zecfoundation
/
reddsa
mirror of https://github.com/ZcashFoundation/reddsa.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
reddsa/tests/frost.rs

63 lines
2.5 KiB
Rust
Raw Normal View History

Frost keygen with dealer (#47) Implements FROST (Flexible Round Optimized Schnorr Threshold Signatures, https://eprint.iacr.org/2020/852) where key generation is performed by a trusted dealer. Future work will include implementing distributed key generation and re-randomizability. Co-authored-by: Chelsea Komlo <me@chelseakomlo.com> Co-authored-by: Isis Lovecruft <isis@patternsinthevoid.net>
2021-02-25 08:06:54 -08:00
use rand::thread_rng;
use std::collections::HashMap;
Rename crate to reddsa
2021-03-01 06:38:25 -08:00
use reddsa::frost;
Frost keygen with dealer (#47) Implements FROST (Flexible Round Optimized Schnorr Threshold Signatures, https://eprint.iacr.org/2020/852) where key generation is performed by a trusted dealer. Future work will include implementing distributed key generation and re-randomizability. Co-authored-by: Chelsea Komlo <me@chelseakomlo.com> Co-authored-by: Isis Lovecruft <isis@patternsinthevoid.net>
2021-02-25 08:06:54 -08:00
#[test]
fn check_sign_with_dealer() {
let mut rng = thread_rng();
let numsigners = 5;
let threshold = 3;
let (shares, pubkeys) = frost::keygen_with_dealer(numsigners, threshold, &mut rng).unwrap();
Change the type of the identifiers from u8 to u64 (#110) * Change the type of the identifiers from u8 to u64 * add a TODO Co-authored-by: Marek <mail@marek.onl>
2021-05-28 05:06:51 -07:00
let mut nonces: HashMap<u64, Vec<frost::SigningNonces>> =
Frost keygen with dealer (#47) Implements FROST (Flexible Round Optimized Schnorr Threshold Signatures, https://eprint.iacr.org/2020/852) where key generation is performed by a trusted dealer. Future work will include implementing distributed key generation and re-randomizability. Co-authored-by: Chelsea Komlo <me@chelseakomlo.com> Co-authored-by: Isis Lovecruft <isis@patternsinthevoid.net>
2021-02-25 08:06:54 -08:00
HashMap::with_capacity(threshold as usize);
let mut commitments: Vec<frost::SigningCommitments> = Vec::with_capacity(threshold as usize);
// Round 1, generating nonces and signing commitments for each participant.
for participant_index in 1..(threshold + 1) {
// Generate one (1) nonce and one SigningCommitments instance for each
// participant, up to _threshold_.
Change the type of the identifiers from u8 to u64 (#110) * Change the type of the identifiers from u8 to u64 * add a TODO Co-authored-by: Marek <mail@marek.onl>
2021-05-28 05:06:51 -07:00
let (nonce, commitment) = frost::preprocess(1, participant_index as u64, &mut rng);
nonces.insert(participant_index as u64, nonce);
Frost keygen with dealer (#47) Implements FROST (Flexible Round Optimized Schnorr Threshold Signatures, https://eprint.iacr.org/2020/852) where key generation is performed by a trusted dealer. Future work will include implementing distributed key generation and re-randomizability. Co-authored-by: Chelsea Komlo <me@chelseakomlo.com> Co-authored-by: Isis Lovecruft <isis@patternsinthevoid.net>
2021-02-25 08:06:54 -08:00
commitments.push(commitment[0]);
}
// This is what the signature aggregator / coordinator needs to do:
// - decide what message to sign
// - take one (unused) commitment per signing participant
let mut signature_shares: Vec<frost::SignatureShare> = Vec::with_capacity(threshold as usize);
let message = "message to sign".as_bytes();
let signing_package = frost::SigningPackage {
Implement the messages spec (#114) * start messages and validation * add missing docs to constants * change validation to matches, fix constant doc Co-authored-by: teor <teor@riseup.net> * fix the build * validate share_commitment * add new constants and validations * fix validation * derive serde Serialize and Deserialize in all messages structs * update created structs Co-authored-by: teor <teor@riseup.net> * fix build * define and use a new MAX_SIGNERS constant * change group_public type * add some test cases * add validation and serialization tests for SigningCommitments * add validation and serialization test to SigningPackage * change some fields order matching the spec * fix field order in tests according to last updates to the spec * implement serialize and deserialize for ParticipantId * move serde-json to dev-dependencies section * change to pub(crate) * fix serialize of VerificationKey * add assert to serialize * add note, fix typo * improve some code in tests * test serialization of individual fields * start messages and validation * add missing docs to constants * change validation to matches, fix constant doc Co-authored-by: teor <teor@riseup.net> * fix the build * validate share_commitment * add new constants and validations * fix validation * define and use a new MAX_SIGNERS constant * change group_public type * change some fields order matching the spec * change message fields to new spec * remove some non needed conversions * use a BTreeMap to guarantee the order * remove some calls to `clone()` by implementing `Copy` * change message type in frost and add validate_signatureshare test * change `share_commitment` to BTreeMap * add `serialize_signatureshare` test * add aggregatesignature tests * add some test header messages utility functions * add a setup utility * move the general serialization checks into an utility function * fi some typos * add and use a `generate_share_commitment` utility * add create_signing_commitments utility function * improve the serialization tests * make room for prop tests * add arbitrary tests for serialization * remove allow dead code from messages * fix some imports * make signature module public only to the crate * simplify a bit the frost tests * improve the generated docs * add a `prop_filter` to Header arbitrary * (ab)use proptest_derive * improve validation for Message * improve some utility functions * change frost to serialization id conversion * add a quick btreemap test * change the `MsgType` to `u32` * add no leftover bytes checks * add a full_setup utility * add map len checks Co-authored-by: teor <teor@riseup.net>
2021-06-16 12:13:23 -07:00
message: message.to_vec(),
Frost keygen with dealer (#47) Implements FROST (Flexible Round Optimized Schnorr Threshold Signatures, https://eprint.iacr.org/2020/852) where key generation is performed by a trusted dealer. Future work will include implementing distributed key generation and re-randomizability. Co-authored-by: Chelsea Komlo <me@chelseakomlo.com> Co-authored-by: Isis Lovecruft <isis@patternsinthevoid.net>
2021-02-25 08:06:54 -08:00
signing_commitments: commitments,
};
// Round 2: each participant generates their signature share
for (participant_index, nonce) in nonces {
let share_package = shares
.iter()
.find(|share| participant_index == share.index)
.unwrap();
Fix some FROST nits (#63) * Impl DefaultIsZeros for every type that uses jubjub::Fr/Scalar This requires Copy and Clone along with Default. If we do not want to include those, we can impl Zeroize and Drop directly. * Hash signature message with HStar before deriving the binding factor To avoid a collision, we should hash our input message, our 'standard' hash is HStar, which uses a domain separator already, and is the same one that generates the binding factor. * Add a comment about why we hash the signature message before generating the binding factor * Add comments on how we Zeroize * Consume nonces with sign() We want to make sure that the nonces we use when signing are Drop'd (and thus Zeroize'd) when they go out of scope, so we must move participant_nonces into sign()
2021-03-23 08:46:17 -07:00
let nonce_to_use = nonce[0];
Frost keygen with dealer (#47) Implements FROST (Flexible Round Optimized Schnorr Threshold Signatures, https://eprint.iacr.org/2020/852) where key generation is performed by a trusted dealer. Future work will include implementing distributed key generation and re-randomizability. Co-authored-by: Chelsea Komlo <me@chelseakomlo.com> Co-authored-by: Isis Lovecruft <isis@patternsinthevoid.net>
2021-02-25 08:06:54 -08:00
// Each participant generates their signature share.
Fix some FROST nits (#63) * Impl DefaultIsZeros for every type that uses jubjub::Fr/Scalar This requires Copy and Clone along with Default. If we do not want to include those, we can impl Zeroize and Drop directly. * Hash signature message with HStar before deriving the binding factor To avoid a collision, we should hash our input message, our 'standard' hash is HStar, which uses a domain separator already, and is the same one that generates the binding factor. * Add a comment about why we hash the signature message before generating the binding factor * Add comments on how we Zeroize * Consume nonces with sign() We want to make sure that the nonces we use when signing are Drop'd (and thus Zeroize'd) when they go out of scope, so we must move participant_nonces into sign()
2021-03-23 08:46:17 -07:00
let signature_share = frost::sign(&signing_package, nonce_to_use, share_package).unwrap();
Frost keygen with dealer (#47) Implements FROST (Flexible Round Optimized Schnorr Threshold Signatures, https://eprint.iacr.org/2020/852) where key generation is performed by a trusted dealer. Future work will include implementing distributed key generation and re-randomizability. Co-authored-by: Chelsea Komlo <me@chelseakomlo.com> Co-authored-by: Isis Lovecruft <isis@patternsinthevoid.net>
2021-02-25 08:06:54 -08:00
signature_shares.push(signature_share);
}
// The aggregator collects the signing shares from all participants and
// generates the final signature.
let group_signature_res = frost::aggregate(&signing_package, &signature_shares[..], &pubkeys);
assert!(group_signature_res.is_ok());
let group_signature = group_signature_res.unwrap();
// Check that the threshold signature can be verified by the group public
// key (aka verification key).
assert!(pubkeys
.group_public
.verify(&message, &group_signature)
.is_ok());
// TODO: also check that the SharePackage.group_public also verifies the group signature.
}