merge queue: embarking main (3ed40ad) and [#1001 + #998] together

frost-core/CHANGELOG.md

@@ -22,19 +22,23 @@ Entries are listed in reverse chronological order.
   before calling the function (recreate it with `PublicKeyPackage::new()`).
   The latter was simply redundant.
 * Refactored the `frost_core::keys::repairable` module:
-  * `repair_share_step_1()` now takes a `KeyPackage` and returns a map with
-    a new `Delta` type instead of a raw `Scalar`
-  * `repair_share_step_2()` now takes the `Delta` type and returns a new `Sigma`
-    type instead of a raw `Scalar`
-  * `repair_share_step_3()` now takes the `Sigma` type and a `PublicKeyPackage`
-    instead of `VerifiableSecretSharingCommitment`; and returns a `KeyPackage`
-    instead of `SecretShare`.
+  * `repair_share_step_1()` was renamed to `repair_share_part1()` and now takes
+    a `KeyPackage` and returns a map with a new `Delta` type instead of a raw
+    `Scalar`
+  * `repair_share_step_2()` was renamed to `repair_share_part2()` and now takes
+    the `Delta` type and returns a new `Sigma` type instead of a raw `Scalar`
+  * `repair_share_step_3()` was renamed to `repair_share_part3()` and now takes
+    the `Sigma` type and a `PublicKeyPackage` instead of
+    `VerifiableSecretSharingCommitment`; and returns a `KeyPackage` instead of
+    `SecretShare`.
   * These changes provide more type safety and are make it more useful since
     `SecretPackage`s are not expected to be stored
 
 ### Additional changes
 
 * Added DKG refresh functions to the crate-specific `refresh` modules.
+* Re-exported the `frost-rerandomized` crate in the ciphersuite functions, e.g.
+  you can call `frost_ristretto255::rerandomized::sign_with_randomizer_seed()`.
 
 ## 2.2.0
 

frost-core/src/keys/repairable.rs

@@ -9,12 +9,12 @@
 //!
 //! - Participants need to agree somehow on who are going to be the `helpers`
 //!   for the repair, and which participant is going to repair their share.
-//! - Each helper runs `repair_share_step_1`, generating a set of `delta` values
+//! - Each helper runs `repair_share_part1`, generating a set of `delta` values
 //!   to be sent to each helper (including themselves).
-//! - Each helper runs `repair_share_step_2`, passing the received `delta`
+//! - Each helper runs `repair_share_part2`, passing the received `delta`
 //!   values, generating a `sigma` value to be sent to the participant repairing
 //!   their share.
-//! - The participant repairing their share runs `repair_share_step_3`, passing
+//! - The participant repairing their share runs `repair_share_part3`, passing
 //!   all the received `sigma` values, recovering their lost `KeyPackage`. (They
 //!   will also need the `PublicKeyPackage` for this step which could be
 //!   provided by any of the helpers).
@@ -32,7 +32,7 @@ use crate::{
 
 use super::{generate_coefficients, SigningShare};
 
-/// A delta value which is the output of step 1 of RTS.
+/// A delta value which is the output of part 1 of RTS.
 #[derive(Clone, Copy, PartialEq, Eq)]
 #[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
 #[cfg_attr(feature = "serde", serde(bound = "C: Ciphersuite"))]
@@ -68,7 +68,7 @@ where
     }
 }
 
-/// A sigma value which is the output of step 2 of RTS.
+/// A sigma value which is the output of part 2 of RTS.
 #[derive(Clone, Copy, PartialEq, Eq)]
 #[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
 #[cfg_attr(feature = "serde", serde(bound = "C: Ciphersuite"))]
@@ -104,14 +104,14 @@ where
     }
 }
 
-/// Step 1 of RTS.
+/// Part 1 of RTS.
 ///
 /// Generates the "delta" values from the helper with `key_package_i` to send to
 /// `helpers` (which includes the helper with `key_package_i`), to help
 /// `participant` recover their share.
 ///
 /// Returns a BTreeMap mapping which value should be sent to which participant.
-pub fn repair_share_step_1<C: Ciphersuite, R: RngCore + CryptoRng>(
+pub fn repair_share_part1<C: Ciphersuite, R: RngCore + CryptoRng>(
     helpers: &[Identifier<C>],
     key_package_i: &KeyPackage<C>,
     rng: &mut R,
@@ -169,11 +169,11 @@ fn compute_last_random_value<C: Ciphersuite>(
     Ok(out)
 }
 
