zecfoundation
/
frost
mirror of https://github.com/ZcashFoundation/frost.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add terminology page to FROST book; flesh out module-level rustdoc fo… (#330) 

* Add terminology page to FROST book; flesh out module-level rustdoc for core dkg

* Link to Feldman's VSS, clarify

* Add tss and vss definitions

* Missing word

* Clarify slightly

* Update book/src/terminology.md

* Update book/src/terminology.md
This commit is contained in:
Deirdre Connolly 2023-05-17 11:48:36 -04:00 committed by GitHub
parent 07aea68b03
commit c0dc69900c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 69 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
book/src/SUMMARY.md
View File

@ -14,7 +14,8 @@
- [DKG](user/frost-ristretto255/dkg.md)
- [frost-secp256k1](user/frost-secp256k1.md)
- [DKG](user/frost-secp256k1/dkg.md)
- [Terminology](terminology.md)
- [Developer Documentation](dev.md)
- [FROST RFCs](dev/rfcs.md)
- [FROST messages](dev/rfcs/0001-messages.md )
- [List of Dependencies for Audit](dev/frost-dependencies-for-audit.md)
- [List of Dependencies for Audit](dev/frost-dependencies-for-audit.md)

42
book/src/terminology.md Normal file
View File

@ -0,0 +1,42 @@
# Terminology
### _Broadcast channel_
A secure broadcast channel in the context of multi-party computation protocols
such as FROST has the following properties:
1. Consistent. Each participant has the same view of the message sent over the channel.
2. Authenticated. Players know that the message was in fact sent by the claimed sender. In practice, this
requirement is often fulfilled by a PKI.
3. Reliable Delivery. Player i knows that the message it sent was in fact received by the intended participants.
4. Unordered. The channel does not guarantee ordering of messages.
Possible deployment options:
- Echo-broadcast (Goldwasser-Lindell)
- Posting commitments to an authenticated centralized server that is trusted to
provide a single view to all participants
### _Peer to peer channel_
Peer-to-peer channels are authenticated, reliable, and unordered, per the
definitions above. Additionally, peer-to-peer channels are _confidential_; i.e.,
only participants `i` and `j` are allowed to know the contents of
a message `msg_i,j`.
Possible deployment options:
- Mutually authenticated TLS
- Wireguard
### _Threshold secret sharing_
Threshold secret sharing does not require a broadcast channel because the dealer is fully trusted.
### _Verifiable secret sharing_
Verifiable secret sharing requires a broadcast channel because the dealer is
_not_ fully trusted: keygen participants verify the VSS commitment which is
transmitted over the broadcast channel before accepting the shares distributed
from the dealer, to ensure all participants have the same view of the commitment.

26
frost-core/src/frost/keys/dkg.rs
View File

@ -1,10 +1,34 @@
//! Distributed Key Generation functions and structures.
//!
//! The DKG module supports generating FROST key shares in a distributed manner,
//! without a trusted dealer.
//! without a trusted dealer, via two rounds of communication between all
//! participants.
//!
//! This implements FROST KeyGen from the original [FROST paper], specifically
//! Figure 1. This protocol is a variant of [Pedersen's DKG] that additionally
//! requires each participant to demonstrate knowledge of their secret by providing
//! other participants with proof in zero knowledge, instantiated as a Schnorr signature,
//! to protect against rogue-key attacks in the setting where `t ≥ n/2`.
//!
//! In Pedersen's DKG, each of the `n` participants executes [Feldman's
//! Verifiable Secret Sharing (VSS)][Feldman's VSS] as the dealer in parallel,
//! and derives their secret share as the sum of the shares received from each
//! of the `n` VSS executions.
//!
//! As required for any multi-party protocol using Feldman's VSS, the key
//! generation stage in FROST requires participants to maintain a consistent
//! view of the pubic commitments to the secret polynomial coefficients. This
//! DKG protocol requires participants to broadcast the commitment values
//! honestly (e.g., participants do not provide different commitment values to a
//! subset of participants) over a _[secure broadcast channel]_.
//!
//! For more details and an example, see the ciphersuite-specific crates, e.g.
//! [`frost_ristretto255::keys::dkg`](../../../../frost_ristretto255/keys/dkg).
//!
//! [FROST paper]: https://eprint.iacr.org/2020/852.pdf
//! [Pedersen's DKG]: https://link.springer.com/chapter/10.1007/3-540-46416-6_47
//! [Feldman's VSS]: https://www.cs.umd.edu/~gasarch/TOPICS/secretsharing/feldmanVSS.pdf
//! [secure broadcast channel]: https://frost.zfnd.org/terminology.html#broadcast-channel
use std::{collections::HashMap, iter};