Add nonce combine function

Author: jesseposner

include/secp256k1_frost.h

@@ -73,6 +73,14 @@ SECP256K1_API int secp256k1_frost_pubkey_combine(
     const secp256k1_pubkey *pubkeys
 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
 
+SECP256K1_API int secp256k1_frost_nonce_combine(
+    const secp256k1_context* ctx,
+    const secp256k1_pubkey *pubkeys,
+    size_t n_signers,
+    int *nonce_parity,
+    secp256k1_xonly_pubkey *combined_pk
+) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5);
+
 #ifdef __cplusplus
 }
 #endif

src/modules/frost/main_impl.h

@@ -142,6 +142,21 @@ int secp256k1_frost_pubkey_combine(const secp256k1_context *ctx, secp256k1_scrat
     return 1;
 }
 
+int secp256k1_frost_nonce_combine(const secp256k1_context* ctx, const secp256k1_pubkey *pubkeys, size_t n_signers, int *nonce_parity, secp256k1_xonly_pubkey *combined_pk) {
+    secp256k1_frost_keygen_session session;
+
+    session.n_signers = n_signers;
+
+    if (!secp256k1_frost_pubkey_combine(ctx, NULL, &session, pubkeys)) {
+        return 0;
+    }
+
+    *nonce_parity = session.pk_parity;
+    *combined_pk = session.combined_pk;
+
+    return 1;
+}
+
 static void secp256k1_frost_lagrange_coefficient(secp256k1_scalar *r, const size_t *participant_indexes, const size_t n_participants, const size_t my_index) {
     size_t i;
     secp256k1_scalar num;

src/modules/frost/tests_impl.h

@@ -32,6 +32,8 @@ void run_frost_tests(void) {
     secp256k1_keypair keypair;
     secp256k1_frost_secnonce k;
     secp256k1_frost_keygen_session sessions[N_SIGNERS];
+    secp256k1_xonly_pubkey combined_nonce;
+    int combined_nonce_parity;
     int i, j;
 
     /* Round 1.1, 1.2, 1.3, and 1.4 */
@@ -104,9 +106,8 @@ void run_frost_tests(void) {
         secp256k1_ge_set_gej(&rp, &rj);
         secp256k1_pubkey_save(&pubkeys[i], &rp);
     }
-    sessions[0].n_signers = THRESHOLD;
-    CHECK(secp256k1_frost_pubkey_combine(ctx, NULL, &sessions[0], pubkeys));
-    CHECK(secp256k1_xonly_pubkey_serialize(ctx, pk2, &sessions[0].combined_pk));
+    CHECK(secp256k1_frost_nonce_combine(ctx, pubkeys, THRESHOLD, &combined_nonce_parity, &combined_nonce));
+    CHECK(secp256k1_xonly_pubkey_serialize(ctx, pk2, &combined_nonce));
     /* sign */
     for (i = 0; i < THRESHOLD; i++) {
         /* compute challenge hash */
@@ -116,10 +117,10 @@ void run_frost_tests(void) {
         secp256k1_frost_lagrange_coefficient(&l, participants, THRESHOLD, sessions[i].my_index);
         secp256k1_scalar_mul(&s1, &s1, &l);
         secp256k1_scalar_mul(&s2, &s2, &s1);
-        CHECK(secp256k1_xonly_pubkey_serialize(ctx, pk2, &sessions[0].combined_pk));
+        CHECK(secp256k1_xonly_pubkey_serialize(ctx, pk2, &combined_nonce));
         secp256k1_nonce_function_frost(&k, id, sessions[i].agg_share.data, msg, &pk1[1], frost_algo, 9, NULL);
         secp256k1_scalar_set_b32(&s1, k.data, NULL);
-        if (sessions[0].pk_parity) {
+        if (combined_nonce_parity) {
             secp256k1_scalar_negate(&s1, &s1);
 
         }