Once the result has been determined, all participants evaluate the hash of their preferred result, sign the hash and broadcast the hash and a signature over it in the group broadcast channel. Each participant collects the signatures matching their preferred result, stores them along with the signers' member indices.
If the signature of hash broadcasted off-chain is invalid, it should be rejected and not published to the chain in the next phase.
If multiple signatures from the same member on the same result are found, they should all be filtered-out so that none of them is published to the chain in the next phase.
If multiple signatures from the same member on different results are found, they should all be filtered-out so that none of them is published to the chain in the next phase.
When a participant becomes eligible to submit the result (with supporting
signatures) on-chain they submit if they have at least the honest majority
(marked as H - constant for the given group size) of signatures for that
result (including their own).
First player is always eligible to submit the result. Second player becomes
eligible after initial timeout (time necessary to perform DKG protocol plus step
time T_dkg + T_step) and remains eligible until the result is accepted by the
chain. In other words, Nth player becomes eligible to submit the result after
T_dkg + (N-1) * T_step and remains eligible until the result is accepted by
the chain. If first player is late and second player tries to submit,
whichever gets mined first wins and subsequent submissions are disregarded
immediately to avoid burdening the loser with excess gas fees.
When the result is submitted on-chain along with the signatures, the contract
checks that there are at least H signatures or more, and that each signature
is valid for the submitted result and the corresponding member ID. Submissions
containing multiple signatures on the same result from the same member are
rejected.
If the above checks pass, the result is considered canonical for the group. All other group members should abort publishing their results and no new result submissions will be accepted by the chain.
If the above checks do not pass, the result is rejected.