Unable to reconstruct not enough shares for polynomial reconstruction

tototianhao · May 24, 2025, 5:36pm

SDK Version:
“@web3auth/base”: “^9.3.0”,
“@web3auth/ethereum-mpc-provider”: “^9.3.0”,
“@web3auth/ethereum-provider”: “^9.3.0”,
“@web3auth/mpc-core-kit”: “^3.2.4”,
Platform: nodejs

        const coreKitInstance = new Web3AuthMPCCoreKit({
            web3AuthClientId: this.web3authConfig.clientId,
            web3AuthNetwork: this.web3authConfig.networkId,
            storage: {
                getItem: async (key: string) => "",
                setItem: async (key: string, value: string) => { return; },
            },
            manualSync: true,
            tssLib: this.getTssLib(),
            baseUrl: "http://localhost",
            uxMode: "nodejs",
        });
        await this.instance.loginWithJWT({
            verifier: this.web3authConfig.verifierId,
            verifierId: sub,
            idToken: token,
        });
        await this.instance.commitChanges()

All users can log in successfully, which means that there is no problem with JWT verifyer’s columns.

However: some accounts can execute commitChanges()

Some accounts cannot execute commitChanges()

It may have something to do with my concurrent batch generation of accounts

The error message of the user who cannot execute commitChanges() is:

sync metadata error CoreError: Unable to reconstruct not enough shares for polynomial reconstruction
    at CoreError.fromCode (/Users/toto/Project/new/block-chain-operation/node_modules/@tkey/core/dist/lib.cjs/errors.js:36:12)
    at CoreError.unableToReconstruct (/Users/toto/Project/new/block-chain-operation/node_modules/@tkey/core/dist/lib.cjs/errors.js:73:22)
    at TKeyTSS.getAllShareStoresForLatestPolynomial (/Users/toto/Project/new/block-chain-operation/node_modules/@tkey/core/dist/lib.cjs/core.js:1098:20)
    at TKeyTSS._syncShareMetadata (/Users/toto/Project/new/block-chain-operation/node_modules/@tkey/core/dist/lib.cjs/core.js:906:29)
    at Web3AuthMPCCoreKit.commitChanges (/Users/toto/Project/new/block-chain-operation/node_modules/@web3auth/mpc-core-kit/dist/lib.cjs/mpcCoreKit.js:827:23)
    at W3ASolanaClient.login (/Users/toto/Project/new/block-chain-operation/src/w3a/w3a-base.ts:102:29)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async generateW3aSolWallet (/Users/toto/Project/new/block-chain-operation/src/w3a/w3a-func.ts:24:13)
    at async BlockchainService.generateAllWallets (/Users/toto/Project/new/block-chain-operation/src/blockchain/blockchain.service.ts:36:32)
    at async /Users/toto/Project/new/block-chain-operation/node_modules/@nestjs/core/router/router-execution-context.js:46:28 {
  code: 1302
}
Attempt 1/1 failed: Unable to reconstruct not enough shares for polynomial reconstruction
Error processing wallet for user 1Jl3sunpb: HttpException: Failed to generate W3A Solana wallet for user 1Jl3sunpb after 1 attempts: No error occurred
    at generateW3aSolWallet (/Users/toto/Project/new/block-chain-operation/src/w3a/w3a-func.ts:39:11)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async BlockchainService.generateAllWallets (/Users/toto/Project/new/block-chain-operation/src/blockchain/blockchain.service.ts:36:32)
    at async /Users/toto/Project/new/block-chain-operation/node_modules/@nestjs/core/router/router-execution-context.js:46:28
    at async /Users/toto/Project/new/block-chain-operation/node_modules/@nestjs/core/router/router-proxy.js:9:17 {
  response: 'Failed to generate W3A Solana wallet for user 1Jl3sunpb after 1 attempts: No error occurred',
  status: 500,
  options: undefined
}

I’m trying to find the difference between the user who reported an error and the user who did not report an error
The user who found the error have the following information:

