add ristretto255 docs (#110)
* add ristretto255 docs * mention FROST(ristretto255, SHA-512) explicitly * Update frost-ristretto255/src/lib.rs * Update frost-ristretto255/src/lib.rs * Update frost-ristretto255/src/lib.rs * Update frost-ristretto255/src/lib.rs * "# Security' * rustfmt Co-authored-by: Deirdre Connolly <durumcrustulum@gmail.com>
This commit is contained in:
parent
8f2af1987c
commit
66914e6f92
|
@ -19,7 +19,7 @@ mod tests;
|
|||
pub use frost_core::Error;
|
||||
|
||||
#[derive(Clone, Copy)]
|
||||
/// An implementation of the FROST ciphersuite scalar field.
|
||||
/// An implementation of the FROST(ristretto255, SHA-512) ciphersuite scalar field.
|
||||
pub struct RistrettoScalarField;
|
||||
|
||||
impl Field for RistrettoScalarField {
|
||||
|
@ -73,7 +73,7 @@ impl Field for RistrettoScalarField {
|
|||
}
|
||||
|
||||
#[derive(Clone, Copy, PartialEq, Eq)]
|
||||
/// An implementation of the FROST ciphersuite group.
|
||||
/// An implementation of the FROST(ristretto255, SHA-512) ciphersuite group.
|
||||
pub struct RistrettoGroup;
|
||||
|
||||
impl Group for RistrettoGroup {
|
||||
|
@ -113,7 +113,7 @@ impl Group for RistrettoGroup {
|
|||
const CONTEXT_STRING: &str = "FROST-RISTRETTO255-SHA512-v5";
|
||||
|
||||
#[derive(Clone, Copy, PartialEq, Eq)]
|
||||
/// An implementation of the FROST ciphersuite Ristretto255-SHA512.
|
||||
/// An implementation of the FROST(ristretto255, SHA-512) ciphersuite.
|
||||
pub struct Ristretto255Sha512;
|
||||
|
||||
impl Ciphersuite for Ristretto255Sha512 {
|
||||
|
@ -182,14 +182,15 @@ impl Ciphersuite for Ristretto255Sha512 {
|
|||
|
||||
type R = Ristretto255Sha512;
|
||||
|
||||
///
|
||||
/// A FROST(ristretto255, SHA-512) participant identifier.
|
||||
pub type Identifier = frost::Identifier<R>;
|
||||
|
||||
///
|
||||
/// FROST(ristretto255, SHA-512) keys, key generation, key shares.
|
||||
pub mod keys {
|
||||
use super::*;
|
||||
|
||||
///
|
||||
/// Allows all participants' keys to be generated using a central, trusted
|
||||
/// dealer.
|
||||
pub fn keygen_with_dealer<RNG: RngCore + CryptoRng>(
|
||||
num_signers: u8,
|
||||
threshold: u8,
|
||||
|
@ -198,28 +199,53 @@ pub mod keys {
|
|||
frost::keys::keygen_with_dealer(num_signers, threshold, &mut rng)
|
||||
}
|
||||
|
||||
/// Secret and public key material generated by a dealer performing
|
||||
/// [`keygen_with_dealer`].
|
||||
///
|
||||
/// # Security
|
||||
///
|
||||
/// To derive a FROST(ristretto255, SHA-512) keypair, the receiver of the [`SharePackage`] *must* call
|
||||
/// .into(), which under the hood also performs validation.
|
||||
pub type SharePackage = frost::keys::SharePackage<R>;
|
||||
|
||||
/// A FROST(ristretto255, SHA-512) keypair, which can be generated either by a trusted dealer or using
|
||||
/// a DKG.
|
||||
///
|
||||
/// When using a central dealer, [`SharePackage`]s are distributed to
|
||||
/// participants, who then perform verification, before deriving
|
||||
/// [`KeyPackage`]s, which they store to later use during signing.
|
||||
pub type KeyPackage = frost::keys::KeyPackage<R>;
|
||||
|
||||
/// Public data that contains all the signers' public keys as well as the
|
||||
/// group public key.
|
||||
///
|
||||
/// Used for verification purposes before publishing a signature.
|
||||
pub type PublicKeyPackage = frost::keys::PublicKeyPackage<R>;
|
||||
}
|
||||
|
||||
///
|
||||
/// FROST(ristretto255, SHA-512) Round 1 functionality and types.
|
||||
pub mod round1 {
|
||||
use frost_core::frost::keys::SigningShare;
|
||||
|
||||
use super::*;
|
||||
|
||||
/// Comprised of FROST(ristretto255, SHA-512) hiding and binding nonces.
