Change gencode to handle repairable module; fix build issues (#329)
* make gencode generate repairable.rs * fix build issues in ciphersuite-specific repairable.rs * copy repairable docs from frost-core into ciphersuites modules * use full ciphersuite name in repairable.rs to make gencode work
This commit is contained in:
parent
98836fad4d
commit
4a112230cb
|
@ -1,44 +1,55 @@
|
|||
/// Repairable Threshold Scheme
|
||||
|
||||
#![doc = include_str!("../../repairable.md")]
|
||||
//! Repairable Threshold Scheme
|
||||
//!
|
||||
//! Implements the Repairable Threshold Scheme (RTS) from <https://eprint.iacr.org/2017/1155>.
|
||||
//! The RTS is used to help a signer (participant) repair their lost share. This is achieved
|
||||
//! using a subset of the other signers know here as `helpers`.
|
||||
|
||||
use std::collections::HashMap;
|
||||
|
||||
use crate::{frost::Identifier, Ciphersuite, CryptoRng, Field, Group, RngCore, Scalar};
|
||||
// This is imported separately to make `gencode` work.
|
||||
// (if it were below, the position of the import would vary between ciphersuites
|
||||
// after `cargo fmt`)
|
||||
use crate::Ed25519Sha512;
|
||||
use crate::{frost, Ciphersuite, CryptoRng, Identifier, RngCore, Scalar};
|
||||
|
||||
use super::{SecretShare};
|
||||
use super::{SecretShare, VerifiableSecretSharingCommitment};
|
||||
|
||||
/// Generate random values for each helper - 1 for use in computing the value for the final helper
|
||||
|
||||
pub fn repair_share_step_1<R: RngCore + CryptoRng>(
|
||||
helpers: &[Identifier<C>],
|
||||
share_i: &SecretShare<C>,
|
||||
zeta_i: Scalar<C>,
|
||||
/// Step 1 of RTS.
|
||||
///
|
||||
/// Generates the "delta" values from `helper_i` to help `participant` recover their share
|
||||
/// where `helpers` contains the identifiers of all the helpers (including `helper_i`), and `share_i`
|
||||
/// is the share of `helper_i`.
|
||||
///
|
||||
/// Returns a HashMap mapping which value should be sent to which participant.
|
||||
pub fn repair_share_step_1<C: Ciphersuite, R: RngCore + CryptoRng>(
|
||||
helpers: &[Identifier],
|
||||
share_i: &SecretShare,
|
||||
rng: &mut R,
|
||||
) -> HashMap<Identifier<C>, Scalar<C>> {
|
||||
frost::keys::repairable::repair_share_step_1(identifier, max_signers, min_signers, &mut rng)
|
||||
participant: Identifier,
|
||||
) -> HashMap<Identifier, Scalar> {
|
||||
frost::keys::repairable::repair_share_step_1(helpers, share_i, rng, participant)
|
||||
}
|
||||
|
||||
/// # Communication round:
|
||||
/// # Helper i sends deltas_i[j] to helper j
|
||||
|
||||
/// # deltas_j: values received by j in the communication round
|
||||
/// # Output: sigma_j
|
||||
|
||||
pub fn repair_share_step_2<C: Ciphersuite>(deltas_j: &[Scalar<C>]) -> Scalar<C> {
|
||||
frost::keys::repairable::repair_share_step_2(deltas_j)
|
||||
/// Step 2 of RTS.
|
||||
///
|
||||
/// Generates the `sigma` values from all `deltas` received from `helpers`
|
||||
/// to help `participant` recover their share.
|
||||
/// `sigma` is the sum of all received `delta` and the `delta_i` generated for `helper_i`.
|
||||
///
|
||||
/// Returns a scalar
|
||||
pub fn repair_share_step_2(deltas_j: &[Scalar]) -> Scalar {
|
||||
frost::keys::repairable::repair_share_step_2::<Ed25519Sha512>(deltas_j)
|
||||
}
|
||||
|
||||
/// # Communication round
|
||||
/// # Helper j sends sigma_j to signer r
|
||||
|
||||
/// # sigmas: all sigma_j received from each helper j
|
||||
/// # Output: share_r: r's secret share
|
||||
|
||||
pub fn repair_share_step_3<C: Ciphersuite>(
|
||||
sigmas: &[Scalar<C>],
|
||||
identifier: Identifier<C>,
|
||||
commitment: &VerifiableSecretSharingCommitment<C>,
|
||||
) -> SecretShare<C> {
|
||||
frost::keys::repairable::repair_share(sigmas, identifier, commitment)
|
||||
/// Step 3 of RTS
|
||||
///
|
||||
/// The `participant` sums all `sigma_j` received to compute the `share`. The `SecretShare`
|
||||
/// is made up of the `identifier`and `commitment` of the `participant` as well as the
|
||||
/// `value` which is the `SigningShare`.
|
||||
pub fn repair_share_step_3(
|
||||
sigmas: &[Scalar],
|
||||
identifier: Identifier,
|
||||
commitment: &VerifiableSecretSharingCommitment,
|
||||
) -> SecretShare {
|
||||
frost::keys::repairable::repair_share_step_3(sigmas, identifier, commitment)
|
||||
}
|
||||
|
|
|
@ -241,7 +241,22 @@ pub mod keys {
|
|||
/// Used for verification purposes before publishing a signature.
|
||||
pub type PublicKeyPackage = frost::keys::PublicKeyPackage<E>;
|
||||
|
||||
/// Contains the commitments to the coefficients for our secret polynomial _f_,
|
||||
/// used to generate participants' key shares.
|
||||
///
|
||||
/// [`VerifiableSecretSharingCommitment`] contains a set of commitments to the coefficients (which
|
||||
/// themselves are scalars) for a secret polynomial f, where f is used to
|
||||
/// generate each ith participant's key share f(i). Participants use this set of
|
||||
/// commitments to perform verifiable secret sharing.
|
||||
///
|
||||
/// Note that participants MUST be assured that they have the *same*
|
||||
/// [`VerifiableSecretSharingCommitment`], either by performing pairwise comparison, or by using
|
||||
/// some agreed-upon public location for publication, where each participant can
|
||||
/// ensure that they received the correct (and same) value.
|
||||
pub type VerifiableSecretSharingCommitment = frost::keys::VerifiableSecretSharingCommitment<E>;
|
||||
|
||||
pub mod dkg;
|
||||
pub mod repairable;
|
||||
}
|
||||
|
||||
/// FROST(Ed25519, SHA-512) Round 1 functionality and types.
|
||||
|
|
|
@ -1,44 +1,55 @@
|
|||
/// Repairable Threshold Scheme
|
||||
|
||||
#![doc = include_str!("../../repairable.md")]
|
||||
//! Repairable Threshold Scheme
|
||||
//!
|
||||
//! Implements the Repairable Threshold Scheme (RTS) from <https://eprint.iacr.org/2017/1155>.
|
||||
//! The RTS is used to help a signer (participant) repair their lost share. This is achieved
|
||||
//! using a subset of the other signers know here as `helpers`.
|
||||
|
||||
use std::collections::HashMap;
|
||||
|
||||
use crate::{frost::Identifier, Ciphersuite, CryptoRng, Field, Group, RngCore, Scalar};
|
||||
// This is imported separately to make `gencode` work.
|
||||
// (if it were below, the position of the import would vary between ciphersuites
|
||||
// after `cargo fmt`)
|
||||
use crate::Ed448Shake256;
|
||||
use crate::{frost, Ciphersuite, CryptoRng, Identifier, RngCore, Scalar};
|
||||
|
||||
use super::{SecretShare};
|
||||
use super::{SecretShare, VerifiableSecretSharingCommitment};
|
||||
|
||||
/// Generate random values for each helper - 1 for use in computing the value for the final helper
|
||||
|
||||
pub fn repair_share_step_1<R: RngCore + CryptoRng>(
|
||||
helpers: &[Identifier<C>],
|
||||
share_i: &SecretShare<C>,
|
||||
zeta_i: Scalar<C>,
|
||||
/// Step 1 of RTS.