-/// Step 2 of RTS.
+/// Part 2 of RTS.
 ///
 /// Generates the "sigma" value from all `deltas` received from all helpers.
 /// The "sigma" value must be sent to the participant repairing their share.
-pub fn repair_share_step_2<C: Ciphersuite>(deltas: &[Delta<C>]) -> Sigma<C> {
+pub fn repair_share_part2<C: Ciphersuite>(deltas: &[Delta<C>]) -> Sigma<C> {
     let mut sigma_j = <<C::Group as Group>::Field>::zero();
 
     for d in deltas {
@@ -183,7 +183,7 @@ pub fn repair_share_step_2<C: Ciphersuite>(deltas: &[Delta<C>]) -> Sigma<C> {
     Sigma::new(sigma_j)
 }
 
-/// Step 3 of RTS.
+/// Part 3 of RTS.
 ///
 /// The participant with the given `identifier` recovers their `KeyPackage`
 /// with the "sigma" values received from all helpers and the `PublicKeyPackage`
@@ -192,7 +192,7 @@ pub fn repair_share_step_2<C: Ciphersuite>(deltas: &[Delta<C>]) -> Sigma<C> {
 /// Returns an error if the `min_signers` field is not set in the `PublicKeyPackage`.
 /// This happens for `PublicKeyPackage`s created before the 3.0.0 release;
 /// in that case, the user should set the `min_signers` field manually.
-pub fn repair_share_step_3<C: Ciphersuite>(
+pub fn repair_share_part3<C: Ciphersuite>(
     sigmas: &[Sigma<C>],
     identifier: Identifier<C>,
     public_key_package: &PublicKeyPackage<C>,

frost-core/src/tests/repairable.rs

@@ -12,7 +12,7 @@ use crate::keys::KeyPackage;
 use crate::{
     compute_lagrange_coefficient,
     keys::{
-        repairable::{repair_share_step_1, repair_share_step_2, repair_share_step_3},
+        repairable::{repair_share_part1, repair_share_part2, repair_share_part3},
         PublicKeyPackage, SecretShare,
     },
     Ciphersuite, Error, Field, Group, Identifier,
@@ -62,33 +62,33 @@ pub fn check_rts<C: Ciphersuite, R: RngCore + CryptoRng>(mut rng: R) {
     // Each helper generates random values for each helper
 
     let helper_1_deltas =
-        repair_share_step_1(&helpers, helper_1, &mut rng, participant.identifier).unwrap();
+        repair_share_part1(&helpers, helper_1, &mut rng, participant.identifier).unwrap();
     let helper_4_deltas =
-        repair_share_step_1(&helpers, helper_4, &mut rng, participant.identifier).unwrap();
+        repair_share_part1(&helpers, helper_4, &mut rng, participant.identifier).unwrap();
     let helper_5_deltas =
-        repair_share_step_1(&helpers, helper_5, &mut rng, participant.identifier).unwrap();
+        repair_share_part1(&helpers, helper_5, &mut rng, participant.identifier).unwrap();
 
     // Each helper calculates their sigma from the random values received from the other helpers
 
-    let helper_1_sigma: Sigma<C> = repair_share_step_2::<C>(&[
+    let helper_1_sigma: Sigma<C> = repair_share_part2::<C>(&[
         helper_1_deltas[&helpers[0]],
         helper_4_deltas[&helpers[0]],
         helper_5_deltas[&helpers[0]],
     ]);
-    let helper_4_sigma: Sigma<C> = repair_share_step_2::<C>(&[
+    let helper_4_sigma: Sigma<C> = repair_share_part2::<C>(&[
         helper_1_deltas[&helpers[1]],
         helper_4_deltas[&helpers[1]],
         helper_5_deltas[&helpers[1]],
     ]);
-    let helper_5_sigma: Sigma<C> = repair_share_step_2::<C>(&[
+    let helper_5_sigma: Sigma<C> = repair_share_part2::<C>(&[
         helper_1_deltas[&helpers[2]],
         helper_4_deltas[&helpers[2]],
         helper_5_deltas[&helpers[2]],
     ]);
 
     // The participant wishing to recover their share sums the sigmas sent from all helpers
 
-    let participant_recovered_share = repair_share_step_3(
+    let participant_recovered_share = repair_share_part3(
         &[helper_1_sigma, helper_4_sigma, helper_5_sigma],
         participant.identifier,
         &public_key_package,
@@ -108,8 +108,8 @@ fn generate_scalar_from_byte_string<C: Ciphersuite>(
     out.unwrap()
 }
 