|
||||
///
|
||||
/// Note that [`SigningNonces`] must be used *only once* for a signing
|
||||
/// operation; re-using nonces will result in leakage of a signer's long-lived
|
||||
/// signing key.
|
||||
pub type SigningNonces = frost::round1::SigningNonces<R>;
|
||||
|
||||
/// Published by each participant in the first round of the signing protocol.
|
||||
///
|
||||
/// This step can be batched if desired by the implementation. Each
|
||||
/// SigningCommitment can be used for exactly *one* signature.
|
||||
pub type SigningCommitments = frost::round1::SigningCommitments<R>;
|
||||
|
||||
/// Performed once by each participant selected for the signing operation.
|
||||
///
|
||||
/// Generates the signing nonces and commitments to be used in the signing
|
||||
/// operation.
|
||||
pub fn commit<RNG>(
|
||||
participant_identifier: frost::Identifier<R>,
|
||||
secret: &SigningShare<R>,
|
||||
|
@ -232,20 +258,30 @@ pub mod round1 {
|
|||
}
|
||||
}
|
||||
|
||||
///
|
||||
/// Generated by the coordinator of the signing operation and distributed to
|
||||
/// each signing party.
|
||||
pub type SigningPackage = frost::SigningPackage<R>;
|
||||
|
||||
///
|
||||
/// FROST(ristretto255, SHA-512) Round 2 functionality and types, for signature share generation.
|
||||
pub mod round2 {
|
||||
use super::*;
|
||||
|
||||
///
|
||||
/// A FROST(ristretto255, SHA-512) participant's signature share, which the Coordinator will aggregate with all other signer's
|
||||
/// shares into the joint signature.
|
||||
pub type SignatureShare = frost::round2::SignatureShare<R>;
|
||||
|
||||
///
|
||||
/// Generated by the coordinator of the signing operation and distributed to
|
||||
/// each signing party
|
||||
pub type SigningPackage = frost::SigningPackage<R>;
|
||||
|
||||
/// Performed once by each participant selected for the signing operation.
|
||||
///
|
||||
/// Receives the message to be signed and a set of signing commitments and a set
|
||||
/// of randomizing commitments to be used in that signing operation, including
|
||||
/// that for this participant.
|
||||
///
|
||||
/// Assumes the participant has already determined which nonce corresponds with
|
||||
/// the commitment that was assigned by the coordinator in the SigningPackage.
|
||||
pub fn sign(
|
||||
signing_package: &SigningPackage,
|
||||
signer_nonces: &round1::SigningNonces,
|
||||
|
@ -255,10 +291,24 @@ pub mod round2 {
|
|||
}
|
||||
}
|
||||
|
||||
///
|
||||
/// A Schnorr signature on FROST(ristretto255, SHA-512).
|
||||
pub type Signature = frost_core::Signature<R>;
|
||||
|
||||
/// Verifies each FROST(ristretto255, SHA-512) participant's signature share, and if all are valid,
|
||||
/// aggregates the shares into a signature to publish.
|
||||
///
|
||||
/// Resulting signature is compatible with verification of a plain Schnorr
|
||||
/// signature.
|
||||
///
|
||||
/// This operation is performed by a coordinator that can communicate with all
|
||||
/// the signing participants before publishing the final signature. The
|
||||
/// coordinator can be one of the participants or a semi-trusted third party
|
||||
/// (who is trusted to not perform denial of service attacks, but does not learn
|
||||
/// any secret information). Note that because the coordinator is trusted to
|
||||
/// report misbehaving parties in order to avoid publishing an invalid
|
||||
/// signature, if the coordinator themselves is a signer and misbehaves, they
|
||||
/// can avoid that step. However, at worst, this results in a denial of
|
||||
/// service attack due to publishing an invalid signature.
|
||||
pub fn aggregate(
|
||||
signing_package: &round2::SigningPackage,
|
||||
signature_shares: &[round2::SignatureShare],
|
||||
|
@ -267,8 +317,8 @@ pub fn aggregate(
|
|||
frost::aggregate(signing_package, signature_shares, pubkeys)
|
||||
}
|
||||
|
||||
///
|
||||
/// A signing key for a Schnorr signature on FROST(ristretto255, SHA-512).
|
||||
pub type SigningKey = frost_core::SigningKey<R>;
|
||||
|
||||
///
|
||||
/// A valid verifying key for Schnorr signatures on FROST(ristretto255, SHA-512).
|
||||
pub type VerifyingKey = frost_core::VerifyingKey<R>;
|
||||
|
|
Loading…
Reference in New Issue