frost-ed448 3.0.0

A Schnorr signature scheme over Ed448 that supports FROST.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107

//! Repairable Threshold Scheme
//!
//! Implements the Repairable Threshold Scheme (RTS) from <https://eprint.iacr.org/2017/1155>.
//! The RTS is used to help a signer (participant) repair their lost share. This is achieved
//! using a subset of the other signers know here as `helpers`.

use alloc::collections::BTreeMap;

use crate::keys::{KeyPackage, PublicKeyPackage};
// This is imported separately to make `gencode` work.
// (if it were below, the position of the import would vary between ciphersuites
//  after `cargo fmt`)
use crate::{frost, Ciphersuite, CryptoRng, Identifier, RngCore};
use crate::{Ed448Shake256, Error};

/// A delta value which is the output of part 1 of RTS.
pub type Delta = frost::keys::repairable::Delta<Ed448Shake256>;

/// A sigma value which is the output of part 2 of RTS.
pub type Sigma = frost::keys::repairable::Sigma<Ed448Shake256>;

/// Part 1 of RTS.
///
/// Generates the "delta" values from the helper with `key_package_i` to send to
/// `helpers` (which includes the helper with `key_package_i`), to help
/// `participant` recover their share.
///
/// Returns a BTreeMap mapping which value should be sent to which participant.
pub fn repair_share_part1<C: Ciphersuite, R: RngCore + CryptoRng>(
    helpers: &[Identifier],
    key_package_i: &KeyPackage,
    rng: &mut R,
    participant: Identifier,
) -> Result<BTreeMap<Identifier, Delta>, Error> {
    frost::keys::repairable::repair_share_part1(helpers, key_package_i, rng, participant)
}

/// Part 2 of RTS.
///
/// Generates the "sigma" value from all `deltas` received from all helpers.
/// The "sigma" value must be sent to the participant repairing their share.
pub fn repair_share_part2(deltas: &[Delta]) -> Sigma {
    frost::keys::repairable::repair_share_part2::<Ed448Shake256>(deltas)
}

/// Part 3 of RTS.
///
/// The participant with the given `identifier` recovers their `KeyPackage`
/// with the "sigma" values received from all helpers and the `PublicKeyPackage`
/// of the group (which can be sent by any of the helpers).
///
/// Returns an error if the `min_signers` field is not set in the `PublicKeyPackage`.
/// This happens for `PublicKeyPackage`s created before the 3.0.0 release;
/// in that case, the user should set the `min_signers` field manually.
pub fn repair_share_part3(
    sigmas: &[Sigma],
    identifier: Identifier,
    public_key_package: &PublicKeyPackage,
) -> Result<KeyPackage, Error> {
    frost::keys::repairable::repair_share_part3(sigmas, identifier, public_key_package)
}

#[cfg(test)]
mod tests {

    use lazy_static::lazy_static;

    use serde_json::Value;

    use crate::Ed448Shake256;

    lazy_static! {
        pub static ref REPAIR_SHARE: Value =
            serde_json::from_str(include_str!("../../tests/helpers/repair-share.json").trim())
                .unwrap();
    }

    #[test]
    fn check_repair_share_part1() {
        let rng = rand::rngs::OsRng;

        frost_core::tests::repairable::check_repair_share_part1::<Ed448Shake256, _>(rng);
    }

    #[test]
    fn check_repair_share_part2() {
        frost_core::tests::repairable::check_repair_share_part2::<Ed448Shake256>(&REPAIR_SHARE);
    }

    #[test]
    fn check_repair_share_part3() {
        let rng = rand::rngs::OsRng;
        frost_core::tests::repairable::check_repair_share_part3::<Ed448Shake256, _>(
            rng,
            &REPAIR_SHARE,
        );
    }

    #[test]
    fn check_repair_share_part1_fails_with_invalid_min_signers() {
        let rng = rand::rngs::OsRng;
        frost_core::tests::repairable::check_repair_share_part1_fails_with_invalid_min_signers::<
            Ed448Shake256,
            _,
        >(rng);
    }
}