|
||||
///
|
||||
/// Generates the "delta" values from `helper_i` to help `participant` recover their share
|
||||
/// where `helpers` contains the identifiers of all the helpers (including `helper_i`), and `share_i`
|
||||
/// is the share of `helper_i`.
|
||||
///
|
||||
/// Returns a HashMap mapping which value should be sent to which participant.
|
||||
pub fn repair_share_step_1<C: Ciphersuite, R: RngCore + CryptoRng>(
|
||||
helpers: &[Identifier],
|
||||
share_i: &SecretShare,
|
||||
rng: &mut R,
|
||||
) -> HashMap<Identifier<C>, Scalar<C>> {
|
||||
frost::keys::repairable::repair_share_step_1(identifier, max_signers, min_signers, &mut rng)
|
||||
participant: Identifier,
|
||||
) -> HashMap<Identifier, Scalar> {
|
||||
frost::keys::repairable::repair_share_step_1(helpers, share_i, rng, participant)
|
||||
}
|
||||
|
||||
/// # Communication round:
|
||||
/// # Helper i sends deltas_i[j] to helper j
|
||||
|
||||
/// # deltas_j: values received by j in the communication round
|
||||
/// # Output: sigma_j
|
||||
|
||||
pub fn repair_share_step_2<C: Ciphersuite>(deltas_j: &[Scalar<C>]) -> Scalar<C> {
|
||||
frost::keys::repairable::repair_share_step_2(deltas_j)
|
||||
/// Step 2 of RTS.
|
||||
///
|
||||
/// Generates the `sigma` values from all `deltas` received from `helpers`
|
||||
/// to help `participant` recover their share.
|
||||
/// `sigma` is the sum of all received `delta` and the `delta_i` generated for `helper_i`.
|
||||
///
|
||||
/// Returns a scalar
|
||||
pub fn repair_share_step_2(deltas_j: &[Scalar]) -> Scalar {
|
||||
frost::keys::repairable::repair_share_step_2::<Ed448Shake256>(deltas_j)
|
||||
}
|
||||
|
||||
/// # Communication round
|
||||
/// # Helper j sends sigma_j to signer r
|
||||
|
||||
/// # sigmas: all sigma_j received from each helper j
|
||||
/// # Output: share_r: r's secret share
|
||||
|
||||
pub fn repair_share_step_3<C: Ciphersuite>(
|
||||
sigmas: &[Scalar<C>],
|
||||
identifier: Identifier<C>,
|
||||
commitment: &VerifiableSecretSharingCommitment<C>,
|
||||
) -> SecretShare<C> {
|
||||
frost::keys::repairable::repair_share(sigmas, identifier, commitment)
|
||||
/// Step 3 of RTS
|
||||
///
|
||||
/// The `participant` sums all `sigma_j` received to compute the `share`. The `SecretShare`
|
||||
/// is made up of the `identifier`and `commitment` of the `participant` as well as the
|
||||
/// `value` which is the `SigningShare`.
|
||||
pub fn repair_share_step_3(
|
||||
sigmas: &[Scalar],
|
||||
identifier: Identifier,
|
||||
commitment: &VerifiableSecretSharingCommitment,
|
||||
) -> SecretShare {
|
||||
frost::keys::repairable::repair_share_step_3(sigmas, identifier, commitment)
|
||||
}
|
||||
|
|
|
@ -235,7 +235,22 @@ pub mod keys {
|
|||
/// Used for verification purposes before publishing a signature.
|
||||
pub type PublicKeyPackage = frost::keys::PublicKeyPackage<E>;
|
||||
|
||||
/// Contains the commitments to the coefficients for our secret polynomial _f_,
|
||||
/// used to generate participants' key shares.
|
||||
///
|
||||
/// [`VerifiableSecretSharingCommitment`] contains a set of commitments to the coefficients (which
|
||||
/// themselves are scalars) for a secret polynomial f, where f is used to
|
||||
/// generate each ith participant's key share f(i). Participants use this set of
|
||||
/// commitments to perform verifiable secret sharing.
|
||||
///
|
||||
/// Note that participants MUST be assured that they have the *same*
|
||||
/// [`VerifiableSecretSharingCommitment`], either by performing pairwise comparison, or by using
|
||||
/// some agreed-upon public location for publication, where each participant can
|
||||
/// ensure that they received the correct (and same) value.
|
||||
pub type VerifiableSecretSharingCommitment = frost::keys::VerifiableSecretSharingCommitment<E>;
|
||||
|
||||
pub mod dkg;
|
||||
pub mod repairable;
|
||||
}
|
||||
|
||||
/// FROST(Ed448, SHAKE256) Round 1 functionality and types.
|
||||
|
|
|
@ -1,44 +1,55 @@
|
|||
/// Repairable Threshold Scheme
|
||||
|
||||
#![doc = include_str!("../../repairable.md")]
|
||||
//! Repairable Threshold Scheme
|
||||
//!
|
||||
//! Implements the Repairable Threshold Scheme (RTS) from <https://eprint.iacr.org/2017/1155>.
|
||||
//! The RTS is used to help a signer (participant) repair their lost share. This is achieved
|
||||
//! using a subset of the other signers know here as `helpers`.
|
||||
|
||||
use std::collections::HashMap;
|
||||
|
||||
use crate::{frost::Identifier, Ciphersuite, CryptoRng, Field, Group, RngCore, Scalar};
|
||||
// This is imported separately to make `gencode` work.
|
||||
// (if it were below, the position of the import would vary between ciphersuites
|
||||
// after `cargo fmt`)
|
||||
use crate::P256Sha256;
|
||||
use crate::{frost, Ciphersuite, CryptoRng, Identifier, RngCore, Scalar};
|
||||
|
||||
use super::{SecretShare};
|
||||
use super::{SecretShare, VerifiableSecretSharingCommitment};
|
||||
|
||||
/// Generate random values for each helper - 1 for use in computing the value for the final helper
|
||||
|
||||
pub fn repair_share_step_1<R: RngCore + CryptoRng>(
|
||||
helpers: &[Identifier<C>],
|
||||
share_i: &SecretShare<C>,
|
||||
zeta_i: Scalar<C>,
|
||||
/// Step 1 of RTS.
|
||||
///
|
||||
/// Generates the "delta" values from `helper_i` to help `participant` recover their share
|
||||
/// where `helpers` contains the identifiers of all the helpers (including `helper_i`), and `share_i`
|
||||
/// is the share of `helper_i`.
|
||||
///
|
||||
/// Returns a HashMap mapping which value should be sent to which participant.
|
||||
pub fn repair_share_step_1<C: Ciphersuite, R: RngCore + CryptoRng>(
|
||||
helpers: &[Identifier],
|
||||
share_i: &SecretShare,
|
||||
rng: &mut R,
|
||||
) -> HashMap<Identifier<C>, Scalar<C>> {
|
||||
frost::keys::repairable::repair_share_step_1(identifier, max_signers, min_signers, &mut rng)
|
||||
participant: Identifier,
|
||||
) -> HashMap<Identifier, Scalar> {
|
||||
frost::keys::repairable::repair_share_step_1(helpers, share_i, rng, participant)
|
||||
}
|
||||
|
||||
/// # Communication round:
|
||||
/// # Helper i sends deltas_i[j] to helper j
|
||||
|
||||
/// # deltas_j: values received by j in the communication round
|
||||
/// # Output: sigma_j
|
||||
|
||||
pub fn repair_share_step_2<C: Ciphersuite>(deltas_j: &[Scalar<C>]) -> Scalar<C> {
|
||||
frost::keys::repairable::repair_share_step_2(deltas_j)
|
||||
/// Step 2 of RTS.
|
||||
///
|
||||
/// Generates the `sigma` values from all `deltas` received from `helpers`
|
||||
/// to help `participant` recover their share.
|
||||
/// `sigma` is the sum of all received `delta` and the `delta_i` generated for `helper_i`.
