Update test vectors and links to v11 (#151)
update test vectors and links to v11
This commit is contained in:
Conrado Gouvea
GitHub
parent
bceafae2e6
commit
d50cb30d23
|
|
@ -89,7 +89,7 @@ where
|
|||
//
|
||||
// [`binding_factor_for_participant`] in the spec
|
||||
//
|
||||
// [`binding_factor_for_participant`]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#section-4.3
|
||||
// [`binding_factor_for_participant`]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#section-4.3
|
||||
// TODO: switch from Vec to BTreeMap, as this can be made more efficient.
|
||||
fn index(&self, identifier: Identifier<C>) -> &Self::Output {
|
||||
for (i, factor) in self.0.iter() {
|
||||
|
|
@ -108,7 +108,7 @@ where
|
|||
{
|
||||
// [`compute_binding_factors`] in the spec
|
||||
//
|
||||
// [`compute_binding_factors`]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#section-4.4
|
||||
// [`compute_binding_factors`]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#section-4.4
|
||||
fn from(signing_package: &SigningPackage<C>) -> BindingFactorList<C> {
|
||||
let preimages = signing_package.rho_preimages();
|
||||
|
||||
|
|
@ -281,7 +281,7 @@ where
|
|||
///
|
||||
/// Implements [`compute_group_commitment`] from the spec.
|
||||
///
|
||||
/// [`compute_group_commitment`]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#section-4.5
|
||||
/// [`compute_group_commitment`]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#section-4.5
|
||||
fn try_from(signing_package: &SigningPackage<C>) -> Result<GroupCommitment<C>, &'static str> {
|
||||
let binding_factor_list: BindingFactorList<C> = signing_package.into();
|
||||
|
||||
|
|
@ -378,7 +378,7 @@ where
|
|||
//
|
||||
// Implements [`aggregate`] from the spec.
|
||||
//
|
||||
// [`aggregate`]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#section-5.3
|
||||
// [`aggregate`]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#section-5.3
|
||||
let mut z = <<C::Group as Group>::Field as Field>::zero();
|
||||
|
||||
for signature_share in signature_shares {
|
||||
|
|
|
|||
|
|
@ -278,7 +278,7 @@ where
|
|||
/// This also implements `derive_group_info()` from the [spec] (which is very similar),
|
||||
/// but only for this participant.
|
||||
///
|
||||
/// [spec]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#appendix-C.2-4
|
||||
/// [spec]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#appendix-C.2-4
|
||||
pub fn verify(&self) -> Result<(VerifyingShare<C>, VerifyingKey<C>), &'static str> {
|
||||
let f_result = <C::Group as Group>::generator() * self.value.0;
|
||||
let result = evaluate_vss(&self.commitment, self.identifier)?;
|
||||
|
|
@ -306,7 +306,7 @@ where
|
|||
///
|
||||
/// Implements [`trusted_dealer_keygen`] from the spec.
|
||||
///
|
||||
/// [`trusted_dealer_keygen`]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#appendix-C
|
||||
/// [`trusted_dealer_keygen`]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#appendix-C
|
||||
pub fn keygen_with_dealer<C: Ciphersuite, R: RngCore + CryptoRng>(
|
||||
num_signers: u8,
|
||||
threshold: u8,
|
||||
|
|
@ -522,7 +522,7 @@ pub(crate) fn generate_secret_polynomial<C: Ciphersuite>(
|
|||
///
|
||||
/// Implements [`secret_share_shard`] from the spec.
|
||||
///
|
||||
/// [`secret_share_shard`]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#appendix-C.1
|
||||
/// [`secret_share_shard`]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#appendix-C.1
|
||||
pub(crate) fn generate_secret_shares<C: Ciphersuite>(
|
||||
secret: &SharedSecret<C>,
|
||||
numshares: u8,
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ where
|
|||
///
|
||||
/// An implementation of `nonce_generate(secret)` from the [spec].
|
||||
///
|
||||
/// [spec]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#name-nonce-generation
|
||||
/// [spec]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#name-nonce-generation
|
||||
pub fn new<R>(secret: &SigningShare<C>, rng: &mut R) -> Self
|
||||
where
|
||||
R: CryptoRng + RngCore,
|
||||
|
|
@ -209,7 +209,7 @@ where
|
|||
{
|
||||
/// Computes the [signature commitment share] from these round one signing commitments.
