dedis
diff --git a/‎share/dkg/pedersen/dkg.go
+6-10 b/‎share/dkg/pedersen/dkg.go
+6-10
diff --git a/‎share/dkg/pedersen/dkg_test.go
+12-12 b/‎share/dkg/pedersen/dkg_test.go
+12-12
diff --git a/‎share/vss/pedersen/vss.go
+43-36 b/‎share/vss/pedersen/vss.go
+43-36
@@ -139,10 +139,7 @@ func NewDistKeyHandler(c *Config) (*DistKeyGenerator, error) {
 		return nil, errors.New("dkg: can't run with empty node list")
 	}
 
-	var isResharing bool
-	if c.Share != nil || c.PublicCoeffs != nil {
-		isResharing = true
-	}
+	isResharing := c.Share != nil || c.PublicCoeffs != nil
 	if isResharing {
 		if len(c.OldNodes) == 0 {
 			return nil, errors.New("dkg: resharing config needs old nodes list")
@@ -153,7 +150,7 @@ func NewDistKeyHandler(c *Config) (*DistKeyGenerator, error) {
 	}
 	// canReceive is true by default since in the default DKG mode everyone
 	// participates
-	var canReceive = true
+	var canReceive, canIssue = true, false
 	pub := c.Suite.Point().Mul(c.Longterm, nil)
 	oidx, oldPresent := findPub(c.OldNodes, pub)
 	nidx, newPresent := findPub(c.NewNodes, pub)
@@ -170,7 +167,6 @@ func NewDistKeyHandler(c *Config) (*DistKeyGenerator, error) {
 
 	var dealer *vss.Dealer
 	var err error
-	var canIssue bool
 	if c.Share != nil {
 		// resharing case
 		secretCoeff := c.Share.Share.V
@@ -306,7 +302,7 @@ func (d *DistKeyGenerator) Deals() (map[int]*Deal, error) {
 			d.processed = true
 			if resp, err := d.ProcessDeal(distd); err != nil {
 				panic("dkg: cannot process own deal: " + err.Error())
-			} else if resp.Response.Status != vss.StatusApproval {
+			} else if resp.Response.StatusApproved != vss.StatusApproval {
 				panic("dkg: own deal gave a complaint")
 			}
 			continue
@@ -365,7 +361,7 @@ func (d *DistKeyGenerator) ProcessDeal(dd *Deal) (*Response, error) {
 		// indicate to VSS that this dkg's new status is complaint for this
 		// deal
 		d.verifiers[uint32(dd.Index)].UnsafeSetResponseDKG(uint32(d.nidx), vss.StatusComplaint)
-		resp.Status = vss.StatusComplaint
+		resp.StatusApproved = vss.StatusComplaint
 		s, err := schnorr.Sign(d.suite, d.long, resp.Hash(d.suite))
 		if err != nil {
 			return nil, err
@@ -463,7 +459,7 @@ func (d *DistKeyGenerator) processResharingResponse(resp *Response) (*Justificat
 		return nil, err
 	}
 
-	if resp.Response.Status == vss.StatusApproval {
+	if resp.Response.StatusApproved == vss.StatusApproval {
 		//nolint:nilnil // status approved, no justification needed
 		return nil, nil
 	}
@@ -575,7 +571,7 @@ func (d *DistKeyGenerator) QualifiedShares() []int {
 		}
 		for holderIndex := range d.c.NewNodes {
 			resp, ok := responses[uint32(holderIndex)]
-			if ok && resp.Status == vss.StatusComplaint {
+			if ok && resp.StatusApproved == vss.StatusComplaint {
 				// 1. rule
 				invalidDeals[int(dealerIndex)] = true
 				break
 