|
||||
///
|
||||
/// Returns a scalar
|
||||
pub fn repair_share_step_2(deltas_j: &[Scalar]) -> Scalar {
|
||||
frost::keys::repairable::repair_share_step_2::<P256Sha256>(deltas_j)
|
||||
}
|
||||
|
||||
/// # Communication round
|
||||
/// # Helper j sends sigma_j to signer r
|
||||
|
||||
/// # sigmas: all sigma_j received from each helper j
|
||||
/// # Output: share_r: r's secret share
|
||||
|
||||
pub fn repair_share_step_3<C: Ciphersuite>(
|
||||
sigmas: &[Scalar<C>],
|
||||
identifier: Identifier<C>,
|
||||
commitment: &VerifiableSecretSharingCommitment<C>,
|
||||
) -> SecretShare<C> {
|
||||
frost::keys::repairable::repair_share(sigmas, identifier, commitment)
|
||||
/// Step 3 of RTS
|
||||
///
|
||||
/// The `participant` sums all `sigma_j` received to compute the `share`. The `SecretShare`
|
||||
/// is made up of the `identifier`and `commitment` of the `participant` as well as the
|
||||
/// `value` which is the `SigningShare`.
|
||||
pub fn repair_share_step_3(
|
||||
sigmas: &[Scalar],
|
||||
identifier: Identifier,
|
||||
commitment: &VerifiableSecretSharingCommitment,
|
||||
) -> SecretShare {
|
||||
frost::keys::repairable::repair_share_step_3(sigmas, identifier, commitment)
|
||||
}
|
||||
|
|
|
@ -265,7 +265,22 @@ pub mod keys {
|
|||
/// Used for verification purposes before publishing a signature.
|
||||
pub type PublicKeyPackage = frost::keys::PublicKeyPackage<P>;
|
||||
|
||||
/// Contains the commitments to the coefficients for our secret polynomial _f_,
|
||||
/// used to generate participants' key shares.
|
||||
///
|
||||
/// [`VerifiableSecretSharingCommitment`] contains a set of commitments to the coefficients (which
|
||||
/// themselves are scalars) for a secret polynomial f, where f is used to
|
||||
/// generate each ith participant's key share f(i). Participants use this set of
|
||||
/// commitments to perform verifiable secret sharing.
|
||||
///
|
||||
/// Note that participants MUST be assured that they have the *same*
|
||||
/// [`VerifiableSecretSharingCommitment`], either by performing pairwise comparison, or by using
|
||||
/// some agreed-upon public location for publication, where each participant can
|
||||
/// ensure that they received the correct (and same) value.
|
||||
pub type VerifiableSecretSharingCommitment = frost::keys::VerifiableSecretSharingCommitment<P>;
|
||||
|
||||
pub mod dkg;
|
||||
pub mod repairable;
|
||||
}
|
||||
|
||||
/// FROST(P-256, SHA-256) Round 1 functionality and types.
|
||||
|
|
|
@ -1,44 +1,55 @@
|
|||
/// Repairable Threshold Scheme
|
||||
|
||||
#![doc = include_str!("../../repairable.md")]
|
||||
//! Repairable Threshold Scheme
|
||||
//!
|
||||
//! Implements the Repairable Threshold Scheme (RTS) from <https://eprint.iacr.org/2017/1155>.
|
||||
//! The RTS is used to help a signer (participant) repair their lost share. This is achieved
|
||||
//! using a subset of the other signers know here as `helpers`.
|
||||
|
||||
use std::collections::HashMap;
|
||||
|
||||
use crate::{frost::Identifier, Ciphersuite, CryptoRng, Field, Group, RngCore, Scalar};
|
||||
// This is imported separately to make `gencode` work.
