Skip to content

More clarity in threshold sign comments#30

Merged
tarakby merged 3 commits into
mainfrom
tarak/threshold-comments
Jul 15, 2025
Merged

More clarity in threshold sign comments#30
tarakby merged 3 commits into
mainfrom
tarak/threshold-comments

Conversation

@tarakby

@tarakby tarakby commented Jul 8, 2025

Copy link
Copy Markdown
Collaborator

No description provided.

Comment thread bls_thresholdsign.go Outdated
Comment thread bls_thresholdsign.go Outdated
Comment thread bls_thresholdsign.go Outdated
Comment thread bls_thresholdsign.go Outdated
// For safety, the function attemps the reconstruction and only returns a signature that is valid against the group public key.
// This is done by first reconstructing the signature and then validating it against the group public key.
// The reconstructed may fail the validation if at least one signature share added via `TrustedAdd` is invalid.
// The threshold signature is reconstructed only once and is cached for subsequent calls.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A literal reading of this comment implies it, but I assume we don't cache reconstructed signatures that fail validation? 😄

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes an invalid reconstructed signature isn't cached, I'll update the wording. However, your question raises a useful point: Since the invalid signature isn't cached, the function would attempt a reconstruction each time it is called, which is useless because there is no way currently to update the internal state of signature shares, once we reach the threshold of shares. All reconstructed signatures in the current code are computed from the same internal state and are equal.

There are two ways to improve this:

  • cache the invalidity of the reconstructed signature so that we don't attempt a new reconstruction each time. Once set, this flag is immutable (because the internal state is immutable).
  • add a new API to remove signature shares, which is useful to remove invalid shares. This allows to continue updating the internal state and not have it fixed at some point.
    I can update this in a subsequent PR, my preference is the second option.

Comment thread bls_thresholdsign.go Outdated
Comment thread bls_thresholdsign.go Outdated
Comment thread bls_thresholdsign.go Outdated
Comment thread bls_thresholdsign.go Outdated
@tarakby tarakby merged commit 129f847 into main Jul 15, 2025
3 checks passed
@tarakby tarakby deleted the tarak/threshold-comments branch July 15, 2025 15:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants