Merge remote-tracking branch 'origin/main' into rerandomized-simplified

ZcashFoundation · Jul 19, 2023 · cb2bb1f · cb2bb1f
2 parents dd7adfb + 9b5d88d
commit cb2bb1f
Show file tree

Hide file tree

Showing 9 changed files with 32 additions and 40 deletions.
diff --git a/frost-core/src/frost.rs b/frost-core/src/frost.rs
@@ -159,42 +159,44 @@ where
 /// to the given xj.
 ///
 /// If `x` is None, it uses 0 for it (since Identifiers can't be 0)
-pub fn compute_lagrange_coefficient<C: Ciphersuite>(
-    xs: &BTreeSet<Identifier<C>>,
+#[cfg_attr(feature = "internals", visibility::make(pub))]
+fn compute_lagrange_coefficient<C: Ciphersuite>(
+    x_set: &BTreeSet<Identifier<C>>,
     x: Option<Identifier<C>>,
-    xi: Identifier<C>,
+    x_i: Identifier<C>,
 ) -> Result<Scalar<C>, Error<C>> {
-    if xs.is_empty() {
+    if x_set.is_empty() {
         return Err(Error::IncorrectNumberOfIdentifiers);
     }
     let mut num = <<C::Group as Group>::Field>::one();
     let mut den = <<C::Group as Group>::Field>::one();
 
-    let mut xi_found = false;
-    for xj in xs.iter() {
-        if xi == *xj {
-            xi_found = true;
+    let mut x_i_found = false;
+
+    for x_j in x_set.iter() {
+        if x_i == *x_j {
+            x_i_found = true;
             continue;
         }
 
         if let Some(x) = x {
-            num *= x - *xj;
-            den *= xi - *xj;
+            num *= x - *x_j;
+            den *= x_i - *x_j;
         } else {
             // Both signs inverted just to avoid requiring Neg (-*xj)
-            num *= *xj;
-            den *= *xj - xi;
+            num *= *x_j;
+            den *= *x_j - x_i;
         }
     }
-    if !xi_found {
+    if !x_i_found {
         return Err(Error::UnknownIdentifier);
     }
 
     Ok(num
         * <<C::Group as Group>::Field>::invert(&den).map_err(|_| Error::DuplicatedIdentifiers)?)
 }
 
-/// Generates the lagrange coefficient for the i'th participant.
+/// Generates the lagrange coefficient for the i'th participant (for `signer_id`).
 #[cfg_attr(feature = "internals", visibility::make(pub))]
 fn derive_interpolating_value<C: Ciphersuite>(
     signer_id: &Identifier<C>,

diff --git a/frost-core/src/frost/keys.rs b/frost-core/src/frost/keys.rs
@@ -772,31 +772,31 @@ pub(crate) fn generate_secret_shares<C: Ciphersuite>(
 /// The caller is responsible for providing at least `min_signers` shares;
 /// if less than that is provided, a different key will be returned.
 pub fn reconstruct<C: Ciphersuite>(
-    key_packages: &[KeyPackage<C>],
+    secret_shares: &[SecretShare<C>],
 ) -> Result<SigningKey<C>, Error<C>> {
-    if key_packages.is_empty() {
+    if secret_shares.is_empty() {
         return Err(Error::IncorrectNumberOfShares);
     }
 
     let mut secret = <<C::Group as Group>::Field>::zero();
 
-    let xset: BTreeSet<_> = key_packages
+    let identifiers: BTreeSet<_> = secret_shares
         .iter()
         .map(|s| s.identifier())
         .cloned()
         .collect();
 
-    if xset.len() != key_packages.len() {
+    if identifiers.len() != secret_shares.len() {
         return Err(Error::DuplicatedIdentifiers);
     }
 
     // Compute the Lagrange coefficients
-    for key_package in key_packages.iter() {
+    for secret_share in secret_shares.iter() {
         let lagrange_coefficient =
-            compute_lagrange_coefficient(&xset, None, key_package.identifier)?;
+            compute_lagrange_coefficient(&identifiers, None, secret_share.identifier)?;
 
         // Compute y = f(0) via polynomial interpolation of these t-of-n solutions ('points) of f
-        secret = secret + (lagrange_coefficient * key_package.secret_share.0);
+        secret = secret + (lagrange_coefficient * secret_share.value.0);
     }
 
     Ok(SigningKey { scalar: secret })

diff --git a/frost-core/src/tests/ciphersuite_generic.rs b/frost-core/src/tests/ciphersuite_generic.rs
@@ -35,13 +35,8 @@ pub fn check_share_generation<C: Ciphersuite, R: RngCore + CryptoRng>(mut rng: R
         assert!(secret_share.verify().is_ok());
     }
 
