Skip to content

Commit 2c23466

Browse files
jesseposnerjesseposner
committed
wip v2
1 parent 68b2867 commit 2c23466

File tree

8 files changed

+426
-438
lines changed

8 files changed

+426
-438
lines changed

examples/frost.c

+17-12
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,6 @@ struct signer {
3737
secp256k1_frost_session session;
3838
secp256k1_frost_partial_sig partial_sig;
3939
secp256k1_pubkey vss_commitment[THRESHOLD];
40-
unsigned char vss_hash[32];
4140
unsigned char pok[64];
4241
unsigned char id[33];
4342
};
@@ -70,7 +69,7 @@ int create_keypair_and_seed(const secp256k1_context* ctx, struct signer_secrets
7069
}
7170

7271
/* Create shares and coefficient commitments */
73-
int create_shares(const secp256k1_context* ctx, struct signer_secrets *signer_secrets, struct signer *signer, secp256k1_xonly_pubkey *pk) {
72+
int create_shares(const secp256k1_context* ctx, struct signer_secrets *signer_secrets, struct signer *signer) {
7473
int i, j;
7574
secp256k1_frost_share shares[N_SIGNERS][N_SIGNERS];
7675
const secp256k1_pubkey *vss_commitments[N_SIGNERS];
@@ -101,7 +100,7 @@ int create_shares(const secp256k1_context* ctx, struct signer_secrets *signer_se
101100
assigned_shares[j] = &shares[j][i];
102101
}
103102
/* Each participant aggregates the shares they received. */
104-
if (!secp256k1_frost_share_agg(ctx, &signer_secrets[i].agg_share, pk, assigned_shares, vss_commitments, poks, N_SIGNERS, THRESHOLD, signer[i].id)) {
103+
if (!secp256k1_frost_share_agg(ctx, &signer_secrets[i].agg_share, assigned_shares, vss_commitments, poks, N_SIGNERS, THRESHOLD, signer[i].id)) {
105104
return 0;
106105
}
107106
for (j = 0; j < N_SIGNERS; j++) {
@@ -125,15 +124,11 @@ int create_shares(const secp256k1_context* ctx, struct signer_secrets *signer_se
125124

126125
/* Tweak the pubkey corresponding to the provided tweak cache, update the cache
127126
* and return the tweaked aggregate pk. */
128-
int tweak(const secp256k1_context* ctx, secp256k1_xonly_pubkey *pk, secp256k1_frost_tweak_cache *cache) {
127+
int tweak(const secp256k1_context* ctx, secp256k1_xonly_pubkey *pk, secp256k1_frost_keygen_cache *cache) {
129128
secp256k1_pubkey output_pk;
130129
unsigned char ordinary_tweak[32] = "this could be a BIP32 tweak....";
131130
unsigned char xonly_tweak[32] = "this could be a taproot tweak..";
132131

133-
if (!secp256k1_frost_pubkey_tweak(ctx, cache, pk)) {
134-
return 0;
135-
}
136-
137132
/* Ordinary tweaking which, for example, allows deriving multiple child
138133
* public keys from a single aggregate key using BIP32 */
139134
if (!secp256k1_frost_pubkey_ec_tweak_add(ctx, NULL, cache, ordinary_tweak)) {
@@ -164,7 +159,7 @@ int tweak(const secp256k1_context* ctx, secp256k1_xonly_pubkey *pk, secp256k1_fr
164159

165160
/* Sign a message hash with the given threshold and aggregate shares and store
166161
* the result in sig */
167-
int sign(const secp256k1_context* ctx, struct signer_secrets *signer_secrets, struct signer *signer, const unsigned char* msg32, secp256k1_xonly_pubkey *pk, unsigned char *sig64, const secp256k1_frost_tweak_cache *cache) {
162+
int sign(const secp256k1_context* ctx, struct signer_secrets *signer_secrets, struct signer *signer, const unsigned char* msg32, secp256k1_xonly_pubkey *pk, unsigned char *sig64, const secp256k1_frost_keygen_cache *cache) {
168163
int i;
169164
int signer_id = 0;
170165
int signers[THRESHOLD];
@@ -212,7 +207,7 @@ int sign(const secp256k1_context* ctx, struct signer_secrets *signer_secrets, st
212207
/* Signing communication round 1: Exchange nonces */
213208
for (i = 0; i < THRESHOLD; i++) {
214209
signer_id = signers[i];
215-
if (!secp256k1_frost_nonce_process(ctx, &signer[signer_id].session, pubnonces, THRESHOLD, msg32, pk, signer[signer_id].id, ids, cache, NULL)) {
210+
if (!secp256k1_frost_nonce_process(ctx, &signer[signer_id].session, pubnonces, THRESHOLD, msg32, signer[signer_id].id, ids, cache, NULL)) {
216211
return 0;
217212
}
218213
/* partial_sign will clear the secnonce by setting it to 0. That's because
@@ -251,10 +246,12 @@ int main(void) {
251246
int i;
252247
struct signer_secrets signer_secrets[N_SIGNERS];
253248
struct signer signers[N_SIGNERS];
249+
const secp256k1_pubkey *pubshares_ptr[N_SIGNERS];
254250
secp256k1_xonly_pubkey pk;
255-
secp256k1_frost_tweak_cache cache;
251+
secp256k1_frost_keygen_cache cache;
256252
unsigned char msg[32] = "this_could_be_the_hash_of_a_msg!";
257253
unsigned char sig[64];
254+
const unsigned char *id_ptr[5];
258255

259256
/* Create a context for signing and verification */
260257
ctx = secp256k1_context_create(SECP256K1_CONTEXT_NONE);
@@ -264,10 +261,18 @@ int main(void) {
264261
printf("FAILED\n");
265262
return 1;
266263
}
264+
pubshares_ptr[i] = &signers[i].pubshare;
265+
id_ptr[i] = signers[i].id;
267266
}
268267
printf("ok\n");
269268
printf("Creating shares.........");
270-
if (!create_shares(ctx, signer_secrets, signers, &pk)) {
269+
if (!create_shares(ctx, signer_secrets, signers)) {
270+
printf("FAILED\n");
271+
return 1;
272+
}
273+
printf("ok\n");
274+
printf("Generating public key...");
275+
if (!secp256k1_frost_pubkey_gen(ctx, &cache, pubshares_ptr, N_SIGNERS, id_ptr)) {
271276
printf("FAILED\n");
272277
return 1;
273278
}

0 commit comments

Comments
 (0)