a25e6330bd
1) Removes the key image DLEq on the Monero side of things, as the produced signature share serves as a DLEq for it. 2) Removes the nonce DLEqs from modular-frost as they're unnecessary for monero-serai. Updates documentation accordingly. Without the proof the nonces are internally consistent, the produced signatures from modular-frost can be argued as a batch-verifiable CP93 DLEq (R0, R1, s), or as a GSP for the CP93 DLEq statement (which naturally produces (R0, R1, s)). The lack of proving the nonces consistent does make the process weaker, yet it's also unnecessary for the class of protocols this is intended to service. To provide DLEqs for the nonces would be to provide PoKs for the nonce commitments (in the traditional Schnorr case). |
||
|---|---|---|
| .. | ||
| src | ||
| Cargo.toml | ||
| LICENSE | ||
| README.md | ||
Modular FROST
A modular implementation of FROST for any curve with a ff/group API. Additionally, custom algorithms may be specified so any signature reducible to Schnorr-like may be used with FROST.
A Schnorr algorithm is provided, of the form (R, s) where s = r + cx, which
allows specifying the challenge format. This is intended to easily allow
integrating with existing systems.
This library offers ciphersuites compatible with the IETF draft. Currently, version 11 is supported.
This library was audited by Cypher Stack in March 2023, culminating in commit 669d2dbffc1dafb82a09d9419ea182667115df06. Any subsequent changes have not undergone auditing. While this audit included FROST's definition of Ed448, the underlying Ed448 ciphersuite (offered by the ciphersuite crate) was not audited, nor was the minimal-ed448 crate implementing the curve itself.