|
||||
// (if it were below, the position of the import would vary between ciphersuites
|
||||
// after `cargo fmt`)
|
||||
use crate::Ristretto255Sha512;
|
||||
use crate::{frost, Ciphersuite, CryptoRng, Identifier, RngCore, Scalar};
|
||||
|
||||
use super::{SecretShare};
|
||||
use super::{SecretShare, VerifiableSecretSharingCommitment};
|
||||
|
||||
/// Generate random values for each helper - 1 for use in computing the value for the final helper
|
||||
|
||||
pub fn repair_share_step_1<R: RngCore + CryptoRng>(
|
||||
helpers: &[Identifier<C>],
|
||||
share_i: &SecretShare<C>,
|
||||
zeta_i: Scalar<C>,
|
||||
/// Step 1 of RTS.
|
||||
///
|
||||
/// Generates the "delta" values from `helper_i` to help `participant` recover their share
|
||||
/// where `helpers` contains the identifiers of all the helpers (including `helper_i`), and `share_i`
|
||||
/// is the share of `helper_i`.
|
||||
///
|
||||
/// Returns a HashMap mapping which value should be sent to which participant.
|
||||
pub fn repair_share_step_1<C: Ciphersuite, R: RngCore + CryptoRng>(
|
||||
helpers: &[Identifier],
|
||||
share_i: &SecretShare,
|
||||
rng: &mut R,
|
||||
) -> HashMap<Identifier<C>, Scalar<C>> {
|
||||
frost::keys::repairable::repair_share_step_1(identifier, max_signers, min_signers, &mut rng)
|
||||
participant: Identifier,
|
||||
) -> HashMap<Identifier, Scalar> {
|
||||
frost::keys::repairable::repair_share_step_1(helpers, share_i, rng, participant)
|
||||
}
|
||||
|
||||
/// # Communication round:
|
||||
/// # Helper i sends deltas_i[j] to helper j
|
||||
|
||||
/// # deltas_j: values received by j in the communication round
|
||||
/// # Output: sigma_j
|
||||
|
||||
pub fn repair_share_step_2<C: Ciphersuite>(deltas_j: &[Scalar<C>]) -> Scalar<C> {
|
||||
frost::keys::repairable::repair_share_step_2(deltas_j)
|
||||
/// Step 2 of RTS.
|
||||
///
|
||||
/// Generates the `sigma` values from all `deltas` received from `helpers`
|
||||
/// to help `participant` recover their share.
|
||||
/// `sigma` is the sum of all received `delta` and the `delta_i` generated for `helper_i`.
|
||||
///
|
||||
/// Returns a scalar
|
||||
pub fn repair_share_step_2(deltas_j: &[Scalar]) -> Scalar {
|
||||
frost::keys::repairable::repair_share_step_2::<Ristretto255Sha512>(deltas_j)
|
||||
}
|
||||
|
||||
/// # Communication round
|
||||
/// # Helper j sends sigma_j to signer r
|
||||
|
||||
/// # sigmas: all sigma_j received from each helper j
|
||||
/// # Output: share_r: r's secret share
|
||||
|
||||
pub fn repair_share_step_3<C: Ciphersuite>(
|
||||
sigmas: &[Scalar<C>],
|
||||
identifier: Identifier<C>,
|
||||
commitment: &VerifiableSecretSharingCommitment<C>,
|
||||
) -> SecretShare<C> {
|
||||
frost::keys::repairable::repair_share(sigmas, identifier, commitment)
|
||||
/// Step 3 of RTS
|
||||
///
|
||||
/// The `participant` sums all `sigma_j` received to compute the `share`. The `SecretShare`
|
||||
/// is made up of the `identifier`and `commitment` of the `participant` as well as the
|
||||
/// `value` which is the `SigningShare`.
|
||||
pub fn repair_share_step_3(
|
||||
sigmas: &[Scalar],
|
||||
identifier: Identifier,
|
||||
commitment: &VerifiableSecretSharingCommitment,
|
||||
) -> SecretShare {
|
||||
frost::keys::repairable::repair_share_step_3(sigmas, identifier, commitment)
|
||||
}
|
||||
|
|
|
@ -229,7 +229,22 @@ pub mod keys {
|
|||
/// Used for verification purposes before publishing a signature.
|
||||
pub type PublicKeyPackage = frost::keys::PublicKeyPackage<R>;
|
||||
|
||||
/// Contains the commitments to the coefficients for our secret polynomial _f_,
|
||||
/// used to generate participants' key shares.
