* clippy fixes; remove old FROST code
* add RedPallas ciphersuite and FROST support
* organized code
* simplified version
* remove randomized_frost; point to frost-randomized crate
* move rerandomized test to frost-rerandomized; clean up dependencies; add 'frost' feature
* remove stale comment
* add Jubjub support
* add torsion and identity checks where needed; tests
* Apply suggestions from code review
Co-authored-by: Marek <mail@marek.onl>
* Apply suggestions from code review
Co-authored-by: Marek <mail@marek.onl>
* change Jubjub serialize() to use to_bytes(); add comment to Pallas serialize()
* update frost-rerandomized version
* unpin nightly Rust in coverage.yaml
* fix conditional hex dependency
* move FROST code inside frost folder
* Apply suggestions from code review
Co-authored-by: Marek <mail@marek.onl>
---------
Co-authored-by: Marek <mail@marek.onl>
Co-authored-by: Deirdre Connolly <deirdre@zfnd.org>
The prior `SpendAuth` and `Binding` enums have been renamed to
`sapling::{SpendAuth, Binding}`. These might subsequently be removed
from the crate entirely (moving into a wrapping `redjubjub` crate).
The code assumes that scalar and point representations are [u8; 32],
which will be the case for all curves we instantiate RedDSA with for
Zcash.
Implements FROST (Flexible Round Optimized Schnorr Threshold Signatures, https://eprint.iacr.org/2020/852) where key generation is performed by a trusted dealer.
Future work will include implementing distributed key generation and re-randomizability.
Co-authored-by: Chelsea Komlo <me@chelseakomlo.com>
Co-authored-by: Isis Lovecruft <isis@patternsinthevoid.net>
* Pulls in some traits and methods from curve25519-dalek around the
vartime multiscalar multiplication.
* Move scalar mul things we want to upstream to jubjub to their own crate
* Make Verify agnostic to the SigType
Co-authored-by: Henry de Valence <hdevalence@hdevalence.ca>
Co-authored-by: Jane Lusby <jlusby42@gmail.com>