3.6.6 Further document nonces

This was already a largely documented file. While the terminology is
potentially ambiguous, there's not a clearer path perceived at this time.
This commit is contained in:
Luke Parker 2023-03-01 00:35:37 -05:00
parent 62b3036cbd
commit 5a3406bb5f
No known key found for this signature in database
3 changed files with 9 additions and 5 deletions

View file

@ -38,7 +38,7 @@ pub trait Algorithm<C: Curve>: Clone {
fn transcript(&mut self) -> &mut Self::Transcript; fn transcript(&mut self) -> &mut Self::Transcript;
/// Obtain the list of nonces to generate, as specified by the generators to create commitments /// Obtain the list of nonces to generate, as specified by the generators to create commitments
/// against per-nonce /// against per-nonce.
fn nonces(&self) -> Vec<Vec<C::G>>; fn nonces(&self) -> Vec<Vec<C::G>>;
/// Generate an addendum to FROST"s preprocessing stage. /// Generate an addendum to FROST"s preprocessing stage.

View file

@ -3,10 +3,11 @@
// Then there is a signature (a modified Chaum Pedersen proof) using multiple nonces at once // Then there is a signature (a modified Chaum Pedersen proof) using multiple nonces at once
// //
// Accordingly, in order for this library to be robust, it supports generating an arbitrary amount // Accordingly, in order for this library to be robust, it supports generating an arbitrary amount
// of nonces, each against an arbitrary list of basepoints // of nonces, each against an arbitrary list of generators
// //
// Each nonce remains of the form (d, e) and made into a proper nonce with d + (e * b) // Each nonce remains of the form (d, e) and made into a proper nonce with d + (e * b)
// When multiple D, E pairs are provided, a DLEq proof is also provided to confirm their integrity // When representations across multiple generators are provided, a DLEq proof is also provided to
// confirm their integrity
use core::ops::Deref; use core::ops::Deref;
use std::{ use std::{
@ -72,6 +73,7 @@ impl<C: Curve> GeneratorCommitments<C> {
#[derive(Clone, PartialEq, Eq)] #[derive(Clone, PartialEq, Eq)]
pub(crate) struct NonceCommitments<C: Curve> { pub(crate) struct NonceCommitments<C: Curve> {
// Called generators as these commitments are indexed by generator later on // Called generators as these commitments are indexed by generator later on
// So to get the commitments for the first generator, it'd be commitments.generators[0]
pub(crate) generators: Vec<GeneratorCommitments<C>>, pub(crate) generators: Vec<GeneratorCommitments<C>>,
} }
@ -130,9 +132,11 @@ impl<C: Curve> NonceCommitments<C> {
} }
} }
/// Commitments for all the nonces across all their generators.
#[derive(Clone, PartialEq, Eq)] #[derive(Clone, PartialEq, Eq)]
pub(crate) struct Commitments<C: Curve> { pub(crate) struct Commitments<C: Curve> {
// Called nonces as these commitments are indexed by nonce // Called nonces as these commitments are indexed by nonce
// So to get the commitments for the first nonce, it'd be commitments.nonces[0]
pub(crate) nonces: Vec<NonceCommitments<C>>, pub(crate) nonces: Vec<NonceCommitments<C>>,
// DLEq Proof proving that each set of commitments were generated using a single pair of discrete // DLEq Proof proving that each set of commitments were generated using a single pair of discrete
// logarithms // logarithms

View file

@ -221,8 +221,8 @@ pub trait SignMachine<S>: Sized {
/// security as your private key share. /// security as your private key share.
fn cache(self) -> CachedPreprocess; fn cache(self) -> CachedPreprocess;
/// Create a sign machine from a cached preprocess. After this, the preprocess should be fully /// Create a sign machine from a cached preprocess. After this, the preprocess must be deleted so
/// deleted, as it must never be reused. It is /// it's never reused. Any reuse would cause the signer to leak their secret share.
fn from_cache( fn from_cache(
params: Self::Params, params: Self::Params,
keys: Self::Keys, keys: Self::Keys,