spark_rust/signer/traits/

frost.rs

//! # FROST Nonce Management for Threshold Signatures
//!
//! This module defines the trait for managing cryptographic nonces in the FROST
//! (Flexible Round-Optimized Schnorr Threshold) signature scheme. Proper nonce
//! generation and management is absolutely critical to the security of threshold
//! signatures in the Spark wallet.
//!
//! In FROST, each signing party generates nonce pairs that:
//! - Must be unique and unpredictable for each signature
//! - Must remain secret until the specific phases of the protocol
//! - Must never be reused across different signing sessions
//!
//! This module works in conjunction with the `frost_signing.rs` module, which
//! implements the actual threshold signing operations.

use frost_secp256k1_tr_unofficial::round1::{SigningCommitments, SigningNonces};

use crate::error::SparkSdkError;

/// Trait for managing cryptographic nonces in FROST threshold signing.
///
/// This trait provides methods for generating, storing, and retrieving the nonce
/// pairs required for FROST threshold signing. Nonce management is a security-critical
/// component of the FROST protocol, as improper nonce generation or reuse can
/// lead to private key compromise.
///
/// In the FROST protocol flow:
/// 1. Each participant generates a nonce pair (secret nonces and public commitments)
/// 2. Participants exchange commitments (not nonces) with each other
/// 3. When signing occurs, participants reveal their nonces in a controlled manner
///
/// The implementation must ensure that:
/// - Nonces are generated using a cryptographically secure random number generator
/// - Nonces are never reused across different signing operations
/// - Nonces are properly stored with their corresponding commitments
/// - Access to secret nonces is strictly controlled
pub trait SparkSignerFrost {
    /// Generates a new (commitments, nonces) pair for a FROST signing round.
    ///
    /// This method creates a fresh nonce pair for use in FROST threshold signing
    /// and stores it securely within the signer's state. The commitments (public part)
    /// are returned and can be safely shared with other signing participants.
    ///
    /// # Returns
    /// * `Ok(SigningCommitments)` - The public commitments corresponding to the generated nonces
    /// * `Err(SparkSdkError)` - If nonce generation fails
    ///
    /// # Security Considerations
    /// The implementation must use a secure random number generator to ensure nonces
    /// are unpredictable. Predictable nonces can lead to private key compromise.
    fn new_frost_signing_noncepair(&self) -> Result<SigningCommitments, SparkSdkError>;

    /// Exposes the secret nonces corresponding to previously generated commitments.
    ///
    /// # Security Warning
    /// This is a **highly sensitive** operation from a security perspective because
    /// it reveals confidential material. Improper exposure of nonces can lead to
    /// private key compromise. Use it **only** when absolutely necessary during the
    /// FROST signing protocol, and handle the returned nonces with extreme caution.
    ///
    /// # Arguments
    /// * `signing_commitments` - The commitments for which to retrieve the corresponding nonces
    ///
    /// # Returns
    /// * `Ok(SigningNonces)` - The secret nonces corresponding to the provided commitments
    /// * `Err(SparkSdkError)` - If the nonces cannot be found or another error occurs
    ///
    /// # Example
    /// ```
    /// # // This is example code and should not be used in production
    /// # use frost_secp256k1_tr_unofficial::round1::SigningCommitments;
    /// # fn example(signer: &impl SparkSignerFrost, commitments: SigningCommitments) -> Result<(), SparkSdkError> {
    /// // This should only happen during the actual signing phase of FROST
    /// let nonces = signer.sensitive_expose_nonces_from_commitments(&commitments)?;
    /// // Use nonces immediately for signing and then ensure they're securely erased
    /// # Ok(())
    /// # }
    /// ```
    fn sensitive_expose_nonces_from_commitments<T>(
        &self,
        signing_commitments: &T,
    ) -> Result<SigningNonces, SparkSdkError>
    where
        T: AsRef<[u8]>;

    /// Retrieves or generates nonces for the given commitments.
    ///
    /// This method attempts to retrieve the nonces corresponding to the provided
    /// commitments. If the commitments are not found or are None, it generates
    /// a new nonce pair and returns the nonces.
    ///
    /// # Security Warning
    /// This method exposes sensitive cryptographic material and should be used
    /// with the same caution as `sensitive_expose_nonces_from_commitments`.
    ///
    /// # Arguments
    /// * `signing_commitments` - Optional commitments for which to retrieve nonces
    ///
    /// # Returns
    /// * `Ok(SigningNonces)` - The nonces corresponding to the commitments, or newly generated nonces
    /// * `Err(SparkSdkError)` - If an error occurs during retrieval or generation
    fn sensitive_create_if_not_found_expose_nonces_from_commitments(
        &self,
        signing_commitments: Option<&[u8]>,
    ) -> Result<SigningNonces, SparkSdkError>;
}