threshold-elgamal 1.0.0-beta.2 → 1.0.0-beta.3

package/README.md

@@ -29,6 +29,14 @@ self-contained library.
 
 This library is a hardened research prototype. It has not been audited.
 
+The current `1.x` scope is additive score voting with public rosters, private
+ballots, strict-majority threshold decryption, and locally verifiable per-option
+sum tallies that callers can interpret as arithmetic means. The current
+checkpointed DKG path is intended for small thesis-scale all-equal ceremonies.
+Treat `10` participants as the recommended default size for regression testing
+and mobile-first deployments today. Treat `50` all-equal participants as an
+experimental upper target, not the default operating point.
+
 Start with these guides:
 
 - [Get started](https://tenemo.github.io/threshold-elgamal/guides/getting-started/)
@@ -47,8 +55,8 @@ Start with these guides:
 
 - [Threshold sharing and decryption helpers](https://tenemo.github.io/threshold-elgamal/api/reference/threshold/) provide dealer-based Shamir sharing, verified decryption shares, and aggregate decryption support.
 - [Feldman and Pedersen VSS helpers](https://tenemo.github.io/threshold-elgamal/api/reference/vss/) cover verifiable secret sharing commitments and share checks.
-- [Typed protocol payloads, manifest handling, transcript hashing, and published tally verification](https://tenemo.github.io/threshold-elgamal/api/reference/protocol/) cover the library's signed ceremony and tally surface.
-- [Log-driven Joint-Feldman and GJKR reducers](https://tenemo.github.io/threshold-elgamal/api/reference/dkg/) provide the distributed key-generation state machines behind the threshold workflow.
+- [Typed protocol payloads, manifest handling, transcript hashing, and per-option published tally verification](https://tenemo.github.io/threshold-elgamal/api/reference/protocol/) cover the library's signed ceremony and tally surface.
+- [Log-driven Joint-Feldman and GJKR reducers](https://tenemo.github.io/threshold-elgamal/api/reference/dkg/) provide the distributed key-generation state machines behind the threshold workflow, including checkpointed phase closure and verifier-side `QUAL` reduction when setup participants drop out.
 
 ### Proofs, transport, and runtime
 
@@ -69,6 +77,12 @@ pnpm add threshold-elgamal
 - Browsers need native `bigint` together with Web Crypto (`crypto.subtle` and `crypto.getRandomValues`).
 - Node requires version `24.14.1` or newer with `globalThis.crypto`.
 
+## Performance model
+
+- Keep worker orchestration in the application. `threshold-elgamal` stays pure and importable inside a Web Worker, while the app decides pool size, chunking, and lifecycle.
+- The library now exposes a pluggable bigint backend through `setBigintMathBackend()` in `threshold-elgamal/core`. JavaScript remains the default backend. Optional WASM acceleration should be installed explicitly by the caller.
+- `minimumPublicationThreshold` is a publication privacy floor for tally release. It is not the DKG reconstruction threshold.
+
 ## Quickstart
 
 ```typescript
@@ -135,10 +149,10 @@ pnpm run ci
 
 ## DKG benchmark
 
-For the DKG benchmark sweep, run:
+For the recommended default regression benchmark, run:
 
 ```bash
-pnpm run bench:dkg -- --group=ffdhe3072 --transport=X25519 3,11,21,31,41,51
+pnpm run bench:dkg -- --group=ffdhe3072 --transport=X25519 --options=3 10
 ```
 
 Measurements were collected on this machine:
@@ -151,20 +165,19 @@ Results:
 
 - Group: `ffdhe3072`
 - Transport: `X25519`
-- Total elapsed time: `2 h 25 min 49.572 s`
-
-| Participants (`n`) | Threshold (`k`) | Transcript messages | Full voting flow   | Transcript verification | Total              |
-| ------------------ | --------------- | ------------------- | ------------------ | ----------------------- | ------------------ |
-| 3                  | 2               | 22                  | 21.322 s           | 729.839 ms              | 22.052 s           |
-| 11                 | 6               | 166                 | 2 min 6.564 s      | 8.222 s                 | 2 min 14.786 s     |
-| 21                 | 11              | 526                 | 8 min 2.140 s      | 29.292 s                | 8 min 31.432 s     |
-| 31                 | 16              | 1086                | 19 min 55.017 s    | 1 min 5.193 s           | 21 min 0.210 s     |
-| 41                 | 21              | 1846                | 39 min 54.015 s    | 1 min 46.184 s          | 41 min 40.199 s    |
-| 51                 | 26              | 2806                | 1 h 9 min 19.986 s | 2 min 40.902 s          | 1 h 12 min 0.888 s |
-
-The sweep scales superlinearly in both transcript volume and runtime, with the
-`n=51`, `k=26` case producing `2806` transcript messages and taking just over
-`72` minutes for a full run plus verification on this hardware.