-/// Test repair_share_step_1
-pub fn check_repair_share_step_1<C: Ciphersuite, R: RngCore + CryptoRng>(mut rng: R) {
+/// Test repair_share_part1
+pub fn check_repair_share_part1<C: Ciphersuite, R: RngCore + CryptoRng>(mut rng: R) {
     // Compute shares
 
     let max_signers = 5;
@@ -142,7 +142,7 @@ pub fn check_repair_share_step_1<C: Ciphersuite, R: RngCore + CryptoRng>(mut rng
     ];
 
     // Generate deltas for helper 4
-    let deltas = repair_share_step_1(&helpers, helper_4, &mut rng, participant.identifier).unwrap();
+    let deltas = repair_share_part1(&helpers, helper_4, &mut rng, participant.identifier).unwrap();
 
     let lagrange_coefficient = compute_lagrange_coefficient(
         &helpers.iter().cloned().collect(),
@@ -161,8 +161,8 @@ pub fn check_repair_share_step_1<C: Ciphersuite, R: RngCore + CryptoRng>(mut rng
     assert!(lhs == rhs)
 }
 
-/// Test repair_share_step_2
-pub fn check_repair_share_step_2<C: Ciphersuite>(repair_share_helpers: &Value) {
+/// Test repair_share_part2
+pub fn check_repair_share_part2<C: Ciphersuite>(repair_share_helpers: &Value) {
     let values = &repair_share_helpers["scalar_generation"];
 
     let value_1 = Delta::new(generate_scalar_from_byte_string::<C>(
@@ -174,7 +174,7 @@ pub fn check_repair_share_step_2<C: Ciphersuite>(repair_share_helpers: &Value) {
     let value_3 = Delta::new(generate_scalar_from_byte_string::<C>(
         values["random_scalar_3"].as_str().unwrap(),
     ));
-    let expected = repair_share_step_2::<C>(&[value_1, value_2, value_3]);
+    let expected = repair_share_part2::<C>(&[value_1, value_2, value_3]);
 
     let actual = Sigma::new(generate_scalar_from_byte_string::<C>(
         values["random_scalar_sum"].as_str().unwrap(),
@@ -183,8 +183,8 @@ pub fn check_repair_share_step_2<C: Ciphersuite>(repair_share_helpers: &Value) {
     assert!(actual == expected);
 }
 
-/// Test repair_share
-pub fn check_repair_share_step_3<C: Ciphersuite, R: RngCore + CryptoRng>(
+/// Test repair_share_part3
+pub fn check_repair_share_part3<C: Ciphersuite, R: RngCore + CryptoRng>(
     mut rng: R,
     repair_share_helpers: &Value,
 ) {
@@ -217,7 +217,7 @@ pub fn check_repair_share_step_3<C: Ciphersuite, R: RngCore + CryptoRng>(
         sigmas["sigma_4"].as_str().unwrap(),
     ));
 
-    let actual = repair_share_step_3::<C>(
+    let actual = repair_share_part3::<C>(
         &[sigma_1, sigma_2, sigma_3, sigma_4],
         Identifier::try_from(2).unwrap(),
         &public_key_package,
@@ -230,8 +230,8 @@ pub fn check_repair_share_step_3<C: Ciphersuite, R: RngCore + CryptoRng>(
     assert!(expected == actual.signing_share().to_scalar());
 }
 
-/// Test repair share step 1 fails with invalid numbers of signers.
-pub fn check_repair_share_step_1_fails_with_invalid_min_signers<
+/// Test repair share part 1 fails with invalid numbers of signers.
+pub fn check_repair_share_part1_fails_with_invalid_min_signers<
     C: Ciphersuite,
     R: RngCore + CryptoRng,
 >(
@@ -255,7 +255,7 @@ pub fn check_repair_share_step_1_fails_with_invalid_min_signers<
 
     let helper = Identifier::try_from(3).unwrap();
 
-    let out = repair_share_step_1(
+    let out = repair_share_part1(
         &[helper],
         &key_packages[&helper],
         &mut rng,

frost-ed25519/src/keys/repairable.rs

@@ -13,37 +13,37 @@ use crate::keys::{KeyPackage, PublicKeyPackage};
 use crate::{frost, Ciphersuite, CryptoRng, Identifier, RngCore};
 use crate::{Ed25519Sha512, Error};
 
-/// A delta value which is the output of step 1 of RTS.
+/// A delta value which is the output of part 1 of RTS.
 pub type Delta = frost::keys::repairable::Delta<Ed25519Sha512>;
 
