FROST cfrg spec - Githubissues

LLFourn / secp256kfun

A pure-rust secp256k1 library optimised for fun

BSD Zero Clause License

100 stars 29 forks source link

FROST cfrg spec #119

Open nickfarrow opened 1 year ago

nickfarrow commented 1 year ago

Also create keygen hash like Jesse's https://github.com/ElementsProject/secp256k1-zkp/blob/6c1cf4e0caac3a933b4f8cdbe14be05ea4c7c0d9/src/modules/frost/keygen_impl.h#L210

nickfarrow commented 1 year ago

The latest draft-irtf-cfrg-frost-08 differs from v04 by having a per signer rho instead of a single group rho. See https://github.com/cfrg/draft-irtf-cfrg-frost/issues/214. Thinking I'll match 04 first, then explore per signer rhos.

Current discrepancies:

My commitment hash participant index uses u8 (L862) they uses u16
Currently using the same binding coeff hash on the message

In Keygen, Jesse's implementation uses some compute_indexhash so indexhash = tagged_hash(pk || idx) https://github.com/ElementsProject/secp256k1-zkp/blob/6c1cf4e0caac3a933b4f8cdbe14be05ea4c7c0d9/src/modules/frost/keygen_impl.h#L56

nickfarrow commented 1 year ago

Currently we use BTreeMaps for sorting nonces:

        let mut nonce_map: BTreeMap<_, _> =
            nonces.into_iter().map(|(i, nonce)| (i, nonce)).collect();