ZIP 312: Initial draft of key generation

zips/zip-0312.rst

@@ -142,10 +142,26 @@ Key Generation
 --------------
 
 While key generation is out of scope for this ZIP and the FROST spec [#FROST]_,
-it needs to be consistent with FROST, see [#frost-tdkg]_ for guidance. The spend
-authorization private key :math:`\mathsf{ask}` [#protocol-spendauthsig]_ is the
-particular key that must be used in the context of this ZIP. Note that the
-:math:`\mathsf{ask}` is usually derived from the spending key
+it needs to be consistent with FROST; see [#frost-tdkg]_ for general guidance.
+
+To define a spending or viewing key that uses FROST, the Sapling and Orchard key
+trees [#protocol-saplingkeycomponents]_ [#protocol-orchardkeycomponents]_ are
+adjusted as follows:
+
+- The Spend validating key :math:`\mathsf{ak}` is replaced by the FROST group
+  public key `PK` [#frost-protocol]_.
+- The Spend authorizing key :math:`\mathsf{ask}` is replaced by the logical
+  signing key that corresponds to the group public key `PK`. By design, this
+  key never exists, and instead is represented by each participant's FROST
+  signing key share `sk_i`.
+
+The remaining parts of the Sapling and Orchard key trees are generated from
+a common... (TODO: Finish specifying how the other common parts of the
+Sapling and Orchard key trees are derived for participants, perhaps in terms
+of a common `sk` or a common HD path.)
+
+(Old remaining content below, which might change after the above TODO.)
+Note that the :math:`\mathsf{ask}` is usually derived from the spending key
 :math:`\mathsf{sk}`, though that is not required. Not doing so allows using
 distributed key generation, since the key it generates is unpredictable. Note
 however that not deriving :math:`\mathsf{ask}` from :math:`\mathsf{sk}` prevents