frost-core 3.0.0

Types and traits to support implementing Flexible Round-Optimized Schnorr Threshold signature schemes (FROST).
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63

//! Ciphersuite-generic batch test functions.
use crate::*;

/// Test batch verification with a Ciphersuite.
pub fn batch_verify<C: Ciphersuite, R: RngCore + CryptoRng>(mut rng: R) {
    let mut batch = batch::Verifier::<C>::new();
    for _ in 0..1 {
        let sk = SigningKey::new(&mut rng);
        let vk = VerifyingKey::<C>::from(&sk);
        let msg = b"BatchVerifyTest";
        let sig = sk.sign(&mut rng, &msg[..]);
        assert!(vk.verify(msg, &sig).is_ok());
        batch.queue(batch::Item::<C>::new(vk, sig, msg).unwrap());
    }
    assert!(batch.verify(rng).is_ok());
}

/// Test failure case of batch verification with a Ciphersuite.
pub fn bad_batch_verify<C: Ciphersuite, R: RngCore + CryptoRng>(mut rng: R) {
    let bad_index = 4; // must be even
    let mut batch = batch::Verifier::<C>::new();
    let mut items = Vec::new();
    for i in 0..32 {
        let item: batch::Item<C> = match i % 2 {
            0 => {
                let sk = SigningKey::new(&mut rng);
                let vk = VerifyingKey::<C>::from(&sk);
                let msg = b"BatchVerifyTest";
                let sig = if i != bad_index {
                    sk.sign(&mut rng, &msg[..])
                } else {
                    sk.sign(&mut rng, b"bad")
                };
                batch::Item::<C>::new(vk, sig, msg).unwrap()
            }
            1 => {
                let sk = SigningKey::new(&mut rng);
                let vk = VerifyingKey::<C>::from(&sk);
                let msg = b"BatchVerifyTest";
                let sig = sk.sign(&mut rng, &msg[..]);
                batch::Item::<C>::new(vk, sig, msg).unwrap()
            }
            _ => unreachable!(),
        };
        items.push(item.clone());
        batch.queue(item);
    }
    assert!(batch.verify(rng).is_err());
    for (i, item) in items.drain(..).enumerate() {
        if i != bad_index {
            assert!(item.verify_single().is_ok());
        } else {
            assert!(item.verify_single().is_err());
        }
    }
}

/// Test if the empty batch fails to validate.
/// Test case from NCC audit.
pub fn empty_batch_verify<C: Ciphersuite, R: RngCore + CryptoRng>(rng: R) {
    let batch = batch::Verifier::<C>::new();
    assert!(batch.verify(rng).is_err());
}