| Crate | Crates.io | Documentation | |
|---|---|---|---|
| Generic FROST implementation | [frost-core] |
 |
 |
| Ristretto255 ciphersuite | [frost-ristretto255] |
 |
 |
| Ed25519 ciphersuite | [frost-ed25519] |
 |
 |
| Ed448 ciphersuite | [frost-ed448] |
 |
 |
| P-256 ciphersuite | [frost-p256] |
 |
 |
| secp256k1 ciphersuite | [frost-secp256k1] |
 |
 |
| Generic Re-randomized FROST | [frost-rerandomized] |
 |
 |
Rust implementations of 'Two-Round Threshold Schnorr Signatures with FROST'.
Unlike signatures in a single-party setting, threshold signatures require cooperation among a threshold number of signers, each holding a share of a common private key. The security of threshold schemes in general assume that an adversary can corrupt strictly fewer than a threshold number of participants.
'Two-Round Threshold Schnorr Signatures with FROST' presents a variant of a Flexible Round-Optimized Schnorr Threshold (FROST) signature scheme originally defined in FROST20. FROST reduces network overhead during threshold signing operations while employing a novel technique to protect against forgery attacks applicable to prior Schnorr-based threshold signature constructions.
Besides FROST itself, this repository also provides:
- Trusted dealer key generation as specified in the appendix of 'Two-Round Threshold Schnorr Signatures with FROST';
- Distributed key generation as specified in the original paper FROST20;
- Repairable Theshold Scheme (RTS) from 'A Survey and Refinement of Repairable Threshold Schemes' which allows a participant to recover a lost share with the help of a threshold of other participants;
- Rerandomized FROST (paper under review).
Refer to the ZF FROST book.
The FROST specification is not yet finalized, though no significant changes are
expected at this point. This code base has been audited by NCC. The APIs and
types in frost-core are subject to change during the release candidate phase,
and will follow SemVer guarantees after 1.0.0.
frost-core implements the base traits and types in a generic manner, to enable top-level
implementations for different ciphersuites / curves without having to implement all of FROST from
scratch. End-users should not use frost-core if they want to sign and verify signatures, they
should use the crate specific to their ciphersuite/curve parameters that uses frost-core as a
dependency.