Add terminology page to FROST book; flesh out module-level rustdoc fo… (#330)
* Add terminology page to FROST book; flesh out module-level rustdoc for core dkg * Link to Feldman's VSS, clarify * Add tss and vss definitions * Missing word * Clarify slightly * Update book/src/terminology.md * Update book/src/terminology.md
This commit is contained in:
parent
07aea68b03
commit
c0dc69900c
|
@ -14,7 +14,8 @@
|
|||
- [DKG](user/frost-ristretto255/dkg.md)
|
||||
- [frost-secp256k1](user/frost-secp256k1.md)
|
||||
- [DKG](user/frost-secp256k1/dkg.md)
|
||||
- [Terminology](terminology.md)
|
||||
- [Developer Documentation](dev.md)
|
||||
- [FROST RFCs](dev/rfcs.md)
|
||||
- [FROST messages](dev/rfcs/0001-messages.md )
|
||||
- [List of Dependencies for Audit](dev/frost-dependencies-for-audit.md)
|
||||
- [List of Dependencies for Audit](dev/frost-dependencies-for-audit.md)
|
||||
|
|
|
@ -0,0 +1,42 @@
|
|||
# Terminology
|
||||
|
||||
### _Broadcast channel_
|
||||
|
||||
A secure broadcast channel in the context of multi-party computation protocols
|
||||
such as FROST has the following properties:
|
||||
|
||||
1. Consistent. Each participant has the same view of the message sent over the channel.
|
||||
2. Authenticated. Players know that the message was in fact sent by the claimed sender. In practice, this
|
||||
requirement is often fulfilled by a PKI.
|
||||
3. Reliable Delivery. Player i knows that the message it sent was in fact received by the intended participants.
|
||||
4. Unordered. The channel does not guarantee ordering of messages.
|
||||
|
||||
Possible deployment options:
|
||||
- Echo-broadcast (Goldwasser-Lindell)
|
||||
- Posting commitments to an authenticated centralized server that is trusted to
|
||||
provide a single view to all participants
|
||||
|
||||
|
||||
### _Peer to peer channel_
|
||||
|
||||
Peer-to-peer channels are authenticated, reliable, and unordered, per the
|
||||
definitions above. Additionally, peer-to-peer channels are _confidential_; i.e.,
|
||||
only participants `i` and `j` are allowed to know the contents of
|
||||
a message `msg_i,j`.
|
||||
|
||||
Possible deployment options:
|
||||
- Mutually authenticated TLS
|
||||
- Wireguard
|
||||
|
||||
### _Threshold secret sharing_
|
||||
|
||||
Threshold secret sharing does not require a broadcast channel because the dealer is fully trusted.
|
||||
|
||||
### _Verifiable secret sharing_
|
||||
|
||||
Verifiable secret sharing requires a broadcast channel because the dealer is
|
||||
_not_ fully trusted: keygen participants verify the VSS commitment which is
|
||||
transmitted over the broadcast channel before accepting the shares distributed
|
||||
from the dealer, to ensure all participants have the same view of the commitment.
|
||||
|
||||
|
|
@ -1,10 +1,34 @@
|
|||
//! Distributed Key Generation functions and structures.
|
||||
//!
|
||||
//! The DKG module supports generating FROST key shares in a distributed manner,
|
||||
//! without a trusted dealer.
|
||||
//! without a trusted dealer, via two rounds of communication between all
|
||||
//! participants.
|
||||
//!
|
||||
//! This implements FROST KeyGen from the original [FROST paper], specifically
|
||||
//! Figure 1. This protocol is a variant of [Pedersen's DKG] that additionally
|
||||
//! requires each participant to demonstrate knowledge of their secret by providing
|
||||
//! other participants with proof in zero knowledge, instantiated as a Schnorr signature,
|
||||
//! to protect against rogue-key attacks in the setting where `t ≥ n/2`.
|
||||
//!
|
||||
//! In Pedersen's DKG, each of the `n` participants executes [Feldman's
|
||||
//! Verifiable Secret Sharing (VSS)][Feldman's VSS] as the dealer in parallel,
|
||||
//! and derives their secret share as the sum of the shares received from each
|
||||
//! of the `n` VSS executions.
|
||||
//!
|
||||
//! As required for any multi-party protocol using Feldman's VSS, the key
|
||||
//! generation stage in FROST requires participants to maintain a consistent
|
||||
//! view of the pubic commitments to the secret polynomial coefficients. This
|
||||
//! DKG protocol requires participants to broadcast the commitment values
|
||||
//! honestly (e.g., participants do not provide different commitment values to a
|
||||
//! subset of participants) over a _[secure broadcast channel]_.
|
||||
//!
|
||||
//! For more details and an example, see the ciphersuite-specific crates, e.g.
|
||||
//! [`frost_ristretto255::keys::dkg`](../../../../frost_ristretto255/keys/dkg).
|
||||
//!
|
||||
//! [FROST paper]: https://eprint.iacr.org/2020/852.pdf
|
||||
//! [Pedersen's DKG]: https://link.springer.com/chapter/10.1007/3-540-46416-6_47
|
||||
//! [Feldman's VSS]: https://www.cs.umd.edu/~gasarch/TOPICS/secretsharing/feldmanVSS.pdf
|
||||
//! [secure broadcast channel]: https://frost.zfnd.org/terminology.html#broadcast-channel
|
||||
|
||||
use std::{collections::HashMap, iter};
|
||||
|
||||
|
|
Loading…
Reference in New Issue