@@ -108,7 +108,7 @@ func TestDKGProcessDeal(t *testing.T) {
 	// good deal
 	resp, err = rec.ProcessDeal(deal)
 	require.NotNil(t, resp)
-	require.Equal(t, vss.StatusApproval, resp.Response.Status)
+	require.Equal(t, vss.StatusApproval, resp.Response.StatusApproved)
 	require.Nil(t, err)
 	_, ok := rec.verifiers[deal.Index]
 	require.True(t, ok)
@@ -158,7 +158,7 @@ func TestDKGProcessResponse(t *testing.T) {
 	resp, err := rec.ProcessDeal(encD)
 	require.Nil(t, err)
 	require.NotNil(t, resp)
-	require.Equal(t, vss.StatusComplaint, resp.Response.Status)
+	require.Equal(t, vss.StatusComplaint, resp.Response.StatusApproved)
 	deal.SecShare.V = goodSecret
 
 	// no verifier tied to Response
@@ -201,10 +201,10 @@ func TestDKGProcessResponse(t *testing.T) {
 	resp12, err := rec.ProcessDeal(deals2[idxRec])
 	require.NoError(t, err)
 	require.NotNil(t, resp)
-	require.Equal(t, vss.StatusComplaint, resp12.Response.Status)
+	require.Equal(t, vss.StatusComplaint, resp12.Response.StatusApproved)
 	require.Equal(t, deals2[idxRec].Index, uint32(dkg2.nidx))
 	require.Equal(t, resp12.Index, uint32(dkg2.nidx))
-	require.Equal(t, vss.StatusComplaint, rec.verifiers[uint32(dkg2.oidx)].Responses()[uint32(rec.nidx)].Status)
+	require.Equal(t, vss.StatusComplaint, rec.verifiers[uint32(dkg2.oidx)].Responses()[uint32(rec.nidx)].StatusApproved)
 
 	deal21.SecShare.V = goodRnd21
 	deals2, err = dkg2.Deals()
@@ -229,7 +229,7 @@ func TestDKGProcessResponse(t *testing.T) {
 
 	// hack because all is local, and resp has been modified locally by dkg2's
 	// dealer, the status has became "justified"
-	resp12.Response.Status = vss.StatusComplaint
+	resp12.Response.StatusApproved = vss.StatusComplaint
 	err = dkg.ProcessJustification(j)
 	require.Nil(t, err)
 
@@ -326,7 +326,7 @@ func TestDKGResharingThreshold(t *testing.T) {
 				if dkg.newPresent && dkg.nidx == j {
 					resp, err := dkg.ProcessDeal(d)
 					require.Nil(t, err)
-					require.Equal(t, vss.StatusApproval, resp.Response.Status)
+					require.Equal(t, vss.StatusApproval, resp.Response.StatusApproved)
 					resps[i] = append(resps[i], resp)
 				}
 			}
@@ -447,7 +447,7 @@ func TestDKGThreshold(t *testing.T) {
 			}
 			resp, err := recipient.ProcessDeal(d)
 			require.Nil(t, err)
-			require.Equal(t, vss.StatusApproval, resp.Response.Status)
+			require.Equal(t, vss.StatusApproval, resp.Response.StatusApproved)
 			resps = append(resps, resp)
 		}
 	}
@@ -478,7 +478,7 @@ func TestDKGThreshold(t *testing.T) {
 		for i, v := range dkg.verifiers {
 			var app int
 			for _, r := range v.Responses() {
-				if r.Status == vss.StatusApproval {
+				if r.StatusApproved == vss.StatusApproval {
 					app++
 				}
 			}
@@ -585,7 +585,7 @@ func fullExchange(t *testing.T, dkgs []*DistKeyGenerator, checkQUAL bool) {
 		for i, d := range deals {
 			resp, err := dkgs[i].ProcessDeal(d)
 			require.Nil(t, err)
-			require.Equal(t, vss.StatusApproval, resp.Response.Status)
+			require.Equal(t, vss.StatusApproval, resp.Response.StatusApproved)
 			resps = append(resps, resp)
 		}
 	}
@@ -824,7 +824,7 @@ func TestDKGResharingNewNodesThreshold(t *testing.T) {
 			dkg := newDkgs[j]
 			resp, err := dkg.ProcessDeal(d)
 			require.Nil(t, err)
-			require.Equal(t, vss.StatusApproval, resp.Response.Status)
+			require.Equal(t, vss.StatusApproval, resp.Response.StatusApproved)
 			resps[i] = append(resps[i], resp)
 		}
 	}
@@ -1030,7 +1030,7 @@ func TestDKGResharingNewNodes(t *testing.T) {
 			dkg := newDkgs[dest]
 			resp, err := dkg.ProcessDeal(d)
 			require.NoError(t, err)
-			require.Equal(t, vss.StatusApproval, resp.Response.Status)
+			require.Equal(t, vss.StatusApproval, resp.Response.StatusApproved)
 			resps[i] = append(resps[i], resp)
 		}
 	}
@@ -1217,7 +1217,7 @@ func TestDKGResharingPartialNewNodes(t *testing.T) {
 			dkg := newDkgs[j]
 			resp, err := dkg.ProcessDeal(d)
 			require.Nil(t, err)
-			require.Equal(t, vss.StatusApproval, resp.Response.Status)
+			require.Equal(t, vss.StatusApproval, resp.Response.StatusApproved)
 			resps[i] = append(resps[i], resp)
 		}
 	}
 
