝒞, the DKG committee 𝒟
// and the committee ℛ:
// - For an epoch, the consensus committee 𝒞 contains all nodes that are authorized to vote for blocks. Authority
Expand Down

0 comments on commit b0f36be

Please sign in to comment.