|
||||
///
|
||||
/// [signature commitment share]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#name-signature-share-verificatio
|
||||
/// [signature commitment share]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#name-signature-share-verificatio
|
||||
pub(super) fn to_group_commitment_share(
|
||||
self,
|
||||
binding_factor: &frost::Rho<C>,
|
||||
|
|
@ -259,7 +259,7 @@ pub struct GroupCommitmentShare<C: Ciphersuite>(pub(super) <C::Group as Group>::
|
|||
/// Outputs:
|
||||
/// - A byte string containing the serialized representation of B.
|
||||
///
|
||||
/// [`encode_group_commitment_list()`]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#name-list-operations
|
||||
/// [`encode_group_commitment_list()`]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#name-list-operations
|
||||
pub(super) fn encode_group_commitments<C: Ciphersuite>(
|
||||
signing_commitments: Vec<SigningCommitments<C>>,
|
||||
) -> Vec<u8> {
|
||||
|
|
@ -329,7 +329,7 @@ where
|
|||
/// Generates the signing nonces and commitments to be used in the signing
|
||||
/// operation.
|
||||
///
|
||||
/// [`commit`]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#name-round-one-commitment
|
||||
/// [`commit`]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#name-round-one-commitment
|
||||
pub fn commit<C, R>(
|
||||
participant_identifier: Identifier<C>,
|
||||
secret: &SigningShare<C>,
|
||||
|
|
|
|||
|
|
@ -80,7 +80,7 @@ where
|
|||
///
|
||||
/// This is the final step of [`verify_signature_share`] from the spec.
|
||||
///
|
||||
/// [`verify_signature_share`]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#name-signature-share-verificatio
|
||||
/// [`verify_signature_share`]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#name-signature-share-verificatio
|
||||
pub fn verify(
|
||||
&self,
|
||||
group_commitment_share: &round1::GroupCommitmentShare<C>,
|
||||
|
|
@ -127,7 +127,7 @@ where
|
|||
/// Assumes the participant has already determined which nonce corresponds with
|
||||
/// the commitment that was assigned by the coordinator in the SigningPackage.
|
||||
///
|
||||
/// [`sign`]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#name-round-two-signature-share-g
|
||||
/// [`sign`]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#name-round-two-signature-share-g
|
||||
pub fn sign<C: Ciphersuite>(
|
||||
signing_package: &SigningPackage<C>,
|
||||
signer_nonces: &round1::SigningNonces<C>,
|
||||
|
|
|
|||
|
|
@ -62,7 +62,7 @@ pub trait Field: Copy + Clone {
|
|||
|
||||
/// Generate a random scalar from the entire space [0, l-1]
|
||||
///
|
||||
/// <https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#section-3.1-3.3>
|
||||
/// <https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#section-3.1-3.3>
|
||||
fn random<R: RngCore + CryptoRng>(rng: &mut R) -> Self::Scalar;
|
||||
|
||||
/// Generate a random scalar from the entire space [1, l-1]
|
||||
|
|
@ -73,7 +73,7 @@ pub trait Field: Copy + Clone {
|
|||
/// A member function of a [`Field`] that maps a [`Scalar`] to a unique byte array buf of
|
||||
/// fixed length Ne.
|
||||
///
|
||||
/// <https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#section-3.1-3.8>
|
||||
/// <https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#section-3.1-3.8>
|
||||
fn serialize(scalar: &Self::Scalar) -> Self::Serialization;
|
||||
|
||||
/// A member function of a [`Field`] that attempts to map a byte array `buf` to a [`Scalar`].
|
||||
|
|
@ -82,7 +82,7 @@ pub trait Field: Copy + Clone {
|
|||
/// [`Field`]. This function can raise an [`Error`] if deserialization fails or if the
|
||||
/// resulting [`Scalar`] is zero
|
||||
///
|
||||
/// <https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#section-3.1-3.9>
|
||||
/// <https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#section-3.1-3.9>
|
||||
fn deserialize(buf: &Self::Serialization) -> Result<Self::Scalar, Error>;
|
||||
}
|
||||
|
||||
|
|
@ -125,20 +125,20 @@ pub trait Group: Copy + Clone + PartialEq {
|
|||
|
||||
/// Additive [identity] of the prime order group.
|
||||
///
|
||||
/// [identity]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#section-3.1-3.2
|
||||
/// [identity]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#section-3.1-3.2
|
||||
fn identity() -> Self::Element;
|
||||
|
||||
/// The fixed generator element of the prime order group.
|
||||
///
|
||||
/// The 'base' of ['ScalarBaseMult()'] from the spec.
