Go to file
Conrado Gouvea a8c8b6d197
clippy fixes (#889)
2025-04-24 10:11:14 +00:00
.github chore(ci): update some github action dependencies (#873) 2025-02-17 13:49:09 +00:00
book docs: add warning about encrypted channel for DKG (#888) 2025-04-14 10:36:59 +00:00
frost-core clippy fixes (#889) 2025-04-24 10:11:14 +00:00
frost-ed448 Add tests for all test vectors in DKG (#875) 2025-04-11 15:23:03 +00:00
frost-ed25519 Add tests for all test vectors in DKG (#875) 2025-04-11 15:23:03 +00:00
frost-p256 feat(frost-core): add (de)serialization for `VerifiableSecretSharingSharingSharingCommitment` (#878) 2025-02-24 13:57:22 +00:00
frost-rerandomized chore(deps): improve organization of workspace (root Cargo.toml) (#874) 2025-02-17 14:10:41 +00:00
frost-ristretto255 feat(frost-core): add (de)serialization for `VerifiableSecretSharingSharingSharingCommitment` (#878) 2025-02-24 13:57:22 +00:00
frost-secp256k1 feat(frost-core): add (de)serialization for `VerifiableSecretSharingSharingSharingCommitment` (#878) 2025-02-24 13:57:22 +00:00
frost-secp256k1-tr Add tests for all test vectors in DKG (#875) 2025-04-11 15:23:03 +00:00
gencode chore(deps): improve organization of workspace (root Cargo.toml) (#874) 2025-02-17 14:10:41 +00:00
.gitignore
.mergify.yml ci(mergify): upgrade configuration to current format (#794) 2024-12-10 13:55:37 +00:00
Cargo.toml chore(deps): improve organization of workspace (root Cargo.toml) (#874) 2025-02-17 14:10:41 +00:00
LICENCE
LICENCE.MIT
LICENSE.Apache-2.0
README.md docs: add secp256k1-tr to changelog and book (#776) 2024-11-19 13:20:35 +00:00
codecov.yml
performance.md
plot.py
times-by-ciphersuite-and-function-10.png
times-by-ciphersuite-and-function-100.png
times-by-ciphersuite-and-function-1000.png
times-by-size-and-function-ristretto255-aggregated.png
times-by-size-and-function-ristretto255-all-shares.png
verify-aggregated-vs-all-shares-10.png
verify-aggregated-vs-all-shares-100.png
verify-aggregated-vs-all-shares-1000.png
zcash-frost-audit-report-20210323.pdf

README.md

ZF FROST (Flexible Round-Optimised Schnorr Threshold signatures)

CI

Crate Crates.io Documentation
Generic FROST implementation [frost-core] crates.io Documentation
Ristretto255 ciphersuite [frost-ristretto255] crates.io Documentation
Ed25519 ciphersuite [frost-ed25519] crates.io Documentation
Ed448 ciphersuite [frost-ed448] crates.io Documentation
P-256 ciphersuite [frost-p256] crates.io Documentation
secp256k1 ciphersuite [frost-secp256k1] crates.io Documentation
secp256k1 ciphersuite (Taproot) [frost-secp256k1-tr] crates.io Documentation
Generic Re-randomized FROST [frost-rerandomized] crates.io Documentation

Rust implementations of 'Two-Round Threshold Schnorr Signatures with FROST'.

Unlike signatures in a single-party setting, threshold signatures require cooperation among a threshold number of signers, each holding a share of a common private key. The security of threshold schemes in general assume that an adversary can corrupt strictly fewer than a threshold number of participants.

'Two-Round Threshold Schnorr Signatures with FROST' presents a variant of a Flexible Round-Optimized Schnorr Threshold (FROST) signature scheme originally defined in FROST20. FROST reduces network overhead during threshold signing operations while employing a novel technique to protect against forgery attacks applicable to prior Schnorr-based threshold signature constructions.

Besides FROST itself, this repository also provides:

Getting Started

Refer to the ZF FROST book.

Status ⚠

The FROST specification is not yet finalized, though no significant changes are expected at this point. This code base has been partially audited by NCC, see below for details. The APIs and types in the crates contained in this repository follow SemVer guarantees.

NCC Audit

NCC performed an audit of the v0.6.0 release (corresponding to commit 5fa17ed) of the following crates:

  • frost-core
  • frost-ed25519
  • frost-ed448
  • frost-p256
  • frost-secp256k1
  • frost-ristretto255

This includes key generation (both trusted dealer and DKG) and FROST signing. This does not include frost-secp256k1-tr and rerandomized FROST.

The parts of the Ed448-Goldilocks dependency that are used by frost-ed448 were also in scope, namely the elliptic curve operations.

All issues identified in the audit were addressed by us and reviewed by NCC.

Usage

frost-core implements the base traits and types in a generic manner, to enable top-level implementations for different ciphersuites / curves without having to implement all of FROST from scratch. End-users should not use frost-core if they want to sign and verify signatures, they should use the crate specific to their ciphersuite/curve parameters that uses frost-core as a dependency.