This is an implementation of "Practical Threshold Signatures" by Victor Shoup. Protocol 1 is implemented.
Let l be the total number of players, t be the number of corrupted players, and k be the threshold. The idea of threshold signatures is that at least k players need to participate to form a valid signature.
Setup consists of a dealer generating l key shares from a key pair and "dealing" them to the players. In this implementation the dealer is trusted.
During the signing phase, at least k players use their key share and the message to generate a signature share. Finally, the k signature shares are combined to form a valid signature for the message.
The scheme requires p and q to be safe primes to provide robustness. That is, it is possible to validate (and reject) signature shares produced by malicious signers. RSA keys generated by the Go standard library are not guaranteed to be safe primes. In this case, the functions produces signature shares but they are not verifiable. To provide verifiability, use the GenerateKey function in this package, which produces a key pair composed of safe primes.
The Deal function opportunistically checks whether the RSA key is composed of safe primes, if so, the signature shares produced are verifiable.