+- Options: `3`
+- Participants: `10`
+- Threshold: `6`
+- Total elapsed time: `2 min 36.369 s`
+
+| Participants (`n`) | Threshold (`k`) | Options | Transcript messages | Full voting flow | Transcript verification | Total          |
+| ------------------ | --------------- | ------- | ------------------- | ---------------- | ----------------------- | -------------- |
+| 10                 | 6               | 3       | 155                 | 2 min 31.076 s   | 5.294 s                 | 2 min 36.369 s |
+
+The current DKG path is still all-to-all in the setup phase, so this benchmark
+is a readiness spot check for a recommended default size of `10` participants,
+not evidence that the symmetric all-equal flow is suitable for thousands of
+participants.
 
 ## License
 

package/dist/core/bigint.d.ts

@@ -1,3 +1,44 @@
+/** One base-exponent pair used by multi-exponentiation helpers. */
+export type MultiExponentiationTerm = {
+    readonly base: bigint;
+    readonly exponent: bigint;
+};
+/** Optional pluggable bigint backend used for modular exponentiation. */
+export type BigintMathBackend = {
+    readonly modPow?: (base: bigint, exponent: bigint, modulus: bigint) => bigint;
+};
+/**
+ * Installs an optional bigint backend for modular exponentiation.
+ *
+ * Passing `null` or `undefined` restores the built-in JavaScript backend.
+ *
+ * @param backend Optional custom bigint backend.
+ */
+export declare const setBigintMathBackend: (backend?: BigintMathBackend | null) => void;
+/** Returns the currently installed bigint backend. */
+export declare const getBigintMathBackend: () => BigintMathBackend;
+/** Restores the built-in JavaScript bigint backend. */
+export declare const resetBigintMathBackend: () => void;
+/**
+ * Computes `base^exponent mod modulus` using a fixed-base cache when the
+ * built-in JavaScript backend is active.
+ *
+ * The cache is bounded and intended for genuinely reused bases such as frozen
+ * generators. Variable bases should prefer `modPowP()`.
+ *
+ * @throws {@link InvalidScalarError} When `modulus` is not positive or
+ * `exponent` is negative.
+ */
+export declare const fixedBaseModPow: (base: bigint, exponent: bigint, modulus: bigint) => bigint;
+/**
+ * Computes `Π(base_i^exponent_i) mod modulus` with a shared JS bit walk.
+ *
+ * Custom backends fall back to repeated backend-backed exponentiations.
+ *
+ * @throws {@link InvalidScalarError} When `modulus` is not positive or any
+ * exponent is negative.
+ */
+export declare const multiExponentiate: (terms: readonly MultiExponentiationTerm[], modulus: bigint) => bigint;
 /**
  * Reduces a value into the canonical range `0..modulus-1`.