|
||||
///
|
||||
/// [`ScalarBaseMult()`]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#section-3.1-3.5
|
||||
/// [`ScalarBaseMult()`]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#section-3.1-3.5
|
||||
fn generator() -> Self::Element;
|
||||
|
||||
/// A member function of a group _G_ that maps an [`Element`] to a unique byte array buf of
|
||||
/// fixed length Ne.
|
||||
///
|
||||
/// <https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#section-3.1-3.6>
|
||||
/// <https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#section-3.1-3.6>
|
||||
fn serialize(element: &Self::Element) -> Self::Serialization;
|
||||
|
||||
/// A member function of a [`Group`] that attempts to map a byte array `buf` to an [`Element`].
|
||||
|
|
@ -147,7 +147,7 @@ pub trait Group: Copy + Clone + PartialEq {
|
|||
/// [`Group`]. This function can raise an [`Error`] if deserialization fails or if the
|
||||
/// resulting [`Element`] is the identity element of the group
|
||||
///
|
||||
/// <https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#section-3.1-3.7>
|
||||
/// <https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#section-3.1-3.7>
|
||||
fn deserialize(buf: &Self::Serialization) -> Result<Self::Element, Error>;
|
||||
}
|
||||
|
||||
|
|
@ -157,7 +157,7 @@ pub type Element<C> = <<C as Ciphersuite>::Group as Group>::Element;
|
|||
/// A [FROST ciphersuite] specifies the underlying prime-order group details and cryptographic hash
|
||||
/// function.
|
||||
///
|
||||
/// [FROST ciphersuite]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#name-ciphersuites
|
||||
/// [FROST ciphersuite]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#name-ciphersuites
|
||||
pub trait Ciphersuite: Copy + Clone + PartialEq {
|
||||
/// The prime order group (or subgroup) that this ciphersuite operates over.
|
||||
type Group: Group;
|
||||
|
|
@ -173,28 +173,28 @@ pub trait Ciphersuite: Copy + Clone + PartialEq {
|
|||
///
|
||||
/// Maps arbitrary inputs to non-zero `Self::Scalar` elements of the prime-order group scalar field.
|
||||
///
|
||||
/// [H1]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#name-cryptographic-hash-function
|
||||
/// [H1]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#name-cryptographic-hash-function
|
||||
fn H1(m: &[u8]) -> <<Self::Group as Group>::Field as Field>::Scalar;
|
||||
|
||||
/// [H2] for a FROST ciphersuite.
|
||||
///
|
||||
/// Maps arbitrary inputs to non-zero `Self::Scalar` elements of the prime-order group scalar field.
|
||||
///
|
||||
/// [H2]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#name-cryptographic-hash-function
|
||||
/// [H2]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#name-cryptographic-hash-function
|
||||
fn H2(m: &[u8]) -> <<Self::Group as Group>::Field as Field>::Scalar;
|
||||
|
||||
/// [H3] for a FROST ciphersuite.
|
||||
///
|
||||
/// Maps arbitrary inputs to non-zero `Self::Scalar` elements of the prime-order group scalar field.
|
||||
///
|
||||
/// [H3]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#name-cryptographic-hash-function
|
||||
/// [H3]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#name-cryptographic-hash-function
|
||||
fn H3(m: &[u8]) -> <<Self::Group as Group>::Field as Field>::Scalar;
|
||||
|
||||
/// [H4] for a FROST ciphersuite.
|
||||
///
|
||||
/// Usually an an alias for the ciphersuite hash function _H_ with domain separation applied.
|
||||
///
|
||||
/// [H4]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#name-cryptographic-hash-function
|
||||
/// [H4]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#name-cryptographic-hash-function
|
||||
fn H4(m: &[u8]) -> Self::HashOutput;
|
||||
|
||||
/// [H5] for a FROST ciphersuite.
|
||||
|
|
@ -237,7 +237,7 @@ pub trait Ciphersuite: Copy + Clone + PartialEq {
|
|||
|
||||
/// A type refinement for the scalar field element representing the per-message _[challenge]_.
|
||||
///
|
||||
/// [challenge]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#name-signature-challenge-computa
|
||||
/// [challenge]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#name-signature-challenge-computa
|
||||
#[derive(Clone)]
|
||||
pub struct Challenge<C: Ciphersuite>(
|
||||
pub(crate) <<<C as Ciphersuite>::Group as Group>::Field as Field>::Scalar,
|
||||
|
|
@ -263,8 +263,8 @@ where
|
|||
///
|
||||
/// This is the only invocation of the H2 hash function from the [RFC].
