From a45ae47c393425c9886d7f61c2d2d1394a8ac3c7 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Tue, 23 Jul 2024 22:26:39 +0000 Subject: [PATCH] ZIP 312: Initial draft of key generation --- zips/zip-0312.rst | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/zips/zip-0312.rst b/zips/zip-0312.rst index 0033cba5..faff88cf 100644 --- a/zips/zip-0312.rst +++ b/zips/zip-0312.rst @@ -142,10 +142,26 @@ Key Generation -------------- While key generation is out of scope for this ZIP and the FROST spec [#FROST]_, -it needs to be consistent with FROST, see [#frost-tdkg]_ for guidance. The spend -authorization private key :math:`\mathsf{ask}` [#protocol-spendauthsig]_ is the -particular key that must be used in the context of this ZIP. Note that the -:math:`\mathsf{ask}` is usually derived from the spending key +it needs to be consistent with FROST; see [#frost-tdkg]_ for general guidance. + +To define a spending or viewing key that uses FROST, the Sapling and Orchard key +trees [#protocol-saplingkeycomponents]_ [#protocol-orchardkeycomponents]_ are +adjusted as follows: + +- The Spend validating key :math:`\mathsf{ak}` is replaced by the FROST group + public key `PK` [#frost-protocol]_. +- The Spend authorizing key :math:`\mathsf{ask}` is replaced by the logical + signing key that corresponds to the group public key `PK`. By design, this + key never exists, and instead is represented by each participant's FROST + signing key share `sk_i`. + +The remaining parts of the Sapling and Orchard key trees are generated from +a common... (TODO: Finish specifying how the other common parts of the +Sapling and Orchard key trees are derived for participants, perhaps in terms +of a common `sk` or a common HD path.) + +(Old remaining content below, which might change after the above TODO.) +Note that the :math:`\mathsf{ask}` is usually derived from the spending key :math:`\mathsf{sk}`, though that is not required. Not doing so allows using distributed key generation, since the key it generates is unpredictable. Note however that not deriving :math:`\mathsf{ask}` from :math:`\mathsf{sk}` prevents