The key ceremony is carried out between \(n\) trustees and a single coordinator. Its purpose is to ensure that the
coordinator possesses an joint public key, and that each trustee
possesses: - a private key - all the trustees’ public keys - a set of
key shares that allow the trustee to, as a part of a group of at least
\(k\) trustees, to decrypt a missing trustee’s share of a message
encrypted with the aggregate public key.
key-generated message.key-generated messages are passed to the
coordinator. [2]all-keys-received message, [3]
which must be passed back to each trustee. [4]| [1] | KeyCeremony_Trustee_generate_key() |
| [2] | KeyCeremony_Coordinator_receive_key_generated() |
| [3] | KeyCeremony_Coordinator_all_keys_received() |
| [4] | KeyCeremony_Trustee_generate_shares() |
all-shares-received message, decrypts its shares of the other
trustees keys and verifies that they match the commitments in their
public keys, producing a shares-verified message. [9]shares-verified messages are passed to the coordinator. [10]joint public key. [11]| [9] | KeyCeremony_Trustee_verify_shares() |
| [10] | KeyCeremony_Coordinator_receive_shares_verified() |
| [11] | KeyCeremony_Coordinator_publish_joint_key() |