Reconstruct private key

[khaq]

Is there any example to reconstruct private key from each private keys or share keys?

[omershlo]

Hi @khaq ,
ideally we want to avoid reconstructing the key, because it misses the point of running threshold (distributed) signing.
It can be useful for recovery. I suggest you look in gotham-city where we describe theory and implement such recovery.
In the general threshold case we don't have such example (but intuitively it should work the same way)

[khaq]

Yes, I am looking for the solution for development verification and disaster recovery, not for normal use case. Let me check the gotham city code. I found the example for ecdsa here https://github.com/ZenGo-X/multi-party-ecdsa/blob/master/src/protocols/multi_party_ecdsa/gg_2020/orchestrate.rs#L819 but it may not work with eddsa. Thank you.

[lucky1024]

@omershlo In thresholdsig, I know the lefthalf of sha512(private key) can be reconstructed from shared keys. But, this is not a Ed25519 private key, can not be used in other Ed25519 library directly.

Is it possible to reconstruct the standard Ed25519 private key?