|
||||
///
|
||||
/// [`VerifiableSecretSharingCommitment`] contains a set of commitments to the coefficients (which
|
||||
/// themselves are scalars) for a secret polynomial f, where f is used to
|
||||
/// generate each ith participant's key share f(i). Participants use this set of
|
||||
/// commitments to perform verifiable secret sharing.
|
||||
///
|
||||
/// Note that participants MUST be assured that they have the *same*
|
||||
/// [`VerifiableSecretSharingCommitment`], either by performing pairwise comparison, or by using
|
||||
/// some agreed-upon public location for publication, where each participant can
|
||||
/// ensure that they received the correct (and same) value.
|
||||
pub type VerifiableSecretSharingCommitment = frost::keys::VerifiableSecretSharingCommitment<R>;
|
||||
|
||||
pub mod dkg;
|
||||
pub mod repairable;
|
||||
}
|
||||
|
||||
/// FROST(ristretto255, SHA-512) Round 1 functionality and types.
|
||||
|
|
|
@ -1,44 +1,55 @@
|
|||
/// Repairable Threshold Scheme
|
||||
|
||||
#![doc = include_str!("../../repairable.md")]
|
||||
//! Repairable Threshold Scheme
|
||||
//!
|
||||
//! Implements the Repairable Threshold Scheme (RTS) from <https://eprint.iacr.org/2017/1155>.
|
||||
//! The RTS is used to help a signer (participant) repair their lost share. This is achieved
|
||||
//! using a subset of the other signers know here as `helpers`.
|
||||
|
||||
use std::collections::HashMap;
|
||||
|
||||
use crate::{frost::Identifier, Ciphersuite, CryptoRng, Field, Group, RngCore, Scalar};
|
||||
// This is imported separately to make `gencode` work.
|
||||
// (if it were below, the position of the import would vary between ciphersuites
|
||||
// after `cargo fmt`)
|
||||
use crate::Secp256K1Sha256;
|
||||
use crate::{frost, Ciphersuite, CryptoRng, Identifier, RngCore, Scalar};
|
||||
|
||||
use super::{SecretShare};
|
||||
use super::{SecretShare, VerifiableSecretSharingCommitment};
|
||||
|
||||
/// Generate random values for each helper - 1 for use in computing the value for the final helper
|
||||
|
||||
pub fn repair_share_step_1<R: RngCore + CryptoRng>(
|
||||
helpers: &[Identifier<C>],
|
||||
share_i: &SecretShare<C>,
|
||||
zeta_i: Scalar<C>,
|
||||
/// Step 1 of RTS.
|
||||
///
|
||||
/// Generates the "delta" values from `helper_i` to help `participant` recover their share
|
||||
/// where `helpers` contains the identifiers of all the helpers (including `helper_i`), and `share_i`
|
||||
/// is the share of `helper_i`.
|
||||
///
|
||||
/// Returns a HashMap mapping which value should be sent to which participant.
|
||||
pub fn repair_share_step_1<C: Ciphersuite, R: RngCore + CryptoRng>(
|
||||
helpers: &[Identifier],
|
||||
share_i: &SecretShare,
|
||||
rng: &mut R,
|
||||
) -> HashMap<Identifier<C>, Scalar<C>> {
|
||||
frost::keys::repairable::repair_share_step_1(identifier, max_signers, min_signers, &mut rng)
|
||||
participant: Identifier,
|
||||
) -> HashMap<Identifier, Scalar> {
|
||||
frost::keys::repairable::repair_share_step_1(helpers, share_i, rng, participant)
|
||||
}
|
||||
|
||||
/// # Communication round:
|
||||
/// # Helper i sends deltas_i[j] to helper j
|
||||
|
||||
/// # deltas_j: values received by j in the communication round
|
||||
/// # Output: sigma_j
|
||||
|
||||
pub fn repair_share_step_2<C: Ciphersuite>(deltas_j: &[Scalar<C>]) -> Scalar<C> {
|
||||
frost::keys::repairable::repair_share_step_2(deltas_j)
|
||||
/// Step 2 of RTS.
