# DEXON DKG-TSIG Protocol

### Parameter

- λ = MAX(One gossip duraion, transaction confirm latency)
- Signature = BLS
- Curve = BLS12_381
- n = size of
`notary_set`

- t =

### Notes

- Complaints and nack complaints are stored in governance contract; therefore, the broadcast is reliable.
- Governance contract will do the sanity check for complaints and nack complaints before adding to its state.
- Once a validator proposed
`DKGFinal_i`

, it can no longer propose any complaint. - After DKG finished, if successful qualify nodes size is less than of notary set size, DKG will be rerun with different set of nodes.

## Phase 1 ID Registration

### @ T < 0

Each validator registers its ID(`DKGMasterPublicKey_i`

) with stake.

**After λ**

Each validator `i`

broadcasts a `DKGMasterPublicKeyReady_i`

message.

Validator waits until seeing more than `2t+1`

`DKGGroupPublicKeyReady`

message than proceeds to Phase 2.

## Phase 2 Secret Key Share Exchange

### @ T = 0

Each validator `i`

generates `n`

(`n`

= # of ID registered in phase 1) secret key shares (`SK_i,0, SK_i,1, ..., SK_i,n`

) of order `t`

and the secret key share is sent to the corresponding validator (`SK_i,j`

is sent to validator `j`

) via a secure channel.

Each validator `i`

broadcasts the master public key (`MPK_i = {MPK_i,0, MPK_i,1, ..., MPK_i,t}`

) of order `t`

associated with the secret key shares.

## Phase 3 Complaint

### @ T = (0, λ)

Each validator `i`

calculates public key shares (`PK_0,i, PK_1,i, ..., PK_n,i`

) using corresponding master public key (`PK_j,i = F(MPK_j, i)`

).

Each validator `i`

verifies if the secret key share `SK_j,i`

is associated with the public key share of validator `j`

, `PK_j,i`

. If the verification fails, `i`

broadcast complaint of `j`

, `CMP_i,j`

.

## Phase 4 Nack Complaint

### @ T = λ

If validator `i`

did not receive `SK_j,i`

, broadcast nack complaint of `j`

, `NCMP_i,j`

.

## Phase 5 Anti Nack Complaint

### @ T = 2λ

If validator `j`

sees `NCMP_i,j`

for any `i`

, broadcast secret key share `SK_j,i`

.

## Phase 6 Rebroadcast Secret

### @ T = 3λ

If validator `k`

receive `SK_j,i`

for the first time for `i`

!= `k`

, broadcast it again.

## Phase 7 Enforce Complaint

### @ T = 4λ

If validator `k`

sees `SK_j,i`

for `i`

!= `k`

, verifies if the secret key share `SK_j,i`

is associated with the public key share of validator `j`

, `PK_j,i`

. If the verification fails, `k`

broadcast complaint of `j`

, `CMP_k,j`

.

If validator `k`

sees `NCMP_i,j`

for `j`

!= `k`

and did not receive `SK_j,i`

, `k`

broadcast nack complaint of `j`

, `NCMP_k,j`

.

## Phase 8 DKG Finalize

### @ T = 5λ

Each validator `i`

broadcast a `DKGFinal_i`

message.

## Phase 9 Sign with CSK

### @ T = 6λ

Validator waits until seeing more than `2t+1`

final message.

If there are more than `t`

nack complaints to validator `j`

( (`i`

: for all validator `i`

)), then `j`

is marked as **Disqualified**.

If there is **one** complaint, `CMP_i,j`

, to validator `j`

, then `j`

is marked as **Disqualified**.

Each validator `i`

determines the combined secret key, (`k`

: validator `k`

is not marked as **Disqualified**)

If a validator `i`

successfully recovered combined secret key, it will broadcast a `DKGSuccess_i`

message.

Each validator `i`

sign the message with `CSK_i`

and broadcast the partial signature, `PSign_i`

.

Each validator `i`

determines the combined public key of validator `j`

, (`k`

: validator `k`

is not marked as **Disqualified**)

## Phase 10 TSIG

### @ T = (6λ, +inf)

If validator `i`

is not **Disqualified**, verify `PSign_i`

with `CPK_i`

.

Collect more than `t`

valid `PSign_i`

and recover TSIG, `TSIG`

.

## Phase 11 Verify TSIG

Determines the group public key, (`k`

: validator `k`

is not marked as **Disqualified**)

Verify `TSIG`

with `GPK`

.