|
||||
///
|
||||
/// [FROST]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#name-signature-challenge-computa
|
||||
/// [RFC]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#section-3.2
|
||||
/// [FROST]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#name-signature-challenge-computa
|
||||
/// [RFC]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#section-3.2
|
||||
fn challenge<C>(
|
||||
R: &<C::Group as Group>::Element,
|
||||
verifying_key: &<C::Group as Group>::Element,
|
||||
|
|
|
|||
|
|
@ -146,8 +146,8 @@ impl Group for P256Group {
|
|||
|
||||
/// Context string from the ciphersuite in the [spec]
|
||||
///
|
||||
/// [spec]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#section-6.4-1
|
||||
const CONTEXT_STRING: &str = "FROST-P256-SHA256-v10";
|
||||
/// [spec]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#section-6.4-1
|
||||
const CONTEXT_STRING: &str = "FROST-P256-SHA256-v11";
|
||||
|
||||
#[derive(Clone, Copy, PartialEq, Eq)]
|
||||
/// An implementation of the FROST(P-256, SHA-256) ciphersuite.
|
||||
|
|
@ -162,7 +162,7 @@ impl Ciphersuite for P256Sha256 {
|
|||
|
||||
/// H1 for FROST(P-256, SHA-256)
|
||||
///
|
||||
/// [spec]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#section-6.4-2.2.2.1
|
||||
/// [spec]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#section-6.4-2.2.2.1
|
||||
fn H1(m: &[u8]) -> <<Self::Group as Group>::Field as Field>::Scalar {
|
||||
let mut u = [P256ScalarField::zero()];
|
||||
let dst = CONTEXT_STRING.to_owned() + "rho";
|
||||
|
|
@ -173,7 +173,7 @@ impl Ciphersuite for P256Sha256 {
|
|||
|
||||
/// H2 for FROST(P-256, SHA-256)
|
||||
///
|
||||
/// [spec]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#section-6.4-2.2.2.2
|
||||
/// [spec]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#section-6.4-2.2.2.2
|
||||
fn H2(m: &[u8]) -> <<Self::Group as Group>::Field as Field>::Scalar {
|
||||
let mut u = [P256ScalarField::zero()];
|
||||
let dst = CONTEXT_STRING.to_owned() + "chal";
|
||||
|
|
@ -184,7 +184,7 @@ impl Ciphersuite for P256Sha256 {
|
|||
|
||||
/// H3 for FROST(P-256, SHA-256)
|
||||
///
|
||||
/// [spec]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#section-6.4-2.2.2.3
|
||||
/// [spec]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#section-6.4-2.2.2.3
|
||||
fn H3(m: &[u8]) -> <<Self::Group as Group>::Field as Field>::Scalar {
|
||||
let mut u = [P256ScalarField::zero()];
|
||||
let dst = CONTEXT_STRING.to_owned() + "nonce";
|
||||
|
|
@ -195,7 +195,7 @@ impl Ciphersuite for P256Sha256 {
|
|||
|
||||
/// H4 for FROST(P-256, SHA-256)
|
||||
///
|
||||
/// [spec]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#section-6.4-2.2.2.4
|
||||
/// [spec]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#section-6.4-2.2.2.4
|
||||
fn H4(m: &[u8]) -> Self::HashOutput {
|
||||
let h = Sha256::new()
|
||||
.chain(CONTEXT_STRING.as_bytes())
|
||||
|
|
@ -209,7 +209,7 @@ impl Ciphersuite for P256Sha256 {
|
|||
|
||||
/// H5 for FROST(P-256, SHA-256)
|
||||
///
|
||||
/// [spec]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#section-6.4-2.2.2.5
|
||||
/// [spec]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#section-6.4-2.2.2.5