When executing to handleExistingUser
The result obtained by check that checkIfFactorKeyValid is factorKeyMetadata.message === “KEY_NOT_FOUND”
Therefore, the tssShareIndex and tssPubKey in the state are null

Please tell me how can I solve it, thank you very much, This has affected online users, thank you for your timely reply

w3abot · May 24, 2025, 5:37pm

Thank you for providing detailed information, Taylor! Here’s a summary of your issue for the support team:

Issue Summary

SDK Details:
- tKey JS SDK
- @web3auth/base v9.3.0
- @web3auth/ethereum-mpc-provider v9.3.0
- @web3auth/ethereum-provider v9.3.0
- @web3auth/mpc-core-kit v3.2.4
Platform: Node.js
Login Flow:
Using loginWithJWT with a custom verifier, followed by commitChanges().
Problem:
- All users can log in (JWT verifier works).
- Some accounts can execute commitChanges(), but others cannot.
- Error for failing users:
```
CoreError: Unable to reconstruct not enough shares for polynomial reconstruction
```
- Failing users:
  - checkIfFactorKeyValid returns factorKeyMetadata.message === "KEY_NOT_FOUND"
  - tssShareIndex and tssPubKey are null in state.
- You suspect this may relate to concurrent batch account generation.

Analysis & Suggestions

This error usually means that the tKey SDK cannot find enough key shares to reconstruct the private key. This can happen if:

The key shares were never generated or stored for these users.
There was an error during the initial key generation or share backup process.
Concurrency issues during batch account creation led to incomplete setup for some users.

Things to Check

Account Creation Flow
- Ensure that for each user, all required shares are generated and stored before proceeding.
- If you are running concurrent account generations, verify that there are no race conditions or failures in the process.
- Review logs during account creation for errors or incomplete steps.
Share Storage
- Confirm that shares are being backed up to the appropriate storage (e.g., metadata server, device, or cloud) for each user.
- If using custom authentication, ensure the verifierId and idToken are unique and correct for each user.
Factor Key Validity
- The "KEY_NOT_FOUND" message from checkIfFactorKeyValid suggests the factor key (share) was never stored or is missing.
- For affected users, try to trace their account creation and see if the factor key was ever created.
Concurrency Handling
- If generating accounts in parallel, consider adding locking or sequential processing to ensure each account is fully set up before moving to the next.

References

Next Steps / Questions

To help you further, could you please:

Confirm if the affected users’ accounts were created in a batch/concurrent process?
Share the code snippet for your account creation and share backup process (if possible)?
Let us know if you have any custom logic for share generation or backup.

Proposed Solution:

For affected users, you may need to re-initialize their accounts and ensure all shares are properly generated and stored.
For future account creation, add error handling and verification after each step to catch missing shares early.

Let us know if you need help with specific code or debugging steps!

Note: This response was generated by an AI bot and may require further verification. The Web3Auth support team has tracked this issue and will be responding as soon as possible.

Additionally, we would recommend you to join our biweekly Office Hours to get this resolved even faster. Web3Auth Developer Office Hours

tototianhao · May 26, 2025, 9:54am

Please help me solve it

cherngwoei · May 27, 2025, 1:50am

Hi,

From the error message and the platform, I would assume you are creating new account from the server.
Are you using the coreKitInstance as single instance ?
This might be an issue if you are trying to create multiple account using the same instances.
Could you try create new instaces for new accounts’ creation

Please do use same instance for the same account only

tototianhao · May 27, 2025, 3:54pm

Although I am using an instance, I actually created independent object for each user. Thank you for your reply.
However, what I urgently need to resolve now is how to handle users who have already encountered errors.

tototianhao · May 27, 2025, 5:44pm

If you have any suggestions, I would greatly appreciate it if you could let me know.
If this issue cannot be resolved, I can only address it by changing the token used to generate the wallet.
Users are about to kill me because they can’t generate wallets.