  *

package/dist/core/bigint.js

@@ -1,4 +1,7 @@
 import { InvalidScalarError } from './errors.js';
+const fixedBasePowerCache = new Map();
+const maxFixedBaseCacheEntries = 16;
+let currentBackend = Object.freeze({});
 const assertPositiveModulus = (modulus) => {
     if (modulus <= 0n) {
         throw new InvalidScalarError('Modulus must be positive');
@@ -30,7 +33,8 @@ const modInv = (value, modulus) => {
     }
     return normalize(x, modulus);
 };
-const modPow = (base, exponent, modulus) => {
+const bitLength = (value) => value === 0n ? 1 : value.toString(2).length;
+const jsModPow = (base, exponent, modulus) => {
     if (modulus === 1n) {
         return 0n;
     }
@@ -48,6 +52,129 @@ const modPow = (base, exponent, modulus) => {
     }
     return result;
 };
+const fixedBaseCacheKey = (base, modulus) => `${modulus.toString(16)}:${base.toString(16)}`;
+const ensureFixedBasePowers = (base, modulus, exponent) => {
+    const key = fixedBaseCacheKey(base, modulus);
+    const requiredLength = bitLength(exponent);
+    const existing = fixedBasePowerCache.get(key) ?? [base];
+    while (existing.length < requiredLength) {
+        const previous = existing[existing.length - 1];
+        existing.push(normalize(previous * previous, modulus));
+    }
+    fixedBasePowerCache.set(key, existing);
+    if (fixedBasePowerCache.size > maxFixedBaseCacheEntries) {
+        const oldestKey = fixedBasePowerCache.keys().next().value;
+        if (typeof oldestKey === 'string') {
+            fixedBasePowerCache.delete(oldestKey);
+        }
+    }
+    return existing;
+};
+const modPowWithBackend = (base, exponent, modulus) => normalize(currentBackend.modPow?.(base, exponent, modulus) ??
+    jsModPow(base, exponent, modulus), modulus);
+/**
+ * Installs an optional bigint backend for modular exponentiation.
+ *
+ * Passing `null` or `undefined` restores the built-in JavaScript backend.
+ *
+ * @param backend Optional custom bigint backend.
+ */
+export const setBigintMathBackend = (backend) => {
+    currentBackend = Object.freeze({
+        modPow: backend?.modPow,
+    });
+    fixedBasePowerCache.clear();
+};
+/** Returns the currently installed bigint backend. */
+export const getBigintMathBackend = () => currentBackend;
+/** Restores the built-in JavaScript bigint backend. */
+export const resetBigintMathBackend = () => {
+    setBigintMathBackend();
+};
+/**
+ * Computes `base^exponent mod modulus` using a fixed-base cache when the
+ * built-in JavaScript backend is active.
+ *
+ * The cache is bounded and intended for genuinely reused bases such as frozen
+ * generators. Variable bases should prefer `modPowP()`.
+ *
+ * @throws {@link InvalidScalarError} When `modulus` is not positive or
+ * `exponent` is negative.
+ */
+export const fixedBaseModPow = (base, exponent, modulus) => {
+    assertPositiveModulus(modulus);
+    if (exponent < 0n) {
+        throw new InvalidScalarError('Exponent must be non-negative');
+    }
+    if (currentBackend.modPow !== undefined) {
+        return modPowWithBackend(normalize(base, modulus), exponent, modulus);
+    }
+    if (modulus === 1n) {
+        return 0n;
+    }
+    if (exponent === 0n) {
+        return 1n;
+    }
+    const normalizedBase = normalize(base, modulus);
+    const powers = ensureFixedBasePowers(normalizedBase, modulus, exponent);
+    let result = 1n;
+    let currentExponent = exponent;
+    let bitIndex = 0;
+    while (currentExponent > 0n) {
+        if ((currentExponent & 1n) === 1n) {
+            result = normalize(result * powers[bitIndex], modulus);
+        }
+        currentExponent >>= 1n;
+        bitIndex += 1;
+    }
+    return result;
+};
+/**
+ * Computes `Π(base_i^exponent_i) mod modulus` with a shared JS bit walk.
+ *
+ * Custom backends fall back to repeated backend-backed exponentiations.
+ *
+ * @throws {@link InvalidScalarError} When `modulus` is not positive or any
+ * exponent is negative.
+ */
+export const multiExponentiate = (terms, modulus) => {
+    assertPositiveModulus(modulus);
+    const normalizedTerms = terms
+        .filter((term) => term.exponent !== 0n)
+        .map((term) => {
+        if (term.exponent < 0n) {
+            throw new InvalidScalarError('Exponent must be non-negative');
+        }
+        return {
+            base: normalize(term.base, modulus),
+            exponent: term.exponent,
+        };
+    });
+    if (normalizedTerms.length === 0) {
+        return 1n;
+    }
+    if (normalizedTerms.length === 1) {
+        return modPowWithBackend(normalizedTerms[0].base, normalizedTerms[0].exponent, modulus);
+    }
+    if (currentBackend.modPow !== undefined) {
+        return normalizedTerms.reduce((product, term) => normalize(product *
+            modPowWithBackend(term.base, term.exponent, modulus), modulus), 1n);
+    }
+    let result = 1n;
+    const maxBits = Math.max(...normalizedTerms.map((term) => bitLength(term.exponent)));
+    for (let bitIndex = maxBits - 1; bitIndex >= 0; bitIndex -= 1) {
+        result = normalize(result * result, modulus);
+        let factor = 1n;
+        const bit = BigInt(bitIndex);
+        for (const term of normalizedTerms) {
+            if (((term.exponent >> bit) & 1n) === 1n) {
+                factor = normalize(factor * term.base, modulus);
+            }
+        }
+        result = normalize(result * factor, modulus);
+    }
+    return result;
+};
 /**
  * Reduces a value into the canonical range `0..modulus-1`.
