pub trait SparkSignerFrost {
// Required methods
fn generate_frost_signing_commitments(
&self,
) -> Result<SigningCommitments, SparkSdkError>;
fn sensitive_expose_nonces_from_commitments<T>(
&self,
signing_commitments: &T,
) -> Result<SigningNonces, SparkSdkError>
where T: AsRef<[u8]>;
}Expand description
Trait for managing cryptographic nonces in FROST threshold signing.
This trait provides methods for generating, storing, and retrieving the nonce pairs required for FROST threshold signing. Nonce management is a security-critical component of the FROST protocol, as improper nonce generation or reuse can lead to private key compromise.
In the FROST protocol flow:
- Each participant generates a nonce pair (secret nonces and public commitments)
- Participants exchange commitments (not nonces) with each other
- When signing occurs, participants reveal their nonces in a controlled manner
The implementation must ensure that:
- Nonces are generated using a cryptographically secure random number generator
- Nonces are never reused across different signing operations
- Nonces are properly stored with their corresponding commitments
- Access to secret nonces is strictly controlled
Required Methods§
Sourcefn generate_frost_signing_commitments(
&self,
) -> Result<SigningCommitments, SparkSdkError>
fn generate_frost_signing_commitments( &self, ) -> Result<SigningCommitments, SparkSdkError>
Generates a new (commitments, nonces) pair for a FROST signing round.
This method creates a fresh nonce pair for use in FROST threshold signing and stores it securely within the signer’s state. The commitments (public part) are returned and can be safely shared with other signing participants.
§Returns
Ok(SigningCommitments)- The public commitments corresponding to the generated noncesErr(SparkSdkError)- If nonce generation fails
§Security Considerations
The implementation must use a secure random number generator to ensure nonces are unpredictable. Predictable nonces can lead to private key compromise.
Sourcefn sensitive_expose_nonces_from_commitments<T>(
&self,
signing_commitments: &T,
) -> Result<SigningNonces, SparkSdkError>
fn sensitive_expose_nonces_from_commitments<T>( &self, signing_commitments: &T, ) -> Result<SigningNonces, SparkSdkError>
Exposes the secret nonces corresponding to previously generated commitments.
§Security Warning
This is a highly sensitive operation from a security perspective because it reveals confidential material. Improper exposure of nonces can lead to private key compromise. Use it only when absolutely necessary during the FROST signing protocol, and handle the returned nonces with extreme caution.
§Arguments
signing_commitments- The commitments for which to retrieve the corresponding nonces
§Returns
Ok(SigningNonces)- The secret nonces corresponding to the provided commitmentsErr(SparkSdkError)- If the nonces cannot be found or another error occurs
§Example
// This should only happen during the actual signing phase of FROST
let nonces = signer.sensitive_expose_nonces_from_commitments(&commitments.serialize().unwrap())?;
// Use nonces immediately for signing and then ensure they're securely erasedDyn Compatibility§
This trait is not dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.