Add references in the doc

NDobrev · NDobrev · commit a622df706233 · 2025-06-11T14:24:05.000+03:00
diff --git a/crates/dkg/src/verification.rs b/crates/dkg/src/verification.rs
@@ -365,53 +365,82 @@ where
     key.verify_signature(commitment.hash.as_ref(), &signature)
 }
 
-pub fn prove_wrong_final_key_generation<Setup>(
+fn verify_generation_base_hashes<Setup>(
     data: &BadPartialShareData<Setup>,
 ) -> Result<(), Box<dyn std::error::Error>>
 where
     Setup: DkgSetup + DkgSetupTypes<Setup>,
 {
-    verify_commitment_signature(data)?;
-    // Verify that the generation base hashes are correct
-    for generation in data.generations.iter() {
-        let ok = verify_initial_commitment_hash::<Setup>(&InitialCommitment::<Setup> {
+    for generation in &data.generations {
+        let initial_commitment = InitialCommitment::<Setup> {
             hash: generation.base_hash,
             settings: data.settings.clone(),
             base_pubkeys: generation.verification_vector.clone(),
-        });
-        if !ok {
+        };
+
+        if !verify_initial_commitment_hash::<Setup>(&initial_commitment) {
             return Err(Box::new(VerificationErrors::UnslashableError(format!(
                 "Invalid generation base hash {}",
                 generation.base_hash
             ))));
         }
     }
+    Ok(())
+}
+
+fn verify_expected_key<Setup>(
+    sorted_generation: &[BadPartialShareGeneration<Setup>],
+    perpetrator_index: usize,
+    key: &Setup::DkgPubkey,
+) -> Result<(), Box<dyn std::error::Error>>
+where
+    Setup: DkgSetup + DkgSetupTypes<Setup>,
+{
+    let perpetrator_id = Setup::Scalar::from_u32((perpetrator_index + 1) as u32);
+    let expected_key = compute_pubkey_share(sorted_generation, &perpetrator_id);
+
+    let actual_key_point = Setup::Point::from_bytes(&key.to_bytes())
+        .map_err(|_| VerificationErrors::SlashableError("Invalid point".to_string()))?;
+
+    if expected_key != actual_key_point {
+        return Err(Box::new(VerificationErrors::SlashableError(format!(
+            "Computed key {} does not match expected key {}",
+            expected_key, key
+        ))));
+    }
+    Ok(())
+}
+
+pub fn prove_wrong_final_key_generation<Setup>(
+    data: &BadPartialShareData<Setup>,
+) -> Result<(), Box<dyn std::error::Error>>
+where
+    Setup: DkgSetup + DkgSetupTypes<Setup>,
+{
+    verify_commitment_signature(data)?;
+    verify_generation_base_hashes(data)?;
 
     let mut sorted_generation = data.generations.to_vec();
     sorted_generation.sort_by(|a, b| a.base_hash.cmp(&b.base_hash));
 
     let perpetrator_index =
         find_perpetrator_index(&data.bad_partial.data.base_hash, &sorted_generation)?;
 
-    let key = match Setup::DkgPubkey::from_bytes_safe(&data.bad_partial.data.partial_pubkey) {
-        Ok(key) => key,
-        Err(e) => {
-            return Err(Box::new(VerificationErrors::SlashableError(format!(
+    let key =
+        Setup::DkgPubkey::from_bytes_safe(&data.bad_partial.data.partial_pubkey).map_err(|e| {
+            VerificationErrors::SlashableError(format!(
                 "While uncompressing data.bad_partial.data.partial_pubkey {}",
                 e
-            ))));
-        }
-    };
+            ))
+        })?;
 
-    let sig = match Setup::DkgSignature::from_bytes_safe(&data.bad_partial.data.message_signature) {
-        Ok(sig) => sig,
-        Err(e) => {
-            return Err(Box::new(VerificationErrors::SlashableError(format!(
+    let sig = Setup::DkgSignature::from_bytes_safe(&data.bad_partial.data.message_signature)
+        .map_err(|e| {
+            VerificationErrors::SlashableError(format!(
                 "While uncompressing data.bad_partial.data.message_signature {}",
                 e
-            ))));
-        }
-    };
+            ))
+        })?;
 
     if !key.verify_signature(data.bad_partial.data.message_cleartext.as_bytes(), &sig) {
         return Err(Box::new(VerificationErrors::SlashableError(format!(
@@ -420,16 +449,7 @@ where
         ))));
     }
 
-    let perpetrator_id = Setup::Scalar::from_u32((perpetrator_index + 1) as u32);
-
-    let expected_key = compute_pubkey_share(&sorted_generation, &perpetrator_id);
-
-    if expected_key != Setup::Point::from_bytes(&key.to_bytes()).expect("Invalid point") {
-        return Err(Box::new(VerificationErrors::SlashableError(format!(
-            "Computed key {} does not match expected key {}",
-            expected_key, key,
-        ))));
-    }
+    verify_expected_key::<Setup>(&sorted_generation, perpetrator_index, &key)?;
 
     Ok(())
 }
diff --git a/doc/dkg_verification.md b/doc/dkg_verification.md
@@ -301,3 +301,32 @@ Once all valid signatures are collected, any participant (or a subset thereof) c
   The circuit succeeds only if all commitments, partial keys, signatures, and the reconstructed final key are valid.
 
 
+## References for Zero-Knowledge Verification of Distributed Key Generation
+
+- **Shamir’s Secret Sharing (SSS)**  
+  A method to divide a secret into multiple parts, requiring a minimum number of parts to reconstruct the original secret.  
+  [Shamir's Secret Sharing - Wikipedia](https://en.wikipedia.org/wiki/Shamir%27s_secret_sharing)
+
+- **Verifiable Secret Sharing (VSS)**  
+  An extension of Shamir’s Secret Sharing that enables participants to verify the validity of their shares.  
+  [Verifiable Secret Sharing - Wikipedia](https://en.wikipedia.org/wiki/Verifiable_secret_sharing)
+
+- **Zero-Knowledge Proofs (ZKPs)**  
+  Cryptographic methods enabling proof of validity without revealing underlying information.  
+  [Zero-Knowledge Proof (ZKP) — Chainlink](https://chain.link/education/zero-knowledge-proof-zkp)
+
+- **Distributed Key Generation Protocols**  
+  Protocols allowing multiple participants to jointly generate a shared public/private key pair without exposing private keys.  
+  [Distributed Key Generation - Wikipedia](https://en.wikipedia.org/wiki/Distributed_key_generation)
+
+- **Lagrange Interpolation**  
+  Mathematical method used in Shamir’s Secret Sharing to reconstruct secrets from polynomial interpolation.  
+  [Lagrange Polynomial - Wikipedia](https://en.wikipedia.org/wiki/Lagrange_polynomial)
+
+- **Elliptic Curve Diffie–Hellman (ECDH)**  
+  Key agreement protocol for securely deriving shared keys over an insecure channel.  
+  [Elliptic-Curve Diffie–Hellman - Wikipedia](https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%E2%80%93Hellman)
+
+- **ChaCha20-Poly1305**  
+  Authenticated encryption algorithm combining confidentiality and integrity protection.  
+  [ChaCha20-Poly1305 - Wikipedia](https://en.wikipedia.org/wiki/ChaCha20-Poly1305)
