spark_rust::signer::traits::frost

Trait SparkSignerFrost

Source 
pub trait SparkSignerFrost {
    // Required methods
    fn new_frost_signing_noncepair(
        &self,
    ) -> Result<SigningCommitments, SparkSdkError>;
    fn sensitive_expose_nonces_from_commitments<T>(
        &self,
        signing_commitments: &T,
    ) -> Result<SigningNonces, SparkSdkError>
       where T: AsRef<[u8]>;
    fn sensitive_create_if_not_found_expose_nonces_from_commitments(
        &self,
        signing_commitments: Option<&[u8]>,
    ) -> Result<SigningNonces, SparkSdkError>;
}
Expand description

Trait for managing cryptographic nonces in FROST threshold signing.

This trait provides methods for generating, storing, and retrieving the nonce pairs required for FROST threshold signing. Nonce management is a security-critical component of the FROST protocol, as improper nonce generation or reuse can lead to private key compromise.

In the FROST protocol flow:

  1. Each participant generates a nonce pair (secret nonces and public commitments)
  2. Participants exchange commitments (not nonces) with each other
  3. When signing occurs, participants reveal their nonces in a controlled manner

The implementation must ensure that:

  • Nonces are generated using a cryptographically secure random number generator
  • Nonces are never reused across different signing operations
  • Nonces are properly stored with their corresponding commitments
  • Access to secret nonces is strictly controlled

Required Methods§

Source

fn new_frost_signing_noncepair( &self, ) -> Result<SigningCommitments, SparkSdkError>

Generates a new (commitments, nonces) pair for a FROST signing round.

This method creates a fresh nonce pair for use in FROST threshold signing and stores it securely within the signer’s state. The commitments (public part) are returned and can be safely shared with other signing participants.

§Returns
  • Ok(SigningCommitments) - The public commitments corresponding to the generated nonces
  • Err(SparkSdkError) - If nonce generation fails
§Security Considerations

The implementation must use a secure random number generator to ensure nonces are unpredictable. Predictable nonces can lead to private key compromise.

Source

fn sensitive_expose_nonces_from_commitments<T>( &self, signing_commitments: &T, ) -> Result<SigningNonces, SparkSdkError>
where T: AsRef<[u8]>,

Exposes the secret nonces corresponding to previously generated commitments.

§Security Warning

This is a highly sensitive operation from a security perspective because it reveals confidential material. Improper exposure of nonces can lead to private key compromise. Use it only when absolutely necessary during the FROST signing protocol, and handle the returned nonces with extreme caution.

§Arguments
  • signing_commitments - The commitments for which to retrieve the corresponding nonces
§Returns
  • Ok(SigningNonces) - The secret nonces corresponding to the provided commitments
  • Err(SparkSdkError) - If the nonces cannot be found or another error occurs
§Example
// This should only happen during the actual signing phase of FROST
let nonces = signer.sensitive_expose_nonces_from_commitments(&commitments)?;
// Use nonces immediately for signing and then ensure they're securely erased
Source

fn sensitive_create_if_not_found_expose_nonces_from_commitments( &self, signing_commitments: Option<&[u8]>, ) -> Result<SigningNonces, SparkSdkError>

Retrieves or generates nonces for the given commitments.

This method attempts to retrieve the nonces corresponding to the provided commitments. If the commitments are not found or are None, it generates a new nonce pair and returns the nonces.

§Security Warning

This method exposes sensitive cryptographic material and should be used with the same caution as sensitive_expose_nonces_from_commitments.

§Arguments
  • signing_commitments - Optional commitments for which to retrieve nonces
§Returns
  • Ok(SigningNonces) - The nonces corresponding to the commitments, or newly generated nonces
  • Err(SparkSdkError) - If an error occurs during retrieval or generation

Dyn Compatibility§

This trait is not dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.

Implementors§