* modify frost-core traits to enable taproot compatibility
This commit contains changes to the frost-core crate which
allow ciphersuites to better customize how signatures are computed.
This will enable taproot support without requiring major changes
to existing frost ciphersuites.
Co-authored by @zebra-lucky and @mimoo
This work sponsored by dlcbtc.com and lightspark.com
* add frost-secp256k1-tr crate and ciphersuite
Co-authored by @zebra-lucky and @mimoo
This work sponsored by dlcbtc.com and lightspark.com
* test coverage for taproot crate
Co-authored by @zebra-lucky and @mimoo
This work sponsored by dlcbtc.com and lightspark.com
* clippy fixes
* tweak DKG output to avoid rogue taproot tweaks
* add interoperability tests
* cleanup taproot implementation to minimize impact in frost_core
* Update PoK test vector to use nonce which generates an even-parity point
Uses r = e99ae2676eab512a3572c7b7655d633642a717250af57a7e0ccd5f9618b69f3f
* BIP341 key package tweaks shouldn't cause key negation
* prune the Context type, instead negate signature.R before verifying
With a couple of small adjustments to the code, we can remove the
need for this extra associated type on the Ciphersuite crate. Accepting
signature with odd-parity nonce values is OK, because BIP340 discard
the nonce parity bit anyway.
* proper TapTweak point-addition operates on even internal key representation
Thanks to @conradoplg for spotting this. The internal key is supposed
to be represented as an even-parity point when adding the TapTweak
point t*G. I added a regression test to ensure the tweaked verifying
key and its parity match the BIP341 spec.
* clippy test fixes
* fix no-std issues and warnings
---------
Co-authored-by: Conrado Gouvea <conradoplg@gmail.com>
conduition