  *
@@ -100,5 +227,5 @@ export const modPowP = (base, exponent, p) => {
     if (exponent < 0n) {
         throw new InvalidScalarError('Exponent must be non-negative');
     }
-    return modPow(modP(base, p), exponent, p);
+    return modPowWithBackend(modP(base, p), exponent, p);
 };

package/dist/core/validation.d.ts

@@ -30,25 +30,25 @@ export declare const assertPlaintextAdditive: (value: bigint, bound: bigint, q:
  */
 export declare const assertThreshold: (threshold: number, participantCount: number) => void;
 /**
- * Derives the supported honest-majority threshold `ceil(n / 2)`.
+ * Derives the minimum strict-majority threshold `floor(n / 2) + 1`.
  *
  * @param participantCount Total participant count `n`.
- * @returns Supported reconstruction threshold `k`.
+ * @returns Minimum supported reconstruction threshold `k`.
  *
  * @throws {@link ThresholdViolationError} When `participantCount` is not a
  * positive integer.
  */
 export declare const majorityThreshold: (participantCount: number) => number;
 /**
- * Validates that the supplied threshold matches the supported honest-majority
- * threshold `ceil(n / 2)`.
+ * Validates that the supplied threshold satisfies the shipped strict-majority
+ * policy.
  *
  * @param threshold Claimed reconstruction threshold.
  * @param participantCount Total participant count `n`.
- * @returns The validated majority threshold.
+ * @returns The validated reconstruction threshold.
  *
- * @throws {@link ThresholdViolationError} When the threshold does not match the
- * supported honest-majority policy.
+ * @throws {@link ThresholdViolationError} When the threshold falls outside the
+ * supported strict-majority policy.
  */
 export declare const assertMajorityThreshold: (threshold: number, participantCount: number) => number;
 /**

package/dist/core/validation.js

@@ -47,10 +47,10 @@ export const assertThreshold = (threshold, participantCount) => {
     }
 };
 /**
- * Derives the supported honest-majority threshold `ceil(n / 2)`.
+ * Derives the minimum strict-majority threshold `floor(n / 2) + 1`.
  *
  * @param participantCount Total participant count `n`.
- * @returns Supported reconstruction threshold `k`.
+ * @returns Minimum supported reconstruction threshold `k`.
  *
  * @throws {@link ThresholdViolationError} When `participantCount` is not a
  * positive integer.
@@ -59,26 +59,30 @@ export const majorityThreshold = (participantCount) => {
     if (!Number.isInteger(participantCount) || participantCount < 1) {
         throw new ThresholdViolationError('Participant count must be a positive integer');
     }
-    return Math.ceil(participantCount / 2);
+    return Math.floor(participantCount / 2) + 1;
 };
 /**
- * Validates that the supplied threshold matches the supported honest-majority
- * threshold `ceil(n / 2)`.
+ * Validates that the supplied threshold satisfies the shipped strict-majority
+ * policy.
  *
  * @param threshold Claimed reconstruction threshold.
  * @param participantCount Total participant count `n`.
- * @returns The validated majority threshold.
+ * @returns The validated reconstruction threshold.
  *
- * @throws {@link ThresholdViolationError} When the threshold does not match the
- * supported honest-majority policy.
+ * @throws {@link ThresholdViolationError} When the threshold falls outside the
+ * supported strict-majority policy.
