rustywallet_frost/lib.rs
1//! # rustywallet-frost
2//!
3//! FROST (Flexible Round-Optimized Schnorr Threshold) signatures for Bitcoin.
4//!
5//! This crate implements threshold Schnorr signatures using the FROST protocol,
6//! allowing t-of-n participants to collaboratively sign messages without
7//! reconstructing the private key.
8//!
9//! ## Features
10//!
11//! - **Distributed Key Generation (DKG)**: Pedersen's verifiable secret sharing
12//! - **Threshold Signing**: t-of-n signature creation
13//! - **BIP340 Compatible**: Produces standard Schnorr signatures
14//! - **Secure**: Nonce reuse prevention, zeroization of secrets
15//!
16//! ## Example: Distributed Key Generation
17//!
18//! ```rust
19//! use rustywallet_frost::prelude::*;
20//!
21//! // Create a 2-of-3 threshold setup
22//! let threshold = 2;
23//! let num_participants = 3;
24//!
25//! // Create DKG participants
26//! let mut p1 = DkgParticipant::new(Identifier::new(1).unwrap(), threshold, num_participants).unwrap();
27//! let mut p2 = DkgParticipant::new(Identifier::new(2).unwrap(), threshold, num_participants).unwrap();
28//! let mut p3 = DkgParticipant::new(Identifier::new(3).unwrap(), threshold, num_participants).unwrap();
29//!
30//! // Round 1: Generate commitments
31//! let r1_p1 = p1.round1().unwrap();
32//! let r1_p2 = p2.round1().unwrap();
33//! let r1_p3 = p3.round1().unwrap();
34//!
35//! // Distribute Round 1 packages
36//! for p in [&mut p1, &mut p2, &mut p3] {
37//! p.receive_round1(r1_p1.clone()).unwrap();
38//! p.receive_round1(r1_p2.clone()).unwrap();
39//! p.receive_round1(r1_p3.clone()).unwrap();
40//! }
41//!
42//! // Round 2: Generate shares
43//! let r2_p1 = p1.round2().unwrap();
44//! let r2_p2 = p2.round2().unwrap();
45//! let r2_p3 = p3.round2().unwrap();
46//!
47//! // Distribute Round 2 packages
48//! for pkg in r2_p1.iter().chain(r2_p2.iter()).chain(r2_p3.iter()) {
49//! match pkg.receiver.value() {
50//! 1 => p1.receive_round2(pkg.clone()).unwrap(),
51//! 2 => p2.receive_round2(pkg.clone()).unwrap(),
52//! 3 => p3.receive_round2(pkg.clone()).unwrap(),
53//! _ => unreachable!(),
54//! }
55//! }
56//!
57//! // Finalize DKG
58//! let (kp1, pkp) = p1.finalize().unwrap();
59//! let (kp2, _) = p2.finalize().unwrap();
60//! let (kp3, _) = p3.finalize().unwrap();
61//!
62//! // All participants have the same group public key
63//! assert_eq!(kp1.group_public_key(), kp2.group_public_key());
64//! assert_eq!(kp2.group_public_key(), kp3.group_public_key());
65//! ```
66//!
67//! ## Security Considerations
68//!
69//! - **Nonce Reuse**: Nonces are automatically marked as used after signing
70//! - **Secret Zeroization**: All secret values are zeroized on drop
71//! - **Share Verification**: DKG includes verifiable secret sharing
72//!
73//! ## Protocol Overview
74//!
75//! ### Distributed Key Generation (DKG)
76//!
77//! 1. Each participant generates a random polynomial
78//! 2. Round 1: Broadcast commitments to polynomial coefficients
79//! 3. Round 2: Send secret shares to each participant
80//! 4. Verify received shares against commitments
81//! 5. Compute signing share and group public key
82//!
83//! ### Signing
84//!
85//! 1. Each signer generates nonces and broadcasts commitments
86//! 2. Compute binding factors and group commitment
87//! 3. Each signer creates a partial signature
88//! 4. Aggregate partial signatures into final signature
89
90pub mod aggregation;
91pub mod dkg;
92pub mod error;
93pub mod identifier;
94pub mod keys;
95pub mod nonce;
96pub mod polynomial;
97pub mod prelude;
98pub mod share;
99pub mod signing;
100pub mod verification;
101
102#[cfg(test)]
103mod tests;