5035ad2002
|
||
|---|---|---|
| .github | ||
| book | ||
| frost-core | ||
| frost-ed448 | ||
| frost-ed25519 | ||
| frost-p256 | ||
| frost-rerandomized | ||
| frost-ristretto255 | ||
| frost-secp256k1 | ||
| gencode | ||
| .gitignore | ||
| .mergify.yml | ||
| Cargo.toml | ||
| LICENCE | ||
| LICENCE.MIT | ||
| LICENSE.Apache-2.0 | ||
| README.md | ||
| codecov.yml | ||
| performance.md | ||
| plot.py | ||
| times-by-ciphersuite-and-function-10.png | ||
| times-by-ciphersuite-and-function-100.png | ||
| times-by-ciphersuite-and-function-1000.png | ||
| times-by-size-and-function-ristretto255-aggregated.png | ||
| times-by-size-and-function-ristretto255-all-shares.png | ||
| verify-aggregated-vs-all-shares-10.png | ||
| verify-aggregated-vs-all-shares-100.png | ||
| verify-aggregated-vs-all-shares-1000.png | ||
| zcash-frost-audit-report-20210323.pdf | ||
README.md
ZF FROST (Flexible Round-Optimised Schnorr Threshold signatures)
| Crate | Crates.io | Documentation | |
|---|---|---|---|
| Generic FROST implementation | [frost-core] |
 |
 |
| Ristretto255 ciphersuite | [frost-ristretto255] |
 |
 |
| Ed25519 ciphersuite | [frost-ed25519] |
 |
 |
| Ed448 ciphersuite | [frost-ed448] |
 |
 |
| P-256 ciphersuite | [frost-p256] |
 |
 |
| secp256k1 ciphersuite | [frost-secp256k1] |
 |
 |
| Generic Re-randomized FROST | [frost-rerandomized] |
 |
 |
Rust implementations of 'Two-Round Threshold Schnorr Signatures with FROST'.
Unlike signatures in a single-party setting, threshold signatures require cooperation among a threshold number of signers, each holding a share of a common private key. The security of threshold schemes in general assume that an adversary can corrupt strictly fewer than a threshold number of participants.
'Two-Round Threshold Schnorr Signatures with FROST' presents a variant of a Flexible Round-Optimized Schnorr Threshold (FROST) signature scheme originally defined in FROST20. FROST reduces network overhead during threshold signing operations while employing a novel technique to protect against forgery attacks applicable to prior Schnorr-based threshold signature constructions.
Besides FROST itself, this repository also provides:
- Trusted dealer key generation as specified in the appendix of 'Two-Round Threshold Schnorr Signatures with FROST';
- Distributed key generation as specified in the original paper FROST20;
- Repairable Theshold Scheme (RTS) from 'A Survey and Refinement of Repairable Threshold Schemes' which allows a participant to recover a lost share with the help of a threshold of other participants;
- Rerandomized FROST (paper under review).
Getting Started
Refer to the ZF FROST book.
Status ⚠
The FROST specification is not yet finalized, though no significant changes are
expected at this point. This code base has been audited by NCC. The APIs and
types in frost-core are subject to change during the release candidate phase,
and will follow SemVer guarantees after 1.0.0.
Usage
frost-core implements the base traits and types in a generic manner, to enable top-level
implementations for different ciphersuites / curves without having to implement all of FROST from
scratch. End-users should not use frost-core if they want to sign and verify signatures, they
should use the crate specific to their ciphersuite/curve parameters that uses frost-core as a
dependency.