ZcashFoundation · mergify · Jan 27, 2026 · Jan 23, 2026
diff --git a/frost-core/CHANGELOG.md b/frost-core/CHANGELOG.md
@@ -35,6 +35,8 @@ Entries are listed in reverse chronological order.
 ### Additional changes
 
 * Added DKG refresh functions to the crate-specific `refresh` modules.
+* Re-exported the `frost-rerandomized` crate in the ciphersuite functions, e.g.
+  you can call `frost_ristretto255::rerandomized::sign_with_randomizer_seed()`.
 
 ## 2.2.0
 

diff --git a/frost-ed25519/src/rerandomized.rs b/frost-ed25519/src/rerandomized.rs
@@ -0,0 +1,65 @@
+//! FROST implementation supporting re-randomizable keys.
+
+use alloc::collections::btree_map::BTreeMap;
+
+/// Re-randomized FROST signing using the given `randomizer_seed`, which should
+/// be sent from the Coordinator using a confidential channel.
+///
+/// See [`crate::round2::sign`] for documentation on the other parameters.
+pub fn sign_with_randomizer_seed(
+    signing_package: &crate::SigningPackage,
+    signer_nonces: &crate::round1::SigningNonces,
+    key_package: &crate::keys::KeyPackage,
+    randomizer_seed: &[u8],
+) -> Result<crate::round2::SignatureShare, crate::Error> {
+    frost_rerandomized::sign_with_randomizer_seed::<crate::Ed25519Sha512>(
+        signing_package,
+        signer_nonces,
+        key_package,
+        randomizer_seed,
+    )
+}
+
+/// Re-randomized FROST signature share aggregation with the given
+/// [`RandomizedParams`].
+///
+/// See [`frost_core::aggregate`] for documentation on the other parameters.
+pub fn aggregate(
+    signing_package: &crate::SigningPackage,
+    signature_shares: &BTreeMap<crate::Identifier, crate::round2::SignatureShare>,
+    pubkeys: &crate::keys::PublicKeyPackage,
+    randomized_params: &RandomizedParams,
+) -> Result<crate::Signature, crate::Error> {
+    frost_rerandomized::aggregate::<crate::Ed25519Sha512>(
+        signing_package,
+        signature_shares,
+        pubkeys,
+        randomized_params,
+    )
+}
+
+/// Re-randomized FROST signature share aggregation with the given
+/// [`RandomizedParams`] using the given cheater detection strategy.
+///
+/// See [`frost_core::aggregate_custom`] for documentation on the other parameters.
+pub fn aggregate_custom(
+    signing_package: &crate::SigningPackage,
+    signature_shares: &BTreeMap<crate::Identifier, crate::round2::SignatureShare>,
+    pubkeys: &crate::keys::PublicKeyPackage,
+    cheater_detection: crate::CheaterDetection,
+    randomized_params: &RandomizedParams,
+) -> Result<crate::Signature, crate::Error> {
+    frost_rerandomized::aggregate_custom::<crate::Ed25519Sha512>(
+        signing_package,
+        signature_shares,
+        pubkeys,
+        cheater_detection,
+        randomized_params,
+    )
+}
+
+/// A randomizer. A random scalar which is used to randomize the key.
+pub type Randomizer = frost_rerandomized::Randomizer<crate::Ed25519Sha512>;
+
+/// Randomized parameters for a signing instance of randomized FROST.
+pub type RandomizedParams = frost_rerandomized::RandomizedParams<crate::Ed25519Sha512>;
diff --git a/frost-ed448/src/rerandomized.rs b/frost-ed448/src/rerandomized.rs
@@ -0,0 +1,65 @@
+//! FROST implementation supporting re-randomizable keys.
+
+use alloc::collections::btree_map::BTreeMap;
+
+/// Re-randomized FROST signing using the given `randomizer_seed`, which should
+/// be sent from the Coordinator using a confidential channel.
+///
+/// See [`crate::round2::sign`] for documentation on the other parameters.
+pub fn sign_with_randomizer_seed(
+    signing_package: &crate::SigningPackage,
+    signer_nonces: &crate::round1::SigningNonces,
+    key_package: &crate::keys::KeyPackage,
+    randomizer_seed: &[u8],
+) -> Result<crate::round2::SignatureShare, crate::Error> {
+    frost_rerandomized::sign_with_randomizer_seed::<crate::Ed448Shake256>(
+        signing_package,
+        signer_nonces,
+        key_package,
+        randomizer_seed,
+    )
+}
+
+/// Re-randomized FROST signature share aggregation with the given
+/// [`RandomizedParams`].
+///
+/// See [`frost_core::aggregate`] for documentation on the other parameters.
+pub fn aggregate(
+    signing_package: &crate::SigningPackage,
+    signature_shares: &BTreeMap<crate::Identifier, crate::round2::SignatureShare>,
+    pubkeys: &crate::keys::PublicKeyPackage,
+    randomized_params: &RandomizedParams,
+) -> Result<crate::Signature, crate::Error> {
+    frost_rerandomized::aggregate::<crate::Ed448Shake256>(
+        signing_package,
+        signature_shares,
+        pubkeys,
+        randomized_params,
+    )
+}
+
+/// Re-randomized FROST signature share aggregation with the given
+/// [`RandomizedParams`] using the given cheater detection strategy.
+///
+/// See [`frost_core::aggregate_custom`] for documentation on the other parameters.
+pub fn aggregate_custom(
+    signing_package: &crate::SigningPackage,
+    signature_shares: &BTreeMap<crate::Identifier, crate::round2::SignatureShare>,
+    pubkeys: &crate::keys::PublicKeyPackage,
+    cheater_detection: crate::CheaterDetection,
+    randomized_params: &RandomizedParams,
+) -> Result<crate::Signature, crate::Error> {
+    frost_rerandomized::aggregate_custom::<crate::Ed448Shake256>(
+        signing_package,
+        signature_shares,
+        pubkeys,
+        cheater_detection,
+        randomized_params,
+    )
+}
+
+/// A randomizer. A random scalar which is used to randomize the key.
+pub type Randomizer = frost_rerandomized::Randomizer<crate::Ed448Shake256>;
+
+/// Randomized parameters for a signing instance of randomized FROST.
+pub type RandomizedParams = frost_rerandomized::RandomizedParams<crate::Ed448Shake256>;
diff --git a/frost-p256/src/rerandomized.rs b/frost-p256/src/rerandomized.rs
@@ -0,0 +1,65 @@
+//! FROST implementation supporting re-randomizable keys.
+
+use alloc::collections::btree_map::BTreeMap;
+
+/// Re-randomized FROST signing using the given `randomizer_seed`, which should
+/// be sent from the Coordinator using a confidential channel.
+///
+/// See [`crate::round2::sign`] for documentation on the other parameters.
+pub fn sign_with_randomizer_seed(
+    signing_package: &crate::SigningPackage,
+    signer_nonces: &crate::round1::SigningNonces,
+    key_package: &crate::keys::KeyPackage,
+    randomizer_seed: &[u8],
+) -> Result<crate::round2::SignatureShare, crate::Error> {
+    frost_rerandomized::sign_with_randomizer_seed::<crate::P256Sha256>(
+        signing_package,
+        signer_nonces,
+        key_package,
+        randomizer_seed,
+    )
+}
+
+/// Re-randomized FROST signature share aggregation with the given
+/// [`RandomizedParams`].
+///
+/// See [`frost_core::aggregate`] for documentation on the other parameters.
+pub fn aggregate(
+    signing_package: &crate::SigningPackage,
+    signature_shares: &BTreeMap<crate::Identifier, crate::round2::SignatureShare>,
+    pubkeys: &crate::keys::PublicKeyPackage,
+    randomized_params: &RandomizedParams,
+) -> Result<crate::Signature, crate::Error> {
+    frost_rerandomized::aggregate::<crate::P256Sha256>(
+        signing_package,
+        signature_shares,
+        pubkeys,
+        randomized_params,
+    )
+}
+
+/// Re-randomized FROST signature share aggregation with the given
+/// [`RandomizedParams`] using the given cheater detection strategy.
+///
+/// See [`frost_core::aggregate_custom`] for documentation on the other parameters.
+pub fn aggregate_custom(
+    signing_package: &crate::SigningPackage,
+    signature_shares: &BTreeMap<crate::Identifier, crate::round2::SignatureShare>,
+    pubkeys: &crate::keys::PublicKeyPackage,
+    cheater_detection: crate::CheaterDetection,
+    randomized_params: &RandomizedParams,
+) -> Result<crate::Signature, crate::Error> {
+    frost_rerandomized::aggregate_custom::<crate::P256Sha256>(
+        signing_package,
+        signature_shares,
+        pubkeys,
+        cheater_detection,
+        randomized_params,
+    )
+}
+
+/// A randomizer. A random scalar which is used to randomize the key.
+pub type Randomizer = frost_rerandomized::Randomizer<crate::P256Sha256>;
+
+/// Randomized parameters for a signing instance of randomized FROST.
+pub type RandomizedParams = frost_rerandomized::RandomizedParams<crate::P256Sha256>;
diff --git a/frost-rerandomized/src/lib.rs b/frost-rerandomized/src/lib.rs
@@ -30,10 +30,9 @@ use frost_core::SigningPackage;
 use frost_core::{
     self as frost,
     keys::{KeyPackage, PublicKeyPackage, SigningShare, VerifyingShare},
-    round1::encode_group_commitments,
-    round1::SigningCommitments,
+    round1::{encode_group_commitments, SigningCommitments},
     serialization::SerializableScalar,
-    Ciphersuite, Error, Field, Group, Identifier, Scalar, VerifyingKey,
+    CheaterDetection, Ciphersuite, Error, Field, Group, Identifier, Scalar, VerifyingKey,
 };
 
 #[cfg(feature = "serde")]
@@ -161,9 +160,8 @@ pub fn sign_with_randomizer_seed<C: RandomizedCiphersuite>(
     frost::round2::sign(signing_package, signer_nonces, &randomized_key_package)
 }
 
-/// Re-randomized FROST signature share aggregation with the given [`RandomizedParams`],
-/// which can be computed from the previously generated randomizer using
-/// [`RandomizedParams::from_randomizer`].
+/// Re-randomized FROST signature share aggregation with the given
+/// [`RandomizedParams`].
 ///
 /// See [`frost::aggregate`] for documentation on the other parameters.
 pub fn aggregate<C>(
@@ -183,6 +181,29 @@ where
     )
 }
 
+/// Re-randomized FROST signature share aggregation with the given
+/// [`RandomizedParams`] using the given cheater detection strategy.
+///
+/// See [`frost::aggregate_custom`] for documentation on the other parameters.
+pub fn aggregate_custom<C>(
+    signing_package: &frost::SigningPackage<C>,
+    signature_shares: &BTreeMap<frost::Identifier<C>, frost::round2::SignatureShare<C>>,
+    pubkeys: &frost::keys::PublicKeyPackage<C>,
+    cheater_detection: CheaterDetection,
+    randomized_params: &RandomizedParams<C>,
+) -> Result<frost_core::Signature<C>, Error<C>>
+where
+    C: Ciphersuite,
+{
+    let randomized_public_key_package = pubkeys.randomize(randomized_params)?;
+    frost::aggregate_custom(
+        signing_package,
+        signature_shares,
+        &randomized_public_key_package,
+        cheater_detection,
+    )
+}
+
 /// A randomizer. A random scalar which is used to randomize the key.
 #[derive(Copy, Clone, PartialEq, Eq)]
 #[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]

diff --git a/frost-ristretto255/src/lib.rs b/frost-ristretto255/src/lib.rs
@@ -22,6 +22,8 @@ use frost_core as frost;
 #[cfg(test)]
 mod tests;
 
+pub mod rerandomized;
+
 // Re-exports in our public API
 #[cfg(feature = "serde")]
 pub use frost_core::serde;

diff --git a/frost-ristretto255/src/rerandomized.rs b/frost-ristretto255/src/rerandomized.rs
@@ -0,0 +1,65 @@
+//! FROST implementation supporting re-randomizable keys.
+
+use alloc::collections::btree_map::BTreeMap;
+
+/// Re-randomized FROST signing using the given `randomizer_seed`, which should
+/// be sent from the Coordinator using a confidential channel.
+///
+/// See [`crate::round2::sign`] for documentation on the other parameters.
+pub fn sign_with_randomizer_seed(
+    signing_package: &crate::SigningPackage,
+    signer_nonces: &crate::round1::SigningNonces,
+    key_package: &crate::keys::KeyPackage,
+    randomizer_seed: &[u8],
+) -> Result<crate::round2::SignatureShare, crate::Error> {
+    frost_rerandomized::sign_with_randomizer_seed::<crate::Ristretto255Sha512>(
+        signing_package,
+        signer_nonces,
+        key_package,
+        randomizer_seed,
+    )
+}
+
+/// Re-randomized FROST signature share aggregation with the given
+/// [`RandomizedParams`].
+///
+/// See [`frost_core::aggregate`] for documentation on the other parameters.
+pub fn aggregate(
+    signing_package: &crate::SigningPackage,
+    signature_shares: &BTreeMap<crate::Identifier, crate::round2::SignatureShare>,
+    pubkeys: &crate::keys::PublicKeyPackage,
+    randomized_params: &RandomizedParams,
+) -> Result<crate::Signature, crate::Error> {
+    frost_rerandomized::aggregate::<crate::Ristretto255Sha512>(
+        signing_package,
+        signature_shares,
+        pubkeys,
+        randomized_params,
+    )
+}
+
+/// Re-randomized FROST signature share aggregation with the given
+/// [`RandomizedParams`] using the given cheater detection strategy.
+///
+/// See [`frost_core::aggregate_custom`] for documentation on the other parameters.
+pub fn aggregate_custom(
+    signing_package: &crate::SigningPackage,
+    signature_shares: &BTreeMap<crate::Identifier, crate::round2::SignatureShare>,
+    pubkeys: &crate::keys::PublicKeyPackage,
+    cheater_detection: crate::CheaterDetection,
+    randomized_params: &RandomizedParams,
+) -> Result<crate::Signature, crate::Error> {
+    frost_rerandomized::aggregate_custom::<crate::Ristretto255Sha512>(
+        signing_package,
+        signature_shares,
+        pubkeys,
+        cheater_detection,
+        randomized_params,
+    )
+}
+
+/// A randomizer. A random scalar which is used to randomize the key.
+pub type Randomizer = frost_rerandomized::Randomizer<crate::Ristretto255Sha512>;
+
+/// Randomized parameters for a signing instance of randomized FROST.
+pub type RandomizedParams = frost_rerandomized::RandomizedParams<crate::Ristretto255Sha512>;