/frost

Rust implementation of FROST (Flexible Round-Optimised Schnorr Threshold signatures) by the Zcash Foundation

Primary LanguageRustOtherNOASSERTION

ZF FROST (Flexible Round-Optimised Schnorr Threshold signatures)

CI

Crate Crates.io Documentation
Generic FROST implementation [frost-core] crates.io Documentation
Ristretto255 ciphersuite [frost-ristretto255] crates.io Documentation
Ed25519 ciphersuite [frost-ed25519] crates.io Documentation
Ed448 ciphersuite [frost-ed448] crates.io Documentation
P-256 ciphersuite [frost-p256] crates.io Documentation
secp256k1 ciphersuite [frost-secp256k1] crates.io Documentation
Generic Re-randomized FROST [frost-rerandomized] crates.io Documentation

Rust implementations of 'Two-Round Threshold Schnorr Signatures with FROST'.

Unlike signatures in a single-party setting, threshold signatures require cooperation among a threshold number of signers, each holding a share of a common private key. The security of threshold schemes in general assume that an adversary can corrupt strictly fewer than a threshold number of participants.

'Two-Round Threshold Schnorr Signatures with FROST' presents a variant of a Flexible Round-Optimized Schnorr Threshold (FROST) signature scheme originally defined in FROST20. FROST reduces network overhead during threshold signing operations while employing a novel technique to protect against forgery attacks applicable to prior Schnorr-based threshold signature constructions.

Besides FROST itself, this repository also provides:

Getting Started

Refer to the ZF FROST book.

Status ⚠

The FROST specification is not yet finalized, though no significant changes are expected at this point. This code base has been audited by NCC. The APIs and types in frost-core are subject to change during the release candidate phase, and will follow SemVer guarantees after 1.0.0.

Usage

frost-core implements the base traits and types in a generic manner, to enable top-level implementations for different ciphersuites / curves without having to implement all of FROST from scratch. End-users should not use frost-core if they want to sign and verify signatures, they should use the crate specific to their ciphersuite/curve parameters that uses frost-core as a dependency.