-    let key_packages: Vec<_> = secret_shares
-        .iter()
-        .map(|s| frost::keys::KeyPackage::try_from(s.clone()).unwrap())
-        .collect();
-
     assert_eq!(
-        frost::keys::reconstruct::<C>(&key_packages)
+        frost::keys::reconstruct::<C>(&secret_shares)
             .unwrap()
             .serialize()
             .as_ref(),
@@ -58,13 +53,8 @@ pub fn check_share_generation<C: Ciphersuite, R: RngCore + CryptoRng>(mut rng: R
     let mut secret_shares = secret_shares;
     secret_shares[0] = secret_shares[1].clone();
 
-    let key_packages: Vec<_> = secret_shares
-        .iter()
-        .map(|s| frost::keys::KeyPackage::try_from(s.clone()).unwrap())
-        .collect();
-
     assert_eq!(
-        frost::keys::reconstruct::<C>(&key_packages).unwrap_err(),
+        frost::keys::reconstruct::<C>(&secret_shares).unwrap_err(),
         Error::DuplicatedIdentifiers
     );
 }

diff --git a/frost-ed25519/src/lib.rs b/frost-ed25519/src/lib.rs
@@ -263,7 +263,7 @@ pub mod keys {
     ///
     /// The caller is responsible for providing at least `min_signers` shares;
     /// if less than that is provided, a different key will be returned.
-    pub fn reconstruct(secret_shares: &[KeyPackage]) -> Result<SigningKey, Error> {
+    pub fn reconstruct(secret_shares: &[SecretShare]) -> Result<SigningKey, Error> {
         frost::keys::reconstruct(secret_shares)
     }
 

diff --git a/frost-ed448/src/lib.rs b/frost-ed448/src/lib.rs
@@ -257,7 +257,7 @@ pub mod keys {
     ///
     /// The caller is responsible for providing at least `min_signers` shares;
     /// if less than that is provided, a different key will be returned.
-    pub fn reconstruct(secret_shares: &[KeyPackage]) -> Result<SigningKey, Error> {
+    pub fn reconstruct(secret_shares: &[SecretShare]) -> Result<SigningKey, Error> {
         frost::keys::reconstruct(secret_shares)
     }
 

diff --git a/frost-p256/src/lib.rs b/frost-p256/src/lib.rs
@@ -289,7 +289,7 @@ pub mod keys {
     ///
     /// The caller is responsible for providing at least `min_signers` shares;
     /// if less than that is provided, a different key will be returned.
-    pub fn reconstruct(secret_shares: &[KeyPackage]) -> Result<SigningKey, Error> {
+    pub fn reconstruct(secret_shares: &[SecretShare]) -> Result<SigningKey, Error> {
         frost::keys::reconstruct(secret_shares)
     }
 

diff --git a/frost-ristretto255/src/lib.rs b/frost-ristretto255/src/lib.rs
@@ -251,7 +251,7 @@ pub mod keys {
     ///
     /// The caller is responsible for providing at least `min_signers` shares;
     /// if less than that is provided, a different key will be returned.
-    pub fn reconstruct(secret_shares: &[KeyPackage]) -> Result<SigningKey, Error> {
+    pub fn reconstruct(secret_shares: &[SecretShare]) -> Result<SigningKey, Error> {
         frost::keys::reconstruct(secret_shares)
     }
 

diff --git a/frost-secp256k1/Cargo.toml b/frost-secp256k1/Cargo.toml
@@ -14,8 +14,8 @@ readme = "README.md"
 license = "MIT OR Apache-2.0"
 repository = "https://github.com/ZcashFoundation/frost"
 categories = ["cryptography"]
-keywords = ["cryptography", "crypto", "ristretto", "threshold", "signature"]
-description = "A Schnorr signature scheme over the prime-order Ristretto group that supports FROST."
+keywords = ["cryptography", "crypto", "threshold", "signature"]
+description = "A Schnorr signature scheme over the secp256k1 curve that supports FROST."
 
 [package.metadata.docs.rs]
 features = ["nightly"]

diff --git a/frost-secp256k1/src/lib.rs b/frost-secp256k1/src/lib.rs
@@ -288,7 +288,7 @@ pub mod keys {
     ///
     /// The caller is responsible for providing at least `min_signers` shares;
     /// if less than that is provided, a different key will be returned.
-    pub fn reconstruct(secret_shares: &[KeyPackage]) -> Result<SigningKey, Error> {
+    pub fn reconstruct(secret_shares: &[SecretShare]) -> Result<SigningKey, Error> {
         frost::keys::reconstruct(secret_shares)
     }