|
||||
fn H5(m: &[u8]) -> Self::HashOutput {
|
||||
let h = Sha256::new()
|
||||
.chain(CONTEXT_STRING.as_bytes())
|
||||
|
|
|
|||
|
|
@ -30,24 +30,24 @@
|
|||
"participant_list": "1,3",
|
||||
"participants": {
|
||||
"1": {
|
||||
"hiding_nonce_randomness": "3029ae05a266703f618e60c26653f6b8f35a759ec2adecf8b7d9e1719375494e",
|
||||
"binding_nonce_randomness": "86755fd9be109ff0549833931080ac344b0d775a029fca0329f8ce732060f81e",
|
||||
"hiding_nonce": "9aa66350b0f72b27ce4668323b4280cd49709177ed8373977c22a75546c9995d",
|
||||
"binding_nonce": "bd8b05d7fd0ff5a5ed65b1f105478f7718a981741fa8fa9b55ac6d3c8fc59a05",
|
||||
"hiding_nonce_commitment": "03071549b356988df0f7187585e2d82d6f916700cfdd49634d0c27965139fd53ec",
|
||||
"binding_nonce_commitment": "02151f45451b719bf68f6c609967ebea3c78c9ece4c04a564a0c50d22f0f534112",
|
||||
"binding_factor_input": "47d0b1c45754dd58dc369bc4c1a9b24ffbb67ceb6d6e25c302e9875202f7d2b4755d9beaba0a02b01315bd42fa11590d5a4d531d1f7f81c5fc70a82ecada72e90000000000000000000000000000000000000000000000000000000000000001",
|
||||
"binding_factor": "0e9709d66649a0a245f28666bd01c863a6a647f213fd49eeaacfeca15402ddf4"
|
||||
"hiding_nonce_randomness": "f4e8cf80aec3f888d997900ac7e3e349944b5a6b47649fc32186d2f1238103c6",
|
||||
"binding_nonce_randomness": "a7f220770b6f10ff54ec6afa55f99bd08cc92fa1a488c86e9bf493e9cb894cdf",
|
||||
"hiding_nonce": "f871dfcf6bcd199342651adc361b92c941cb6a0d8c8c1a3b91d79e2c1bf3722d",
|
||||
"binding_nonce": "bd3ece3634a1b303dea0586ed67a91fe68510f11ebe66e8868309b1551ef2388",
|
||||
"hiding_nonce_commitment": "03987febbc67a8ed735affdff4d3a5adf22c05c80f97f311ab7437a3027372deb3",
|
||||
"binding_nonce_commitment": "02a1960477d139035b986d6adcb06491378beb92ccd097ad94e76291c52343849d",
|
||||
"binding_factor_input": "350c8b523feea9bb35720e9fbe0405ed48d78caa4fb60869f34367e144c68bb0fc77bf512409ad8b91e2ace4909229891a446c45683f5eb2f843dbec224527dc0000000000000000000000000000000000000000000000000000000000000001",
|
||||
"binding_factor": "cb415dd1d866493ee7d2db7cb33929d7e430e84d80c58070e2bbb1fdbf76a9c8"
|
||||
},
|
||||
"3": {
|
||||
"hiding_nonce_randomness": "2741900f778d51f4431644a62a69f1623d7569ecf2d628d60cb28e27db949161",
|
||||
"binding_nonce_randomness": "a62404370cb2a2e0aebef27ec72c1433a627dfcc5f0cdf5ba4799fc326a66a3f",
|
||||
"hiding_nonce": "4c1aec8e84c496b80af98415fada2e6a4b1f902d4bc6c9682699b8aeffd97419",
|
||||
"binding_nonce": "eeaf5ef7af01e55050fb8acafc9c9306ef1cc13214677ba33e7bc51e8677e892",
|
||||
"hiding_nonce_commitment": "0351cd636672cac59d384498dd9db2b72ea8e701a702867c17e3ecf675d9a9fc91",
|
||||
"binding_nonce_commitment": "032bddd1ab4bfda79c707742f0e314ff2be9594058ba590613ba9840886bab1a59",
|
||||
"binding_factor_input": "47d0b1c45754dd58dc369bc4c1a9b24ffbb67ceb6d6e25c302e9875202f7d2b4755d9beaba0a02b01315bd42fa11590d5a4d531d1f7f81c5fc70a82ecada72e90000000000000000000000000000000000000000000000000000000000000003",
|
||||
"binding_factor": "0b5c759331915b25c5eb5307617e01aa99bc5c89a403d9c6b59949045a4c0a77"
|
||||
"hiding_nonce_randomness": "1b6149d252a0a0a6618b8d22a1c49897f9b0d23a48f19598e191e05dc7b7ae33",
|
||||
"binding_nonce_randomness": "e13994bb75aafe337c32afdbfd08ae60dd108fc768845edaa871992044cabf1b",
|
||||
