Refresh DKG: serializing post-part2 SecretPackage fails with Invalid for this element to be the identity #918
Description
During share refresh, serializing the post-part2 SecretPackage (type borrowed from frost::keys::dkg::round2::SecretPackage) fails to serialize with Custom("Invalid for this element to be the identity."). This occurs because participants sample a polynomial with constant term 0 in refresh as a legitimate identity while the DKG borrowed type assumes an error.
Min function to reproduce:
fn main() {
let n: u16 = 2;
let t: u16 = 2;
let id1 = frost_ed25519::Identifier::try_from(1u16).expect("id1");
let id2 = frost_ed25519::Identifier::try_from(2u16).expect("id2");
// Round 1 for both participants
let (sec1_r1, _pub1_r1): (_, frost_ed25519::keys::dkg::round1::Package) =
frost_ed25519::keys::refresh::refresh_dkg_part1(id1, n, t, frost_ed25519::rand_core::OsRng).expect
("r1 p1");
let (_sec2_r1, pub2_r1): (_, frost_ed25519::keys::dkg::round1::Package) =
frost_ed25519::keys::refresh::refresh_dkg_part1(id2, n, t, frost_ed25519::rand_core::OsRng).expect("r1 p2");
// (Sanity) round-1 secret serializes fine:
let _bytes_ok = bincode::serialize(&sec1_r1).expect("round-1 secret should serialize");
// Each participant needs peers' R1 public packages; for p1 that’s just p2
let mut peers_for_p1: std::collections::BTreeMap<
frost_ed25519::Identifier,
frost_ed25519::keys::dkg::round1::Package
> = std::collections::BTreeMap::new();
peers_for_p1.insert(id2, pub2_r1.clone());
// Round 2 for participant 1
let (sec1_r2, _round2_plain_map) = frost_ed25519::keys::refresh::refresh_dkg_part2(
sec1_r1,
&peers_for_p1
).expect("r2 p1");
// ⬇️ This is the line that reproduces the error:
// "Invalid for this element to be the identity."
let _bytes_fail = bincode::serialize(&sec1_r2).unwrap();
}