  */
 export const assertMajorityThreshold = (threshold, participantCount) => {
     assertThreshold(threshold, participantCount);
-    const expectedThreshold = majorityThreshold(participantCount);
-    if (threshold !== expectedThreshold) {
-        throw new ThresholdViolationError(`Supported distributed threshold must equal ceil(n / 2) = ${expectedThreshold} for n = ${participantCount}`);
+    if (participantCount < 3) {
+        throw new ThresholdViolationError('Distributed threshold workflows require at least three participants');
     }
-    return expectedThreshold;
+    const minimumThreshold = majorityThreshold(participantCount);
+    const maximumThreshold = participantCount - 1;
+    if (threshold < minimumThreshold || threshold > maximumThreshold) {
+        throw new ThresholdViolationError(`Supported distributed threshold must satisfy floor(n / 2) + 1 <= k <= n - 1 (minimum ${minimumThreshold}, maximum ${maximumThreshold} for n = ${participantCount})`);
+    }
+    return threshold;
 };
 /**
  * Validates a 1-based participant index without assuming a fixed participant

package/dist/dkg/checkpoints.d.ts

@@ -0,0 +1,21 @@
+import type { PhaseCheckpointPayload, SignedPayload } from '../protocol/types.js';
+import type { DKGProtocol } from './types.js';
+/** Finalized threshold-supported checkpoint for one DKG phase. */
+export type FinalizedPhaseCheckpoint = {
+    readonly payload: PhaseCheckpointPayload;
+    readonly signatures: readonly SignedPayload<PhaseCheckpointPayload>[];
+    readonly signers: readonly number[];
+};
+/** Returns `true` when the signed payload is a phase checkpoint. */
+export declare const isPhaseCheckpointPayload: (payload: SignedPayload) => payload is SignedPayload<PhaseCheckpointPayload>;
+/** Returns the required checkpoint phases for the selected DKG protocol. */
+export declare const requiredCheckpointPhases: (protocol: DKGProtocol) => readonly number[];
+/** Returns the last required checkpoint phase for the selected DKG protocol. */
+export declare const finalCheckpointPhase: (protocol: DKGProtocol) => number;
+/** Groups all checkpoint variants observed for one closed DKG phase. */
+export declare const collectCheckpointVariants: (transcript: readonly SignedPayload[], checkpointPhase: number) => readonly FinalizedPhaseCheckpoint[];
+/**
+ * Returns the unique threshold-supported checkpoint variant for one phase, or
+ * `null` when no unique threshold-supported checkpoint exists yet.
+ */
+export declare const resolveFinalizedPhaseCheckpoint: (transcript: readonly SignedPayload[], checkpointPhase: number, threshold: number) => FinalizedPhaseCheckpoint | null;

package/dist/dkg/checkpoints.js

@@ -0,0 +1,49 @@
+const checkpointKey = (payload) => JSON.stringify({
+    sessionId: payload.sessionId,
+    manifestHash: payload.manifestHash,
+    phase: payload.phase,
+    messageType: payload.messageType,
+    checkpointPhase: payload.checkpointPhase,
+    checkpointTranscriptHash: payload.checkpointTranscriptHash,
+    qualParticipantIndices: payload.qualParticipantIndices,
+});
+const compareNumbers = (left, right) => left - right;
+/** Returns `true` when the signed payload is a phase checkpoint. */
+export const isPhaseCheckpointPayload = (payload) => payload.payload.messageType === 'phase-checkpoint';
+/** Returns the required checkpoint phases for the selected DKG protocol. */
+export const requiredCheckpointPhases = (protocol) => (protocol === 'gjkr' ? [0, 1, 2, 3] : [0, 1, 2]);
+/** Returns the last required checkpoint phase for the selected DKG protocol. */
+export const finalCheckpointPhase = (protocol) => requiredCheckpointPhases(protocol)[requiredCheckpointPhases(protocol).length - 1] ?? 0;
+/** Groups all checkpoint variants observed for one closed DKG phase. */
+export const collectCheckpointVariants = (transcript, checkpointPhase) => {
+    const grouped = new Map();
+    for (const signedPayload of transcript) {
+        if (!isPhaseCheckpointPayload(signedPayload) ||
+            signedPayload.payload.checkpointPhase !== checkpointPhase) {
+            continue;
+        }
+        const key = checkpointKey(signedPayload.payload);
+        const existing = grouped.get(key) ??