|
||||
///
|
||||
/// Generates the `sigma` values from all `deltas` received from `helpers`
|
||||
/// to help `participant` recover their share.
|
||||
/// `sigma` is the sum of all received `delta` and the `delta_i` generated for `helper_i`.
|
||||
///
|
||||
/// Returns a scalar
|
||||
pub fn repair_share_step_2(deltas_j: &[Scalar]) -> Scalar {
|
||||
frost::keys::repairable::repair_share_step_2::<Secp256K1Sha256>(deltas_j)
|
||||
}
|
||||
|
||||
/// # Communication round
|
||||
/// # Helper j sends sigma_j to signer r
|
||||
|
||||
/// # sigmas: all sigma_j received from each helper j
|
||||
/// # Output: share_r: r's secret share
|
||||
|
||||
pub fn repair_share_step_3<C: Ciphersuite>(
|
||||
sigmas: &[Scalar<C>],
|
||||
identifier: Identifier<C>,
|
||||
commitment: &VerifiableSecretSharingCommitment<C>,
|
||||
) -> SecretShare<C> {
|
||||
frost::keys::repairable::repair_share(sigmas, identifier, commitment)
|
||||
/// Step 3 of RTS
|
||||
///
|
||||
/// The `participant` sums all `sigma_j` received to compute the `share`. The `SecretShare`
|
||||
/// is made up of the `identifier`and `commitment` of the `participant` as well as the
|
||||
/// `value` which is the `SigningShare`.
|
||||
pub fn repair_share_step_3(
|
||||
sigmas: &[Scalar],
|
||||
identifier: Identifier,
|
||||
commitment: &VerifiableSecretSharingCommitment,
|
||||
) -> SecretShare {
|
||||
frost::keys::repairable::repair_share_step_3(sigmas, identifier, commitment)
|
||||
}
|
||||
|
|
|
@ -264,7 +264,22 @@ pub mod keys {
|
|||
/// Used for verification purposes before publishing a signature.
|
||||
pub type PublicKeyPackage = frost::keys::PublicKeyPackage<S>;
|
||||
|
||||
/// Contains the commitments to the coefficients for our secret polynomial _f_,
|
||||
/// used to generate participants' key shares.
|
||||
///
|
||||
/// [`VerifiableSecretSharingCommitment`] contains a set of commitments to the coefficients (which
|
||||
/// themselves are scalars) for a secret polynomial f, where f is used to
|
||||
/// generate each ith participant's key share f(i). Participants use this set of
|
||||
/// commitments to perform verifiable secret sharing.
|
||||
///
|
||||
/// Note that participants MUST be assured that they have the *same*
|
||||
/// [`VerifiableSecretSharingCommitment`], either by performing pairwise comparison, or by using
|
||||
/// some agreed-upon public location for publication, where each participant can
|
||||
/// ensure that they received the correct (and same) value.
|
||||
pub type VerifiableSecretSharingCommitment = frost::keys::VerifiableSecretSharingCommitment<S>;
|
||||
|
||||
pub mod dkg;
|
||||
pub mod repairable;
|
||||
}
|
||||
|
||||
/// FROST(secp256k1, SHA-256) Round 1 functionality and types.
|
||||
|
|
|
@ -215,7 +215,12 @@ fn main() -> ExitCode {
|
|||
replaced |= write_docs(&docs, &lib_filename, original_strings, replacement_strings);
|
||||
|
||||
// Generate files based on a template with simple search & replace.
|
||||
for filename in ["README.md", "dkg.md", "src/keys/dkg.rs"] {
|
||||
for filename in [
|
||||
"README.md",
|
||||
"dkg.md",
|
||||
"src/keys/dkg.rs",
|
||||
"src/keys/repairable.rs",
|
||||
] {
|
||||
replaced |= copy_and_replace(
|
||||
format!("{original_folder}/{filename}").as_str(),
|
||||
format!("{folder}/{filename}").as_str(),
|
||||
|
|
Loading…
Reference in New Issue