secp256kfun icon indicating copy to clipboard operation
secp256kfun copied to clipboard

Published 20 hours ago verified publisher icon LLFourn

FROST cfrg spec

Open nickfarrow opened this issue 2 years ago • 2 comments

Also create keygen hash like Jesse's https://github.com/ElementsProject/secp256k1-zkp/blob/6c1cf4e0caac3a933b4f8cdbe14be05ea4c7c0d9/src/modules/frost/keygen_impl.h#L210

nickfarrow avatar Sep 15 '22 04:09 nickfarrow

The latest draft-irtf-cfrg-frost-08 differs from v04 by having a per signer rho instead of a single group rho. See https://github.com/cfrg/draft-irtf-cfrg-frost/issues/214. Thinking I'll match 04 first, then explore per signer rhos.

Current discrepancies:

  • My commitment hash participant index uses u8 (L862) they uses u16
  • Currently using the same binding coeff hash on the message

In Keygen, Jesse's implementation uses some compute_indexhash so indexhash = tagged_hash(pk || idx) https://github.com/ElementsProject/secp256k1-zkp/blob/6c1cf4e0caac3a933b4f8cdbe14be05ea4c7c0d9/src/modules/frost/keygen_impl.h#L56

nickfarrow avatar Sep 15 '22 04:09 nickfarrow

Currently we use BTreeMaps for sorting nonces:

        let mut nonce_map: BTreeMap<_, _> =
            nonces.into_iter().map(|(i, nonce)| (i, nonce)).collect();

nickfarrow avatar Feb 21 '23 09:02 nickfarrow