+            new Map();
+        existing.set(signedPayload.payload.participantIndex, signedPayload);
+        grouped.set(key, existing);
+    }
+    return [...grouped.values()].map((signatureMap) => {
+        const signatures = [...signatureMap.values()];
+        return {
+            payload: signatures[0].payload,
+            signatures,
+            signers: signatures
+                .map((entry) => entry.payload.participantIndex)
+                .sort(compareNumbers),
+        };
+    });
+};
+/**
+ * Returns the unique threshold-supported checkpoint variant for one phase, or
+ * `null` when no unique threshold-supported checkpoint exists yet.
+ */
+export const resolveFinalizedPhaseCheckpoint = (transcript, checkpointPhase, threshold) => {
+    const supported = collectCheckpointVariants(transcript, checkpointPhase).filter((entry) => entry.signatures.length >= threshold);
+    return supported.length === 1 ? supported[0] : null;
+};

package/dist/dkg/complaints.d.ts

@@ -1,5 +1,7 @@
 import type { ComplaintPayload, ComplaintResolutionPayload, SignedPayload } from '../protocol/types.js';
 import type { DKGConfig, DKGError, DKGState, DKGTransition } from './types.js';
+/** Removes dealers targeted by unresolved complaints from an existing QUAL set. */
+export declare const reduceQualByComplaints: (qual: readonly number[], complaints: readonly ComplaintPayload[], complaintResolutions?: readonly ComplaintResolutionPayload[]) => readonly number[];
 /**
  * Computes QUAL from the frozen participant roster and accepted complaint set.
  *

package/dist/dkg/complaints.js

@@ -2,6 +2,22 @@ import { classifySlotConflict } from '../protocol/payloads.js';
 const allParticipants = (participantCount) => Array.from({ length: participantCount }, (_value, index) => index + 1);
 const complaintKey = (complainantIndex, dealerIndex, envelopeId) => `${complainantIndex}:${dealerIndex}:${envelopeId}`;
 const isParticipantIndexInRange = (index, participantCount) => Number.isInteger(index) && index >= 1 && index <= participantCount;
+/** Removes dealers targeted by unresolved complaints from an existing QUAL set. */
+export const reduceQualByComplaints = (qual, complaints, complaintResolutions = []) => {
+    const complaintKeys = new Set(complaints.map((complaint) => complaintKey(complaint.participantIndex, complaint.dealerIndex, complaint.envelopeId)));
+    const resolvedComplaints = new Set(complaintResolutions
+        .filter((resolution) => qual.includes(resolution.dealerIndex) &&
+        qual.includes(resolution.complainantIndex) &&
+        resolution.participantIndex === resolution.dealerIndex &&
+        complaintKeys.has(complaintKey(resolution.complainantIndex, resolution.dealerIndex, resolution.envelopeId)))
+        .map((resolution) => complaintKey(resolution.complainantIndex, resolution.dealerIndex, resolution.envelopeId)));
+    const disqualifiedDealers = new Set(complaints
+        .filter((complaint) => qual.includes(complaint.participantIndex) &&
+        qual.includes(complaint.dealerIndex) &&
+        !resolvedComplaints.has(complaintKey(complaint.participantIndex, complaint.dealerIndex, complaint.envelopeId)))
+        .map((complaint) => complaint.dealerIndex));
+    return qual.filter((index) => !disqualifiedDealers.has(index));
+};
 /**
  * Computes QUAL from the frozen participant roster and accepted complaint set.
  *
@@ -16,17 +32,7 @@ const isParticipantIndexInRange = (index, participantCount) => Number.isInteger(
  * @returns Sorted QUAL participant indices.
  */
 export const computeQual = (participantCount, complaints, complaintResolutions = []) => {
-    const complaintKeys = new Set(complaints.map((complaint) => complaintKey(complaint.participantIndex, complaint.dealerIndex, complaint.envelopeId)));
-    const resolvedComplaints = new Set(complaintResolutions
-        .filter((resolution) => resolution.participantIndex === resolution.dealerIndex &&
-        isParticipantIndexInRange(resolution.dealerIndex, participantCount) &&
-        isParticipantIndexInRange(resolution.complainantIndex, participantCount) &&
-        complaintKeys.has(complaintKey(resolution.complainantIndex, resolution.dealerIndex, resolution.envelopeId)))
-        .map((resolution) => complaintKey(resolution.complainantIndex, resolution.dealerIndex, resolution.envelopeId)));
-    const disqualifiedDealers = new Set(complaints
-        .filter((complaint) => !resolvedComplaints.has(complaintKey(complaint.participantIndex, complaint.dealerIndex, complaint.envelopeId)))
-        .map((complaint) => complaint.dealerIndex));
-    return allParticipants(participantCount).filter((index) => !disqualifiedDealers.has(index));
+    return reduceQualByComplaints(allParticipants(participantCount).filter((index) => isParticipantIndexInRange(index, participantCount)), complaints, complaintResolutions);
 };
 /**
  * Creates the initial empty DKG reducer state.

