frost_core/
error.rs

1//! FROST Error types
2
3use crate::{Ciphersuite, Identifier};
4use thiserror::Error;
5
6/// An error related to FROST.
7#[non_exhaustive]
8#[derive(Error, Debug, Copy, Clone, Eq, PartialEq)]
9pub enum Error<C: Ciphersuite> {
10    /// min_signers is invalid
11    #[error("min_signers must be at least 2 and not larger than max_signers")]
12    InvalidMinSigners,
13    /// max_signers is invalid
14    #[error("max_signers must be at least 2")]
15    InvalidMaxSigners,
16    /// max_signers is invalid
17    #[error("coefficients must have min_signers-1 elements")]
18    InvalidCoefficients,
19    /// This identifier is unserializable.
20    #[error("Malformed identifier is unserializable.")]
21    MalformedIdentifier,
22    /// This identifier is duplicated.
23    #[error("Duplicated identifier.")]
24    DuplicatedIdentifier,
25    /// This identifier does not belong to a participant in the signing process.
26    #[error("Unknown identifier.")]
27    UnknownIdentifier,
28    /// Incorrect number of identifiers.
29    #[error("Incorrect number of identifiers.")]
30    IncorrectNumberOfIdentifiers,
31    /// The encoding of a signing key was malformed.
32    #[error("Malformed signing key encoding.")]
33    MalformedSigningKey,
34    /// The encoding of a verifying key was malformed.
35    #[error("Malformed verifying key encoding.")]
36    MalformedVerifyingKey,
37    /// The encoding of a signature was malformed.
38    #[error("Malformed signature encoding.")]
39    MalformedSignature,
40    /// Signature verification failed.
41    #[error("Invalid signature.")]
42    InvalidSignature,
43    /// Duplicated shares provided
44    #[error("Duplicated shares provided.")]
45    DuplicatedShares,
46    /// Incorrect number of shares.
47    #[error("Incorrect number of shares.")]
48    IncorrectNumberOfShares,
49    /// Commitment equals the identity
50    #[error("Commitment equals the identity.")]
51    IdentityCommitment,
52    /// The participant's commitment is missing from the Signing Package
53    #[error("The Signing Package must contain the participant's Commitment.")]
54    MissingCommitment,
55    /// The participant's commitment is incorrect
56    #[error("The participant's commitment is incorrect.")]
57    IncorrectCommitment,
58    /// Incorrect number of commitments.
59    #[error("Incorrect number of commitments.")]
60    IncorrectNumberOfCommitments,
61    /// Signature share verification failed.
62    #[error("Invalid signature share.")]
63    InvalidSignatureShare {
64        /// The identifier of the signer whose share validation failed.
65        culprit: Identifier<C>,
66    },
67    /// Secret share verification failed.
68    #[error("Invalid secret share.")]
69    InvalidSecretShare {
70        /// The identifier of the signer whose secret share validation failed,
71        /// if possible to identify.
72        culprit: Option<Identifier<C>>,
73    },
74    /// Round 1 package not found for Round 2 participant.
75    #[error("Round 1 package not found for Round 2 participant.")]
76    PackageNotFound,
77    /// Incorrect number of packages.
78    #[error("Incorrect number of packages.")]
79    IncorrectNumberOfPackages,
80    /// The incorrect package was specified.
81    #[error("The incorrect package was specified.")]
82    IncorrectPackage,
83    /// The ciphersuite does not support DKG.
84    #[error("The ciphersuite does not support DKG.")]
85    DKGNotSupported,
86    /// The proof of knowledge is not valid.
87    #[error("The proof of knowledge is not valid.")]
88    InvalidProofOfKnowledge {
89        /// The identifier of the signer whose share validation failed.
90        culprit: Identifier<C>,
91    },
92    /// Error in scalar Field.
93    #[error("Error in scalar Field.")]
94    FieldError(#[from] FieldError),
95    /// Error in elliptic curve Group.
96    #[error("Error in elliptic curve Group.")]
97    GroupError(#[from] GroupError),
98    /// Error in coefficient commitment deserialization.
99    #[error("Invalid coefficient")]
100    InvalidCoefficient,
101    /// The ciphersuite does not support deriving identifiers from strings.
102    #[error("The ciphersuite does not support deriving identifiers from strings.")]
103    IdentifierDerivationNotSupported,
104    /// Error serializing value.
105    #[error("Error serializing value.")]
106    SerializationError,
107    /// Error deserializing value.
108    #[error("Error deserializing value.")]
109    DeserializationError,
110}
111
112impl<C> Error<C>
113where
114    C: Ciphersuite,
115{
116    /// Return the identifier of the participant that caused the error.
117    /// Returns None if not applicable for the error.
118    ///
119    /// This can be used to penalize a participant that does not follow the
120    /// protocol correctly, e.g. removing them from further signings.
121    pub fn culprit(&self) -> Option<Identifier<C>> {
122        // Use an exhaustive match to make sure that if we add new enum items
123        // then we will explicitly check if they should be added here.
124        match self {
125            Error::InvalidSignatureShare {
126                culprit: identifier,
127            }
128            | Error::InvalidProofOfKnowledge {
129                culprit: identifier,
130            } => Some(*identifier),
131            Error::InvalidSecretShare {
132                culprit: identifier,
133            } => *identifier,
134            Error::InvalidMinSigners
135            | Error::InvalidMaxSigners
136            | Error::InvalidCoefficients
137            | Error::MalformedIdentifier
138            | Error::MalformedSigningKey
139            | Error::MalformedVerifyingKey
140            | Error::MalformedSignature
141            | Error::InvalidSignature
142            | Error::DuplicatedShares
143            | Error::IncorrectNumberOfShares
144            | Error::IdentityCommitment
145            | Error::MissingCommitment
146            | Error::IncorrectCommitment
147            | Error::PackageNotFound
148            | Error::IncorrectNumberOfPackages
149            | Error::IncorrectPackage
150            | Error::DKGNotSupported
151            | Error::FieldError(_)
152            | Error::GroupError(_)
153            | Error::DuplicatedIdentifier
154            | Error::InvalidCoefficient
155            | Error::UnknownIdentifier
156            | Error::IncorrectNumberOfIdentifiers
157            | Error::IncorrectNumberOfCommitments
158            | Error::SerializationError
159            | Error::DeserializationError
160            | Error::IdentifierDerivationNotSupported => None,
161        }
162    }
163}
164
165/// An error related to a scalar Field.
166#[non_exhaustive]
167#[derive(Error, Debug, Copy, Clone, Eq, PartialEq)]
168pub enum FieldError {
169    /// The encoding of a group scalar was malformed.
170    #[error("Malformed scalar encoding.")]
171    MalformedScalar,
172    /// This scalar MUST NOT be zero.
173    #[error("Invalid for this scalar to be zero.")]
174    InvalidZeroScalar,
175}
176
177/// An error related to a Group (usually an elliptic curve or constructed from one) or one of its Elements.
178#[non_exhaustive]
179#[derive(Error, Debug, Copy, Clone, Eq, PartialEq)]
180pub enum GroupError {
181    /// The encoding of a group element was malformed.
182    #[error("Malformed group element encoding.")]
183    MalformedElement,
184    /// This element MUST NOT be the identity.
185    #[error("Invalid for this element to be the identity.")]
186    InvalidIdentityElement,
187    /// This element MUST have (large) prime order.
188    #[error("Invalid for this element to not have large prime order.")]
189    InvalidNonPrimeOrderElement,
190}
frost_core/error.rs

frost_core/
error.rs
