Common use of P P Clause in Contracts

P P. Commitment. Assume that Pi is the first party who starts to run the protocol’s revealing phase, it implies that i received a valid ▇▇▇▇▇▇▇▇▇▇▇▇▇(▇▇, ▇, ▇) message from leader L. If another honest j received a valid CommitAggPvss(ID, hj, Σj) message from leader L, where hj = h, since a valid Σ contains 2f + 1 valid signatures for a same hash value from distinct parties, it induces that at least one honest party signed for both h and hj, which is impossible. Hence, when some honest party i starts to run the protocol’s revealing phase, the h from any valid ▇▇▇▇▇▇▇▇▇▇▇▇▇(▇▇, ▇, ▇) message is unique. Following the commitment of the PVSS scheme, there exists a fixed value seed corresponding to the pvss, where h = (pvss). Suppose that some honest party outputs seedj from the Seeding. By the code, it receives 2f + 1 SeedReady messages containing seedj. Then at least one honest party received 2f + 1 valid SeedEcho messages with the same seedj from distinct parties, which means that at least f + 1 honest parties received valid Seed(ID, h, Σ, seedj) message from the leader. From the previous analysis, no honest party will accept a seedj seed from PL or multicast it. Thus, seedj = seed. – Unpredictability. Prior to f +1 honest parties are activated to run the revealing phase of the Seeding protocol, the adversary can only collect at most 2f decryption shares for the committed pvss script. Trivially according to the Unpredictability of PVSS with weight tags, since the aggregated pvss has a weight with 2f +1 non-zero positions, it is infeasible for the adversary to compute a seed∗ = seed at the moment, where seed is the actual secret committed to the aggregated pvss script. The complexities can be easily seen as follows: The message complexity of Seeding is O(n2), which is due to each party sends n SeedEcho and SeedReady messages; considering that the input secret s and pvss both are O(λ) bits, and there are O(n) messages with O(λn) bits and O(n2) messages with O(λ) bits, thus the communication complexity of the protocol is of overall O(λn2) bits.