modular-frost 0.2.2

Modular implementation of FROST over ff/group
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121

use std::{marker::PhantomData, collections::HashMap};

use rand_core::{RngCore, CryptoRng};

use zeroize::Zeroize;

use group::Group;

use crate::{
  Curve, // FrostKeys,
  promote::{GeneratorPromotion /* CurvePromote */},
  tests::{clone_without, key_gen, schnorr::sign_core},
};

/*
#[derive(Clone, Copy, PartialEq, Eq, Debug, Zeroize)]
struct AltFunctions<C: Curve> {
  _curve: PhantomData<C>,
}

impl<C: Curve> Curve for AltFunctions<C> {
  type F = C::F;
  type G = C::G;

  const ID: &'static [u8] = b"alt_functions";

  fn generator() -> Self::G {
    C::generator()
  }

  fn hash_msg(msg: &[u8]) -> Vec<u8> {
    C::hash_msg(&[msg, b"alt"].concat())
  }

  fn hash_binding_factor(binding: &[u8]) -> Self::F {
    C::hash_to_F(b"rho_alt", binding)
  }

  fn hash_to_F(dst: &[u8], msg: &[u8]) -> Self::F {
    C::hash_to_F(&[dst, b"alt"].concat(), msg)
  }
}

// Test promotion of FROST keys to another set of functions for interoperability
fn test_ciphersuite_promotion<R: RngCore + CryptoRng, C: Curve>(rng: &mut R) {
  let keys = key_gen::<_, C>(&mut *rng);
  for keys in keys.values() {
    let promoted: FrostKeys<AltFunctions<C>> = keys.clone().promote();
    // Verify equivalence via their serializations, minus the ID's length and ID itself
    assert_eq!(
      keys.serialize()[(4 + C::ID.len()) ..],
      promoted.serialize()[(4 + AltFunctions::<C>::ID.len()) ..]
    );
  }
}
*/

#[derive(Clone, Copy, PartialEq, Eq, Debug, Zeroize)]
struct AltGenerator<C: Curve> {
  _curve: PhantomData<C>,
}

impl<C: Curve> Curve for AltGenerator<C> {
  type F = C::F;
  type G = C::G;

  const ID: &'static [u8] = b"alt_generator";

  fn generator() -> Self::G {
    C::G::generator() * C::hash_to_F(b"FROST_tests", b"generator")
  }

  fn hash_to_vec(dst: &[u8], data: &[u8]) -> Vec<u8> {
    C::hash_to_vec(&[b"FROST_tests_alt", dst].concat(), data)
  }

  fn hash_to_F(dst: &[u8], data: &[u8]) -> Self::F {
    C::hash_to_F(&[b"FROST_tests_alt", dst].concat(), data)
  }
}

// Test promotion of FROST keys to another generator
fn test_generator_promotion<R: RngCore + CryptoRng, C: Curve>(rng: &mut R) {
  // A seeded RNG can theoretically generate for C1 and C2, verifying promotion that way?
  // TODO
  let keys = key_gen::<_, C>(&mut *rng);

  let mut promotions = HashMap::new();
  let mut proofs = HashMap::new();
  for (i, keys) in &keys {
    let promotion = GeneratorPromotion::<_, AltGenerator<C>>::promote(&mut *rng, keys.clone());
    promotions.insert(*i, promotion.0);
    proofs.insert(*i, promotion.1);
  }

  let mut new_keys = HashMap::new();
  let mut group_key = None;
  let mut verification_shares = None;
  for (i, promoting) in promotions.drain() {
    let promoted = promoting.complete(&clone_without(&proofs, &i)).unwrap();
    assert_eq!(keys[&i].params(), promoted.params());
    assert_eq!(keys[&i].secret_share(), promoted.secret_share());

    if group_key.is_none() {
      group_key = Some(keys[&i].group_key());
      verification_shares = Some(keys[&i].verification_shares());
    }
    assert_eq!(keys[&i].group_key(), group_key.unwrap());
    assert_eq!(&keys[&i].verification_shares(), verification_shares.as_ref().unwrap());

    new_keys.insert(i, promoted);
  }

  // Sign with the keys to ensure their integrity
  sign_core(rng, &new_keys);
}

pub fn test_promotion<R: RngCore + CryptoRng, C: Curve>(rng: &mut R) {
  // test_ciphersuite_promotion::<_, C>(rng);
  test_generator_promotion::<_, C>(rng);
}