package/dist/dkg/gjkr.d.ts

@@ -1,12 +1,12 @@
 import type { SignedPayload } from '../protocol/types.js';
-import type { DKGState, DKGTransition, MajorityDKGConfigInput } from './types.js';
+import type { DKGConfigInput, DKGState, DKGTransition } from './types.js';
 /**
  * Creates an empty GJKR state.
  *
  * @param config DKG configuration.
  * @returns Initial GJKR state.
  */
-export declare const createGjkrState: (config: MajorityDKGConfigInput) => DKGState;
+export declare const createGjkrState: (config: DKGConfigInput) => DKGState;
 /**
  * Processes one signed payload through the GJKR log reducer.
  *
@@ -22,4 +22,4 @@ export declare const processGjkrPayload: (state: DKGState, signedPayload: Signed
  * @param transcript Signed transcript payloads.
  * @returns Final GJKR state after replay.
  */
-export declare const replayGjkrTranscript: (config: MajorityDKGConfigInput, transcript: readonly SignedPayload[]) => DKGState;
+export declare const replayGjkrTranscript: (config: DKGConfigInput, transcript: readonly SignedPayload[]) => DKGState;

package/dist/dkg/index.d.ts

@@ -1,4 +1,5 @@
 /** Public log-driven DKG reducer exports. */
+export * from './checkpoints.js';
 export * from './complaints.js';
 export * from './gjkr.js';
 export * from './joint-feldman.js';

package/dist/dkg/index.js

@@ -1,4 +1,5 @@
 /** Public log-driven DKG reducer exports. */
+export * from './checkpoints.js';
 export * from './complaints.js';
 export * from './gjkr.js';
 export * from './joint-feldman.js';

package/dist/dkg/joint-feldman.d.ts

@@ -1,12 +1,12 @@
 import type { SignedPayload } from '../protocol/types.js';
-import type { DKGState, DKGTransition, MajorityDKGConfigInput } from './types.js';
+import type { DKGConfigInput, DKGState, DKGTransition } from './types.js';
 /**
  * Creates an empty Joint-Feldman state.
  *
  * @param config DKG configuration.
  * @returns Initial Joint-Feldman state.
  */
-export declare const createJointFeldmanState: (config: MajorityDKGConfigInput) => DKGState;
+export declare const createJointFeldmanState: (config: DKGConfigInput) => DKGState;
 /**
  * Processes one signed payload through the Joint-Feldman log reducer.
  *
@@ -22,4 +22,4 @@ export declare const processJointFeldmanPayload: (state: DKGState, signedPayload
  * @param transcript Signed transcript payloads.
  * @returns Final Joint-Feldman state after replay.
  */
-export declare const replayJointFeldmanTranscript: (config: MajorityDKGConfigInput, transcript: readonly SignedPayload[]) => DKGState;
+export declare const replayJointFeldmanTranscript: (config: DKGConfigInput, transcript: readonly SignedPayload[]) => DKGState;

package/dist/dkg/majority-reducer.d.ts

@@ -1,4 +1,4 @@
 import type { SignedPayload } from '../protocol/types.js';
-import type { DKGProtocol, DKGState, DKGTransition, MajorityDKGConfigInput } from './types.js';
-export declare const createMajorityDkgState: (config: MajorityDKGConfigInput, protocol: DKGProtocol) => DKGState;
+import type { DKGProtocol, DKGState, DKGTransition, DKGConfigInput } from './types.js';
+export declare const createMajorityDkgState: (config: DKGConfigInput, protocol: DKGProtocol) => DKGState;
 export declare const processMajorityDkgPayload: (state: DKGState, signedPayload: SignedPayload) => DKGTransition;