"hiding_nonce": "802e9321f9f63688c6c1a9681a4a4661f71770e0cef92b8a5997155d18fb82ef",
|
||||
"binding_nonce": "8b6b692ae634a24536f45dda95b2398af71cd605fb7a0bbdd9408d211ab99eba",
|
||||
"hiding_nonce_commitment": "0212cac45ebd4100c97506939391f9be4ffc3ca2960e2ef95aeaa38abdede204ca",
|
||||
"binding_nonce_commitment": "03017ce754d310eabda0f5681e61ce3d713cdd337070faa6a68471af49694a4e7e",
|
||||
"binding_factor_input": "350c8b523feea9bb35720e9fbe0405ed48d78caa4fb60869f34367e144c68bb0fc77bf512409ad8b91e2ace4909229891a446c45683f5eb2f843dbec224527dc0000000000000000000000000000000000000000000000000000000000000003",
|
||||
"binding_factor": "dfd82467569334e952edecb10d92adf85b8e299db0b40be3131a12efdfa3e796"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
@ -55,14 +55,14 @@
|
|||
"participant_list": "1,3",
|
||||
"participants": {
|
||||
"1": {
|
||||
"sig_share": "ec5b8ab47d55903698492a07bb322ab6e7d3cf32581dcedf43c4fa18b46f3e10"
|
||||
"sig_share": "c5acd980310aaf87cb7a9a90428698ef3e6b1e5860f7fb06329bc0efe3f14ca5"
|
||||
},
|
||||
"3": {
|
||||
"sig_share": "c97da3580560e88725a8e393d46fee18ecd2e00148e5e303d4a510fae9c11da5"
|
||||
"sig_share": "1e064fbd35467377eb3fe161ff975e9ec3ed8e2e0d4c73f3a6b0a023777e1264"
|
||||
}
|
||||
}
|
||||
},
|
||||
"final_output": {
|
||||
"sig": "036b3eba585ff5d40df29893fb6f60572803aef97800cfaaaa5cf0f0f19d8237f7b5d92e0d82b678bcbdf20d9b8fa218d017bfb485f9ec135e24b04050a1cd3664"
|
||||
"sig": "029e07d4171dbf9a730ed95e9d95bda06fa4db76c88c519f7f3ca5483019f46cb0e3b3293d665122ffb6ba7bf2421df78e0258ac866e446ef9d94c61135b6f5f09"
|
||||
}
|
||||
}
|
||||
|
|
@ -115,8 +115,8 @@ impl Group for RistrettoGroup {
|
|||
|
||||
/// Context string 'FROST-RISTRETTO255-SHA512-v5' from the ciphersuite in the [spec]
|
||||
///
|
||||
/// [spec]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#section-6.2-1
|
||||
const CONTEXT_STRING: &str = "FROST-RISTRETTO255-SHA512-v10";
|
||||
/// [spec]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#section-6.2-1
|
||||
const CONTEXT_STRING: &str = "FROST-RISTRETTO255-SHA512-v11";
|
||||
|
||||
#[derive(Clone, Copy, PartialEq, Eq)]
|
||||
/// An implementation of the FROST(ristretto255, SHA-512) ciphersuite.
|
||||
|
|
@ -131,7 +131,7 @@ impl Ciphersuite for Ristretto255Sha512 {
|
|||
|
||||
/// H1 for FROST(ristretto255, SHA-512)
|
||||
///
|
||||
/// [spec]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#section-6.2-2.2.2.1
|
||||
/// [spec]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#section-6.2-2.2.2.1
|
||||
fn H1(m: &[u8]) -> <<Self::Group as Group>::Field as Field>::Scalar {
|
||||
let h = Sha512::new()
|
||||
.chain(CONTEXT_STRING.as_bytes())
|
||||
|
|
@ -145,7 +145,7 @@ impl Ciphersuite for Ristretto255Sha512 {
|
|||
|
||||
/// H2 for FROST(ristretto255, SHA-512)
|
||||
///
|
||||
/// [spec]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#section-6.2-2.2.2.2
|
||||
/// [spec]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#section-6.2-2.2.2.2
|
||||
fn H2(m: &[u8]) -> <<Self::Group as Group>::Field as Field>::Scalar {
|
||||
let h = Sha512::new()
|
||||
.chain(CONTEXT_STRING.as_bytes())
|
||||
|
|
@ -159,7 +159,7 @@ impl Ciphersuite for Ristretto255Sha512 {
|
|||
|
||||
/// H3 for FROST(ristretto255, SHA-512)