-/// A sigma value which is the output of step 2 of RTS.
+/// A sigma value which is the output of part 2 of RTS.
 pub type Sigma = frost::keys::repairable::Sigma<Ed25519Sha512>;
 
-/// Step 1 of RTS.
+/// Part 1 of RTS.
 ///
 /// Generates the "delta" values from the helper with `key_package_i` to send to
 /// `helpers` (which includes the helper with `key_package_i`), to help
 /// `participant` recover their share.
 ///
 /// Returns a BTreeMap mapping which value should be sent to which participant.
-pub fn repair_share_step_1<C: Ciphersuite, R: RngCore + CryptoRng>(
+pub fn repair_share_part1<C: Ciphersuite, R: RngCore + CryptoRng>(
     helpers: &[Identifier],
     key_package_i: &KeyPackage,
     rng: &mut R,
     participant: Identifier,
 ) -> Result<BTreeMap<Identifier, Delta>, Error> {
-    frost::keys::repairable::repair_share_step_1(helpers, key_package_i, rng, participant)
+    frost::keys::repairable::repair_share_part1(helpers, key_package_i, rng, participant)
 }
 
-/// Step 2 of RTS.
+/// Part 2 of RTS.
 ///
 /// Generates the "sigma" value from all `deltas` received from all helpers.
 /// The "sigma" value must be sent to the participant repairing their share.
-pub fn repair_share_step_2(deltas: &[Delta]) -> Sigma {
-    frost::keys::repairable::repair_share_step_2::<Ed25519Sha512>(deltas)
+pub fn repair_share_part2(deltas: &[Delta]) -> Sigma {
+    frost::keys::repairable::repair_share_part2::<Ed25519Sha512>(deltas)
 }
 
-/// Step 3 of RTS.
+/// Part 3 of RTS.
 ///
 /// The participant with the given `identifier` recovers their `KeyPackage`
 /// with the "sigma" values received from all helpers and the `PublicKeyPackage`
@@ -52,12 +52,12 @@ pub fn repair_share_step_2(deltas: &[Delta]) -> Sigma {
 /// Returns an error if the `min_signers` field is not set in the `PublicKeyPackage`.
 /// This happens for `PublicKeyPackage`s created before the 3.0.0 release;
 /// in that case, the user should set the `min_signers` field manually.
-pub fn repair_share_step_3(
+pub fn repair_share_part3(
     sigmas: &[Sigma],
     identifier: Identifier,
     public_key_package: &PublicKeyPackage,
 ) -> Result<KeyPackage, Error> {
-    frost::keys::repairable::repair_share_step_3(sigmas, identifier, public_key_package)
+    frost::keys::repairable::repair_share_part3(sigmas, identifier, public_key_package)
 }
 
 #[cfg(test)]
@@ -76,30 +76,30 @@ mod tests {
     }
 
     #[test]
-    fn check_repair_share_step_1() {
+    fn check_repair_share_part1() {
         let rng = rand::rngs::OsRng;
 
-        frost_core::tests::repairable::check_repair_share_step_1::<Ed25519Sha512, _>(rng);
+        frost_core::tests::repairable::check_repair_share_part1::<Ed25519Sha512, _>(rng);
     }
 
     #[test]
-    fn check_repair_share_step_2() {
-        frost_core::tests::repairable::check_repair_share_step_2::<Ed25519Sha512>(&REPAIR_SHARE);
+    fn check_repair_share_part2() {
+        frost_core::tests::repairable::check_repair_share_part2::<Ed25519Sha512>(&REPAIR_SHARE);
     }
 
     #[test]
-    fn check_repair_share_step_3() {
+    fn check_repair_share_part3() {
         let rng = rand::rngs::OsRng;
-        frost_core::tests::repairable::check_repair_share_step_3::<Ed25519Sha512, _>(
+        frost_core::tests::repairable::check_repair_share_part3::<Ed25519Sha512, _>(
             rng,
             &REPAIR_SHARE,
         );
     }
 
     #[test]
-    fn check_repair_share_step_1_fails_with_invalid_min_signers() {
+    fn check_repair_share_part1_fails_with_invalid_min_signers() {
         let rng = rand::rngs::OsRng;
-        frost_core::tests::repairable::check_repair_share_step_1_fails_with_invalid_min_signers::<
+        frost_core::tests::repairable::check_repair_share_part1_fails_with_invalid_min_signers::<
             Ed25519Sha512,
             _,
         >(rng);