Expand description
An implementation of FROST (Flexible Round-Optimized Schnorr Threshold) signatures.
This implementation has been independently audited as of commit 76ba4ef / March 2021. If you are interested in deploying FROST, please do not hesitate to consult the FROST authors.
This implementation currently only supports key generation using a central dealer. In the future, we will add support for key generation via a DKG, as specified in the FROST paper. Internally, keygen_with_dealer generates keys using Verifiable Secret Sharing, where shares are generated using Shamir Secret Sharing.
Structs
The product of all signers’ individual commitments, published as part of the final signature.
A FROST keypair, which can be generated either by a trusted dealer or using a DKG.
A public group element that represents a single signer’s public key.
Public data that contains all the signer’s public keys as well as the group public key.
A secret scalar value representing a single signer’s secret key.
A share generated by performing a (t-out-of-n) secret sharing scheme where n is the total number of shares and t is the threshold required to reconstruct the secret; in this case we use Shamir’s secret sharing.
Contains the commitments to the coefficients for our secret polynomial f, used to generate participants’ key shares.
Secret and public key material generated by a dealer performing
keygen_with_dealer.
A representation of a single signature used in FROST structures and messages.
A participant’s signature share, which the coordinator will use to aggregate with all other signer’s shares into the joint signature.
Published by each participant in the first round of the signing protocol.
Comprised of hiding and binding nonces.
Generated by the coordinator of the signing operation and distributed to each signing party.
Functions
Verifies each participant’s signature share, and if all are valid, aggregates the shares into a signature to publish.
Allows all participants’ keys to be generated using a central, trusted dealer.
Done once by each participant, to generate their nonces and commitments that are then used during signing.
Performed once by each participant selected for the signing operation.