|
||||
///
|
||||
/// [spec]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#section-6.2-2.2.2.3
|
||||
/// [spec]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#section-6.2-2.2.2.3
|
||||
fn H3(m: &[u8]) -> <<Self::Group as Group>::Field as Field>::Scalar {
|
||||
let h = Sha512::new()
|
||||
.chain(CONTEXT_STRING.as_bytes())
|
||||
|
|
@ -173,7 +173,7 @@ impl Ciphersuite for Ristretto255Sha512 {
|
|||
|
||||
/// H4 for FROST(ristretto255, SHA-512)
|
||||
///
|
||||
/// [spec]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#section-6.2-2.2.2.4
|
||||
/// [spec]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#section-6.2-2.2.2.4
|
||||
fn H4(m: &[u8]) -> Self::HashOutput {
|
||||
let h = Sha512::new()
|
||||
.chain(CONTEXT_STRING.as_bytes())
|
||||
|
|
@ -187,7 +187,7 @@ impl Ciphersuite for Ristretto255Sha512 {
|
|||
|
||||
/// H5 for FROST(ristretto255, SHA-512)
|
||||
///
|
||||
/// [spec]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-10.html#section-6.2-2.2.2.5
|
||||
/// [spec]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#section-6.2-2.2.2.5
|
||||
fn H5(m: &[u8]) -> Self::HashOutput {
|
||||
let h = Sha512::new()
|
||||
.chain(CONTEXT_STRING.as_bytes())
|
||||
|
|
|
|||
|
|
@ -30,24 +30,24 @@
|
|||
"participant_list": "1,3",
|
||||
"participants": {
|
||||
"1": {
|
||||
"hiding_nonce_randomness": "0a016efd0abf8e556fd67288950bb7fc0843be63e306c7264bc9d24d1d65e0ee",
|
||||
"binding_nonce_randomness": "35b6bab19e3e931e36c612ccc6b3c9d3a3479d2704aac3324b79c7bb6665acfb",
|
||||
"hiding_nonce": "de3e8f526dcb51a1b9b48cc284aeca27c385aa3ba1a92a0c8440d51e1a1d2f00",
|
||||
"binding_nonce": "fa8dca5ec7a05d5a7b782be847ba3dde1509de1dbcf0569fc980cff795db5404",
|
||||
"hiding_nonce_commitment": "3677297a5df660bf63bb8fcae79b7f98cf4f2e99f61bc762de9795cacd1cba62",
|
||||
"binding_nonce_commitment": "142aece8aa8b16766664d8aaa5a5e709404bb8443309ef1ea9ad9254794a1f09",
|
||||
"binding_factor_input": "c70ac0b3effa113b8f4d8a6b1393ef7f0910862d143fde83e410db94f3818295ff49ed5aed0e57b2712f2ce0f9166f1ffdce282786c7ee8c2db2df295c61dc5fd0f93a769d09d44352c4e709c2e239fc34a1b89db44cb2410602285ffd70f3fa0a62dd70cfdb369ac0a7efc587f6f671a88412b2570280da24bd36f8ffda6d280100000000000000000000000000000000000000000000000000000000000000",
|
||||
"binding_factor": "dbaa0ae3c5663816cdc646281be46b0b09eca6a1ecf7781f29475be27d30fd08"
|
||||
"hiding_nonce_randomness": "81800157bb554f299fe0b6bd658e4c4591d74168b5177bf55e8dceed59dc80c7",
|
||||
"binding_nonce_randomness": "e9b37de02fde28f601f09051ed9a277b02ac81c803a5c72492d58635001fe355",
|
||||
"hiding_nonce": "40f58e8df202b21c94f826e76e4647efdb0ea3ca7ae7e3689bc0cbe2e2f6660c",
|
||||
"binding_nonce": "373dd42b5fe80e88edddf82e03744b6a12d59256f546de612d4bbd91a6b1df06",
|
||||
"hiding_nonce_commitment": "b8c7319a56b296537436e5a6f509a871a3c74eff1534ec1e2f539ccd8b322411",
|
||||
"binding_nonce_commitment": "7af5d4bece8763ce3630370adbd978699402f624fd3a7d2c71ea5839efc3cf54",
|
||||
"binding_factor_input": "9c245d5fc2e451c5c5a617cc6f2a20629fb317d9b1c1915ab4bfa319d4ebf922c54dd1a5b3b754550c72734ac9255db8107a2b01f361754d9f13f428c2f6de9e4f609ae0dbe8bd1f95bee9f9ea219154d567ef174390bac737bb67ee1787c8a34279728d4aa99a6de2d5ce6deb86afe6bc68178f01223bb5eb934c8a23b6354e0100000000000000000000000000000000000000000000000000000000000000",
