2023-06-21 01:22:45 -07:00
# ZF FROST (Flexible Round-Optimised Schnorr Threshold signatures)
2022-04-08 08:02:49 -07:00
2023-10-10 07:24:23 -07:00
[](https://github.com/ZcashFoundation/frost/actions/workflows/main.yml)
| Crate | | Crates.io | Documentation |
| ---------------------------- | ---------------------- | ------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- |
| Generic FROST implementation | [`frost-core`] | [](https://crates.io/crates/frost-core) | [](https://docs.rs/frost-core) |
| Ristretto255 ciphersuite | [`frost-ristretto255`] | [](https://crates.io/crates/frost-ristretto255) | [](https://docs.rs/frost-ristretto255) |
| Ed25519 ciphersuite | [`frost-ed25519`] | [](https://crates.io/crates/frost-ed25519) | [](https://docs.rs/frost-ed25519) |
| Ed448 ciphersuite | [`frost-ed448`] | [](https://crates.io/crates/frost-ed448) | [](https://docs.rs/frost-ed448) |
| P-256 ciphersuite | [`frost-p256`] | [](https://crates.io/crates/frost-p256) | [](https://docs.rs/frost-p256) |
| secp256k1 ciphersuite | [`frost-secp256k1`] | [](https://crates.io/crates/frost-secp256k1) | [](https://docs.rs/frost-secp256k1) |
| Generic Re-randomized FROST | [`frost-rerandomized`] | [](https://crates.io/crates/frost-rerandomized) | [](https://docs.rs/frost-rerandomized) |
2022-04-08 08:02:49 -07:00
Rust implementations of ['Two-Round Threshold Schnorr Signatures with FROST' ](https://datatracker.ietf.org/doc/draft-irtf-cfrg-frost/ ).
Unlike signatures in a single-party setting, threshold signatures require cooperation among a
threshold number of signers, each holding a share of a common private key. The security of threshold
schemes in general assume that an adversary can corrupt strictly fewer than a threshold number of
participants.
['Two-Round Threshold Schnorr Signatures with
FROST'](https://datatracker.ietf.org/doc/draft-irtf-cfrg-frost/) presents a variant of a Flexible
Round-Optimized Schnorr Threshold (FROST) signature scheme originally defined in
[FROST20 ](https://eprint.iacr.org/2020/852.pdf ). FROST reduces network overhead during threshold
signing operations while employing a novel technique to protect against forgery attacks applicable
2023-10-10 07:24:23 -07:00
to prior Schnorr-based threshold signature constructions.
Besides FROST itself, this repository also provides:
- Trusted dealer key generation as specified in the appendix of ['Two-Round Threshold Schnorr Signatures with FROST' ](https://datatracker.ietf.org/doc/draft-irtf-cfrg-frost/ );
- Distributed key generation as specified in the original paper [FROST20 ](https://eprint.iacr.org/2020/852.pdf );
- Repairable Theshold Scheme (RTS) from ['A Survey and Refinement of Repairable Threshold Schemes' ](https://eprint.iacr.org/2017/1155 ) which allows a participant to recover a lost share with the help of a threshold of other participants;
- Rerandomized FROST (paper under review).
2022-04-08 08:02:49 -07:00
2023-06-21 01:22:45 -07:00
## Getting Started
Refer to the [ZF FROST book ](https://frost.zfnd.org/ ).
2022-04-08 08:02:49 -07:00
## Status ⚠
2023-10-10 07:24:23 -07:00
The FROST specification is not yet finalized, though no significant changes are
expected at this point. This code base has been audited by NCC. The APIs and
types in `frost-core` are subject to change during the release candidate phase,
and will follow SemVer guarantees after 1.0.0.
2022-04-08 08:02:49 -07:00
## Usage
`frost-core` implements the base traits and types in a generic manner, to enable top-level
implementations for different ciphersuites / curves without having to implement all of FROST from
scratch. End-users should not use `frost-core` if they want to sign and verify signatures, they
should use the crate specific to their ciphersuite/curve parameters that uses `frost-core` as a
dependency.