@@ -6,7 +6,6 @@ package vss
 
 import (
 	"bytes"
-	"crypto/cipher"
 	"encoding/binary"
 	"errors"
 	"fmt"
@@ -29,8 +28,7 @@ type Suite interface {
 // Dealer encapsulates for creating and distributing the shares and for
 // replying to any Responses.
 type Dealer struct {
-	suite  Suite
-	reader cipher.Stream
+	suite Suite
 	// long is the longterm key of the Dealer
 	long          kyber.Scalar
 	pub           kyber.Point
@@ -83,7 +81,7 @@ type Response struct {
 	// Index of the verifier issuing this Response from the new set of nodes
 	Index uint32
 	// false = NO APPROVAL == Complaint , true = APPROVAL
-	Status bool
+	StatusApproved bool
 	// Signature over the whole packet
 	Signature []byte
 }
@@ -115,7 +113,7 @@ type Justification struct {
 // does not have to be trusted by other Verifiers. The security parameter t is
 // the number of shares required to reconstruct the secret. MinimumT() provides
 // a middle ground between robustness and secrecy. Increasing t will increase
-// the secrecy at the cost of the decreased robustness and vice versa. It 
+// the secrecy at the cost of the decreased robustness and vice versa. It
 // returns an error if the t is inferior or equal to 2.
 func NewDealer(suite Suite, longterm, secret kyber.Scalar, verifiers []kyber.Point, t int) (*Dealer, error) {
 	d := &Dealer{
@@ -227,14 +225,15 @@ func (d *Dealer) EncryptedDeals() ([]*EncryptedDeal, error) {
 }
 
 // ProcessResponse analyzes the given Response. If it's a valid complaint, then
-// it returns a Justification. This Justification must be broadcasted to every
-// participants. If it's an invalid complaint, it returns an error about the
+// it returns a Justification. This Justification must be broadcast to every
+// participant. If it's an invalid complaint, it returns an error about the
 // complaint. The verifiers will also ignore an invalid Complaint.
 func (d *Dealer) ProcessResponse(r *Response) (*Justification, error) {
 	if err := d.verifyResponse(r); err != nil {
 		return nil, err
 	}
-	if r.Status == StatusApproval {
+	if r.StatusApproved {
+		//nolint:nilnil // Expected behavior
 		return nil, nil
 	}
 
@@ -370,12 +369,12 @@ func (v *Verifier) ProcessEncryptedDeal(e *EncryptedDeal) (*Response, error) {
 	}
 
 	r := &Response{
-		SessionID: sid,
-		Index:     uint32(v.index),
-		Status:    StatusApproval,
+		SessionID:      sid,
+		Index:          uint32(v.index),
+		StatusApproved: StatusApproval,
 	}
 	if err = v.VerifyDeal(d, true); err != nil {
-		r.Status = StatusComplaint
+		r.StatusApproved = StatusComplaint
 	}
 
 	if errors.Is(err, errDealAlreadyProcessed) {
@@ -503,11 +502,12 @@ func (v *Verifier) SetTimeout() {
 // that works on basis of approval only.
 func (v *Verifier) UnsafeSetResponseDKG(idx uint32, approval bool) {
 	r := &Response{
-		SessionID: v.Aggregator.sid,
-		Index:     uint32(idx),
-		Status:    approval,
+		SessionID:      v.Aggregator.sid,
+		Index:          uint32(idx),
+		StatusApproved: approval,
 	}
 