|
||||
"binding_factor": "607df5e2e3a8b5e2704716693e18f548100a32b86a5685d3932a774c3f107e06"
|
||||
},
|
||||
"3": {
|
||||
"hiding_nonce_randomness": "ac4e65529397de3a868a902e9040e38b26547c18b7267fa1d1bbfe4ed14d6b5f",
|
||||
"binding_nonce_randomness": "74213c820b7266c4990a0758f4c520685375cb98822499406654bdb1a426582e",
|
||||
"hiding_nonce": "e07061a9ab6735de9a75b0c64f086c5b999894611d0cdc03f85c4e87c8aae602",
|
||||
"binding_nonce": "38b17578e8e6ad4077071ce6b0bf9cb85ac35fee7868dcb6d9bfa97f0e153e0e",
|
||||
"hiding_nonce_commitment": "f8d758ad9373754c1d2bca9c38478e4eb857aa032836ade6eb0726f5e1d08037",
|
||||
"binding_nonce_commitment": "529823e80220849c195072a26acca88f65639d4181927bb7fcd96e43d9a34649",
|
||||
"binding_factor_input": "c70ac0b3effa113b8f4d8a6b1393ef7f0910862d143fde83e410db94f3818295ff49ed5aed0e57b2712f2ce0f9166f1ffdce282786c7ee8c2db2df295c61dc5fd0f93a769d09d44352c4e709c2e239fc34a1b89db44cb2410602285ffd70f3fa0a62dd70cfdb369ac0a7efc587f6f671a88412b2570280da24bd36f8ffda6d280300000000000000000000000000000000000000000000000000000000000000",
|
||||
"binding_factor": "aa076fec41410f6c0667e47443fcd1ed828854d84b19d1d08624d084720c7d05"
|
||||
"hiding_nonce_randomness": "daeb223c4a913943cff2fb0b0e638dfcc281e1e8936ee6c3fef4d49ad9cbfaa0",
|
||||
"binding_nonce_randomness": "c425768d952ab8f18b9720c54b93e612ba2cca170bb7518cac080896efa7429b",
|
||||
"hiding_nonce": "491477c9dbe8717c77c6c1e2c5f4cec636c7c154313a44c91fea63e309f3e100",
|
||||
"binding_nonce": "3ae1bba7d6f2076f81596912dd916efae5b3c2ef896956321194fdd2e52ebc0f",
|
||||
"hiding_nonce_commitment": "e4466b7670ac4f9d9b7b67655860dd1ab341be18a654bb1966df53c76c85d511",
|
||||
"binding_nonce_commitment": "ce47cd595d25d7effc3c095efa2a687a1728a5ecab402b39e0c0ad9a525ea54f",
|
||||
"binding_factor_input": "9c245d5fc2e451c5c5a617cc6f2a20629fb317d9b1c1915ab4bfa319d4ebf922c54dd1a5b3b754550c72734ac9255db8107a2b01f361754d9f13f428c2f6de9e4f609ae0dbe8bd1f95bee9f9ea219154d567ef174390bac737bb67ee1787c8a34279728d4aa99a6de2d5ce6deb86afe6bc68178f01223bb5eb934c8a23b6354e0300000000000000000000000000000000000000000000000000000000000000",
|
||||
"binding_factor": "2bd27271c28746eb93e2114d6778c12b44c9287d84b85dc780eb08da6f689900"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
@ -55,14 +55,14 @@
|
|||
"participant_list": "1,3",
|
||||
"participants": {
|
||||
"1": {
|
||||
"sig_share": "a5f046916a6a111672111e47f9825586e1188da8a0f3b7c61f2b6b432c636e07"
|
||||
"sig_share": "c38f438c325ce6bfa4272b37e7707caaeb57fa8c7ddcc05e0725acb8a7d9cd0c"
|
||||
},
|
||||
"3": {
|
||||
"sig_share": "4c175c7e43bd197980c2021774036eb288f54179f079fbf21b7d2f9f52846401"
|
||||
"sig_share": "4cb9917be3bd53f1d60f1c3d1a3ff563565fa15a391133e7f980e55d3aeb7904"
|
||||
}
|
||||
}
|
||||
},
|
||||
"final_output": {
|
||||
"sig": "94b11def3f919503c3544452ad2a59f198f64cc323bd758bb1c65b42032a7473f107a30fae272b8ff2d3205e6d86c3386a0ecf21916db3b93ba89ae27ee7d208"
|
||||
"sig": "204d5d93aa486192ecf2f64ce7dbc1db76948fb1077d1a719ae1ecca6143501e2275dfaafbb62759a59a4fd122b692f941b79be7b6edf34501a69116e2c44701"
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue