BlockstreamResearch
diff --git a/‎contrib/frost-vectors.py
+221 b/‎contrib/frost-vectors.py
+221
diff --git a/‎examples/frost.c
+10-45 b/‎examples/frost.c
+10-45
@@ -0,0 +1,221 @@
+#!/usr/bin/env python3
+
+import sys
+import json
+import textwrap
+
+max_participants = 0
+
+if len(sys.argv) < 2:
+    print(
+        "This script converts BIP FROST test vectors in a given directory to a C file that can be used in the test framework."
+    )
+    print("Usage: %s <dir>" % sys.argv[0])
+    sys.exit(1)
+
+
+def hexstr_to_intarray(str):
+    return ", ".join([f"0x{b:02X}" for b in bytes.fromhex(str)])
+
+
+def create_init(name):
+    return """
+static const struct frost_%s_vector frost_%s_vector = {
+""" % (
+        name,
+        name,
+    )
+
+
+def init_array(key):
+    return textwrap.indent("{ %s },\n" % hexstr_to_intarray(data[key]), 4 * " ")
+
+
+def init_arrays(key):
+    s = textwrap.indent("{\n", 4 * " ")
+    s += textwrap.indent(
+        ",\n".join(["{ %s }" % hexstr_to_intarray(x) for x in data[key]]), 8 * " "
+    )
+    s += textwrap.indent("\n},\n", 4 * " ")
+    return s
+
+
+def init_nested_arrays(array):
+    return "{ %s }" % ", ".join(["{ %s }" % hexstr_to_intarray(x) for x in array])
+
+
+def init_indices(array):
+    return " %d, { %s }" % (
+        len(array),
+        ", ".join(map(str, array)) if len(array) > 0 else "0",
+    )
+
+
+def init_is_xonly(case):
+    if len(case.get("tweak_indices", [])) > 0:
+        return ", ".join("1" if x else "0" for x in case["is_xonly"])
+    return "0"
+
+
+def init_optional_expected(case):
+    return hexstr_to_intarray(case["expected"]) if "expected" in case else "0"
+
+
+def init_cases(cases, f):
+    s = textwrap.indent("{\n", 4 * " ")
+    for (i, case) in enumerate(cases):
+        s += textwrap.indent("%s\n" % f(case), 8 * " ")
+    s += textwrap.indent("},\n", 4 * " ")
+    return s
+
+
+def finish_init():
+    return "};\n"
+
+
+s = (
+    """/**
+ * Automatically generated by %s.
+ *
+ * The test vectors for the FROST implementation.
+ */
+"""
+    % sys.argv[0]
+)
+
+s += """
+enum FROST_ERROR {
+    FROST_PUBKEY,
+    FROST_PUBSHARE,
+    FROST_TWEAK,
+    FROST_PUBNONCE,
+    FROST_AGGNONCE,
+    FROST_SECNONCE,
+    FROST_SIG,
+    FROST_SIG_VERIFY,
+    FROST_OTHER
+};
+"""
+
+# key gen vectors
+with open(sys.argv[1] + "/keygen_vectors.json") as f:
+    data = json.load(f)
+
+    num_valid_cases = len(data["valid_test_cases"])
+    num_pubshare_fail_cases = len(data["pubshare_correctness_fail_test_cases"])
+    num_group_pubkey_fail_cases = len(data["group_pubkey_correctness_fail_test_cases"])
+
+    all_cases = (
+        data["valid_test_cases"]
+        + data["pubshare_correctness_fail_test_cases"]
+        + data["group_pubkey_correctness_fail_test_cases"]
+    )
+    max_participants = max(
+        len(test_case["participant_identifiers"]) for test_case in all_cases
+    )
+
+    # Add structures for valid and error cases
+    s += """
+struct frost_key_gen_valid_test_case {
+    size_t max_participants;
+    size_t min_participants;
+    unsigned char group_public_key[33];
+    size_t participant_identifiers_len;
+    size_t participant_identifiers[%d];
+    unsigned char participant_pubshares[%d][33];
+    unsigned char participant_secshares[%d][32];
+};
+""" % (
+        max_participants,
+        max_participants,
+        max_participants,
+    )
+    s += """
+struct frost_key_gen_pubshare_fail_test_case {
+    size_t max_participants;
+    size_t min_participants;
+    unsigned char group_public_key[33];
+    size_t participant_identifiers_len;
+    size_t participant_identifiers[%d];
+    unsigned char participant_pubshares[%d][33];
+    unsigned char participant_secshares[%d][32];
+    enum FROST_ERROR error;
+};
+""" % (
+        max_participants,
+        max_participants,
+        max_participants,
+    )
+    s += """
+struct frost_key_gen_pubkey_fail_test_case {
+    size_t max_participants;
+    size_t min_participants;
+    unsigned char group_public_key[33];
+    size_t participant_identifiers_len;
+    size_t participant_identifiers[%d];
+    unsigned char participant_pubshares[%d][33];
+    unsigned char participant_secshares[%d][32];
+    enum FROST_ERROR error;
+};
+""" % (
+        max_participants,
+        max_participants,
+        max_participants,
+    )
+
+    # Add structure for entire vector
+
+    s += """
+struct frost_key_gen_vector {
+    struct frost_key_gen_valid_test_case valid_cases[%d];
+    struct frost_key_gen_pubshare_fail_test_case pubshare_fail_cases[%d];
+    struct frost_key_gen_pubkey_fail_test_case pubkey_fail_cases[%d];
+};
+""" % (
+        num_valid_cases,
+        num_pubshare_fail_cases,
+        num_group_pubkey_fail_cases,
+    )
+
+    s += create_init("key_gen")
+
+    #  Add valid cases to the vector
+    s += init_cases(
+        data["valid_test_cases"],
+        lambda case: "{ %d, %d, { %s }, %s, %s, %s },"
+        % (
+            case["max_participants"],
+            case["min_participants"],
+            hexstr_to_intarray(case["group_public_key"]),
+            init_indices(case["participant_identifiers"]),
+            init_nested_arrays(case["participant_pubshares"]),
+            init_nested_arrays(case["participant_secshares"]),
+        ),
+    )
+
+    def comment_to_error(case):
+        comment = case["comment"]
+        if "public key" in comment.lower():
+            return "FROST_PUBKEY"
+        elif "pubshare" in comment.lower():
+            return "FROST_PUBSHARE"
+        else:
+            sys.exit("Unknown error")
+
+    for cases in ("pubshare_correctness_fail_test_cases", "group_pubkey_correctness_fail_test_cases"):
+        s += init_cases(
+            data[cases],
+            lambda case: "{ %d, %d, { %s }, %s, %s, %s, %s },"
+            % (
+                case["max_participants"],
+                case["min_participants"],
+                hexstr_to_intarray(case["group_public_key"]),
+                init_indices(case["participant_identifiers"]),
+                init_nested_arrays(case["participant_pubshares"]),
+                init_nested_arrays(case["participant_secshares"]),
+                comment_to_error(case),
+            ),
+        )
+    s += finish_init()
+s += "enum { FROST_VECTORS_MAX_PARTICIPANTS = %d };" % max_participants
+print(s)
@@ -20,7 +20,6 @@
 #include "examples_util.h"
 
 struct signer_secrets {
-    secp256k1_keypair keypair;
     secp256k1_frost_secshare share;
     secp256k1_frost_secnonce secnonce;
 };
@@ -30,7 +29,6 @@ struct signer {
     secp256k1_frost_pubnonce pubnonce;
     secp256k1_frost_session session;
     secp256k1_frost_partial_sig partial_sig;
-    unsigned char id[33];
 };
 
 /* Threshold required in creating the aggregate signature */
@@ -39,60 +37,33 @@ struct signer {
 
 /* Number of public keys involved in creating the aggregate signature */
 #define N_SIGNERS 5
-/* Create a key pair, store it in signer_secrets->keypair and signer->pubkey */
-static int create_keypair(const secp256k1_context* ctx, struct signer_secrets *signer_secrets, struct signer *signer) {
-    secp256k1_pubkey pubkey_tmp;
-    unsigned char seckey[32];
-    size_t size = 33;
-    while (1) {
-        if (!fill_random(seckey, sizeof(seckey))) {
-            printf("Failed to generate randomness\n");
-            return 1;
-        }
-        if (secp256k1_keypair_create(ctx, &signer_secrets->keypair, seckey)) {
-            break;
-        }
-    }
-    if (!secp256k1_keypair_pub(ctx, &pubkey_tmp, &signer_secrets->keypair)) {
-        return 0;
-    }
-    if (!secp256k1_ec_pubkey_serialize(ctx, signer->id, &size, &pubkey_tmp, SECP256K1_EC_COMPRESSED)) {
-        return 0;
-    }
-    return 1;
-}
 
 /* Create shares and coefficient commitments */
 static int create_shares(const secp256k1_context* ctx, struct signer_secrets *signer_secrets, struct signer *signer) {
     int i;
     secp256k1_frost_secshare shares[N_SIGNERS];
     secp256k1_pubkey vss_commitment[THRESHOLD];
-    const unsigned char *ids[N_SIGNERS];
     unsigned char seed[32];
 
     if (!fill_random(seed, sizeof(seed))) {
         return 0;
     }
 
-    for (i = 0; i < N_SIGNERS; i++) {
-        ids[i] = signer[i].id;
-    }
-
     /* Generate shares for the participants */
-    if (!secp256k1_frost_shares_gen(ctx, shares, vss_commitment, seed, THRESHOLD, N_SIGNERS, ids)) {
+    if (!secp256k1_frost_shares_gen(ctx, shares, vss_commitment, seed, THRESHOLD, N_SIGNERS)) {
         return 0;
     }
 
     /* Distribute shares and VSS commitment */
     for (i = 0; i < N_SIGNERS; i++) {
         signer_secrets[i].share = shares[i];
         /* Each participant verifies their share. */
-        if (!secp256k1_frost_share_verify(ctx, THRESHOLD, signer[i].id, &shares[i], vss_commitment)) {
+        if (!secp256k1_frost_share_verify(ctx, THRESHOLD, i, &shares[i], vss_commitment)) {
             return 0;
         }
         /* Each participant generates public verification shares that are
          * used for verifying partial signatures. */
-        if (!secp256k1_frost_compute_pubshare(ctx, &signer[i].pubshare, THRESHOLD, signer[i].id, vss_commitment)) {
+        if (!secp256k1_frost_compute_pubshare(ctx, &signer[i].pubshare, THRESHOLD, i, vss_commitment)) {
             return 0;
         }
     }
@@ -143,7 +114,7 @@ static int sign(const secp256k1_context* ctx, struct signer_secrets *signer_secr
     int signers[THRESHOLD];
     int is_signer[N_SIGNERS];
     const secp256k1_frost_pubnonce *pubnonces[THRESHOLD];
-    const unsigned char *ids[THRESHOLD];
+    size_t ids[THRESHOLD];
     const secp256k1_frost_partial_sig *partial_sigs[THRESHOLD];
 
     for (i = 0; i < N_SIGNERS; i++) {
@@ -179,12 +150,12 @@ static int sign(const secp256k1_context* ctx, struct signer_secrets *signer_secr
         }
         /* Mark signer as assigned */
         pubnonces[i] = &signer[signer_id].pubnonce;
-        ids[i] = signer[signer_id].id;
+        ids[i] = signer_id;
     }
     /* Signing communication round 1: Exchange nonces */
     for (i = 0; i < THRESHOLD; i++) {
         signer_id = signers[i];
-        if (!secp256k1_frost_nonce_process(ctx, &signer[signer_id].session, pubnonces, THRESHOLD, msg32, signer[signer_id].id, ids, cache, NULL)) {
+        if (!secp256k1_frost_nonce_process(ctx, &signer[signer_id].session, pubnonces, THRESHOLD, msg32, signer_id, ids, cache, NULL)) {
             return 0;
         }
         /* partial_sign will clear the secnonce by setting it to 0. That's because
@@ -220,36 +191,30 @@ static int sign(const secp256k1_context* ctx, struct signer_secrets *signer_secr
 
 int main(void) {
     secp256k1_context* ctx;
-    int i;
+    size_t i;
     struct signer_secrets signer_secrets[N_SIGNERS];
     struct signer signers[N_SIGNERS];
     const secp256k1_pubkey *pubshares_ptr[N_SIGNERS];
     secp256k1_xonly_pubkey pk;
     secp256k1_frost_keygen_cache keygen_cache;
     const unsigned char msg[32] = "this_could_be_the_hash_of_a_msg!";
     unsigned char sig[64];
-    const unsigned char *id_ptr[5];
+    size_t ids[5];
 
     /* Create a context for signing and verification */
     ctx = secp256k1_context_create(SECP256K1_CONTEXT_NONE);
-    printf("Creating key pairs......");
     for (i = 0; i < N_SIGNERS; i++) {
-        if (!create_keypair(ctx, &signer_secrets[i], &signers[i])) {
-            printf("FAILED\n");
-            return 1;
-        }
         pubshares_ptr[i] = &signers[i].pubshare;
-        id_ptr[i] = signers[i].id;
+        ids[i] = i;
     }
-    printf("ok\n");
     printf("Creating shares.........");
     if (!create_shares(ctx, signer_secrets, signers)) {
         printf("FAILED\n");
         return 1;
     }
     printf("ok\n");
     printf("Generating public key...");
-    if (!secp256k1_frost_pubkey_gen(ctx, &keygen_cache, pubshares_ptr, N_SIGNERS, id_ptr)) {
+    if (!secp256k1_frost_pubkey_gen(ctx, &keygen_cache, pubshares_ptr, N_SIGNERS, ids)) {
         printf("FAILED\n");
         return 1;
     }