The process of Shamir secret sharing degree reduction in multiplication gate is explained in the following link
Now, based on the secret sharing that done by a degree one polynomial, we must be able to reconstruct the secret, i.e. $10$, with each of the $2$ shares out of the $3$ shares $(3, 7, 0)$. Nevertheless, the reconstructed secret using $(3, 7)$ is correctly $10$, but reconstructed secret using $(3,0)$ is 9 and using $(7, 0)$ is $1$. Why is this so? Where is the mistake?
I think you misunderstand share reconstruction. A share $(a,b,c)$ in this context is a triple of values corresponding to polynomial evaluation, namely $(\sigma(1), \sigma(2),\sigma(3))$. The problem of share reconstruction is, using
to recover $\sigma(0)$. This can easily be done. Say we have $\sigma(i) = \sigma(0) + ai$ and $\sigma(j) = \sigma(0) + aj$. We can subtract these and "solve" for $a$ to get that $a = (i-j)^{-1}(\sigma(i)-\sigma(j))$, where $a^{-1}$ is the inverse modulo 11. Then, using this value of $a$, it is simple to recover $\sigma(0)$.
Note that the computed value of $a$ is the same in all 3 cases. When $(i,j) = (1,2)$, we have that
$$a = (1-2)^{-1}(3-7) = 4$$
when $(i,j) = (1,3)$ we have that
$$a = (1-3)^{-1}(3-0) = (-2)^{-1}3 = (-6)3\equiv -18\bmod 11 \equiv 4\bmod 11.$$
Similarly, when $(i,j) = (2,3)$, we have that
$$a = (2-3)^{-1}(7-0) = -7\equiv 4\bmod 11.$$
Next, for any index $i$, we have that $\sigma(0) = \sigma(i) - ai\bmod 11 \equiv \sigma(i) - 4i\bmod 11$. It is straightforward to check that for any pair $(i, \sigma(i))$, namely for $(1, 3)$, $(2,7)$, or $(3,0)$, one obtains $10\bmod 11$ (or $-1\bmod 11$ --- these are the same value).
That all being said, I do not find the explanation of degree reduction in the linked answer to be that clear personally. I have previously explained it here. Roughly, one achieves degree reduction by combining
If you are more comfortable with linear algebra, this gives a clear "geometric" picture of what is happening. Of course, this depends on your background.