+	//nolint:errcheck // Unsafe function
 	v.Aggregator.addResponse(r)
 }
 
@@ -527,7 +527,14 @@ type Aggregator struct {
 	timeout   bool
 }
 
-func newAggregator(suite Suite, dealer kyber.Point, verifiers, commitments []kyber.Point, t int, sid []byte) *Aggregator {
+func newAggregator(
+	suite Suite,
+	dealer kyber.Point,
+	verifiers,
+	commitments []kyber.Point,
+	t int,
+	sid []byte,
+) *Aggregator {
 	agg := &Aggregator{
 		suite:     suite,
 		dealer:    dealer,
@@ -636,7 +643,7 @@ func (a *Aggregator) verifyJustification(j *Justification) error {
 	if !ok {
 		return errors.New("vss: no complaints received for this justification")
 	}
-	if r.Status != StatusComplaint {
+	if r.StatusApproved {
 		return errors.New("vss: justification received for an approval")
 	}
 
@@ -645,7 +652,7 @@ func (a *Aggregator) verifyJustification(j *Justification) error {
 		a.badDealer = true
 		return err
 	}
-	r.Status = StatusApproval
+	r.StatusApproved = StatusApproval
 	return nil
 }
 
@@ -688,10 +695,10 @@ func (a *Aggregator) DealCertified() bool {
 	for i := range a.verifiers {
 		if r, ok := a.responses[uint32(i)]; !ok {
 			absentVerifiers++
-		} else if r.Status == StatusComplaint {
-			isComplaint = true
-		} else if r.Status == StatusApproval {
+		} else if r.StatusApproved {
 			approvals++
+		} else {
+			isComplaint = true
 		}
 	}
 	enoughApprovals := approvals >= a.t
@@ -727,15 +734,6 @@ func validT(t int, verifiers []kyber.Point) bool {
 	return t >= 2 && t <= len(verifiers) && int(uint32(t)) == t
 }
 
-func deriveH(suite Suite, verifiers []kyber.Point) kyber.Point {
-	var b bytes.Buffer
-	for _, v := range verifiers {
-		_, _ = v.MarshalTo(&b)
-	}
-	base := suite.Point().Pick(suite.XOF(b.Bytes()))
-	return base
-}
-
 func findPub(verifiers []kyber.Point, idx uint32) (kyber.Point, bool) {
 	iidx := int(idx)
 	if iidx >= len(verifiers) {
@@ -746,18 +744,27 @@ func findPub(verifiers []kyber.Point, idx uint32) (kyber.Point, bool) {
 
 func sessionID(suite Suite, dealer kyber.Point, verifiers, commitments []kyber.Point, t int) ([]byte, error) {
 	h := suite.Hash()
-	_, _ = dealer.MarshalTo(h)
+	_, err := dealer.MarshalTo(h)
+	if err != nil {
+		return nil, err
+	}
 
 	for _, v := range verifiers {
-		_, _ = v.MarshalTo(h)
+		_, err = v.MarshalTo(h)
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	for _, c := range commitments {
-		_, _ = c.MarshalTo(h)
+		_, err = c.MarshalTo(h)
+		if err != nil {
+			return nil, err
+		}
 	}
-	_ = binary.Write(h, binary.LittleEndian, uint32(t))
 
-	return h.Sum(nil), nil
+	err = binary.Write(h, binary.LittleEndian, uint32(t))
+	return h.Sum(nil), err
 }
 
 // Hash returns the Hash representation of the Response
@@ -766,7 +773,7 @@ func (r *Response) Hash(s Suite) []byte {
 	_, _ = h.Write([]byte("response"))
 	_, _ = h.Write(r.SessionID)
 	_ = binary.Write(h, binary.LittleEndian, r.Index)
-	_ = binary.Write(h, binary.LittleEndian, r.Status)
+	_ = binary.Write(h, binary.LittleEndian, r.StatusApproved)
 	return h.Sum(nil)
 }