frost: share generation

This commit adds share generation, as well as share serialization and
parsing.

include/secp256k1_frost.h

@@ -1,6 +1,8 @@
 #ifndef SECP256K1_FROST_H
 #define SECP256K1_FROST_H
 
+#include "secp256k1_extrakeys.h"
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -15,6 +17,87 @@ extern "C" {
  * (https://crysp.uwaterloo.ca/software/frost/).
  */
 
+/** Opaque data structures
+ *
+ *  The exact representation of data inside is implementation defined and not
+ *  guaranteed to be portable between different platforms or versions. If you
+ *  need to convert to a format suitable for storage, transmission, or
+ *  comparison, use the corresponding serialization and parsing functions.
+ */
+
+/** Opaque data structure that holds a signer's _secret_ share.
+ *
+ *  Guaranteed to be 36 bytes in size. Serialized and parsed with
+ *  `frost_share_serialize` and `frost_share_parse`.
+ */
+typedef struct {
+    unsigned char data[36];
+} secp256k1_frost_share;
+
+/** Serialize a FROST share
+ *
+ *  Returns: 1 when the share could be serialized, 0 otherwise
+ *  Args:    ctx: pointer to a context object
+ *  Out:   out32: pointer to a 32-byte array to store the serialized share
+ *  In:    share: pointer to the share
+ */
+SECP256K1_API int secp256k1_frost_share_serialize(
+    const secp256k1_context *ctx,
+    unsigned char *out32,
+    const secp256k1_frost_share *share
+) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
+
+/** Parse a FROST share.
+ *
+ *  Returns: 1 when the share could be parsed, 0 otherwise.
+ *  Args:    ctx: pointer to a context object
+ *  Out:   share: pointer to a share object
+ *  In:     in32: pointer to the 32-byte share to be parsed
+ */
+SECP256K1_API int secp256k1_frost_share_parse(
+    const secp256k1_context *ctx,
+    secp256k1_frost_share *share,
+    const unsigned char *in32
+) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
+
+/** Creates key shares
+ *
+ *  To generate a key, each participant generates a share for each other
+ *  participant. For example, in the case of 2 particpants, Alice and Bob, they
+ *  each generate 2 shares, distribute 1 share to each other using a secure
+ *  channel, and keep 1 for themselves.
+ *
+ *  Each participant must transmit shares over secure channels to each other
+ *  participant.
+ *
+ *  Each call to this function must have a UNIQUE and uniformly RANDOM seed32
+ *  that must that must NOT BE REUSED in subsequent calls to this function and
+ *  must be KEPT SECRET (even from other participants).
+ *
+ *  Returns: 0 if the arguments are invalid, 1 otherwise
+ *  Args:            ctx: pointer to a context object
+ *  Out:          shares: pointer to the key shares
+ *        vss_commitment: pointer to the VSS commitment
+ *                 pok64: pointer to the proof of knowledge
+ *   In:          seed32: 32-byte random seed as explained above. Must be
+ *                        unique to this call to secp256k1_frost_shares_gen
+ *                        and must be uniformly random.
+ *             threshold: the minimum number of signers required to produce a
+ *                        signature
+ *        n_participants: the total number of participants
+ *                 ids33: array of 33-byte participant IDs
+ */
+SECP256K1_API int secp256k1_frost_shares_gen(
+    const secp256k1_context *ctx,
+    secp256k1_frost_share *shares,
+    secp256k1_pubkey *vss_commitment,
+    unsigned char *pok64,
+    const unsigned char *seed32,
+    size_t threshold,
+    size_t n_participants,
+    const unsigned char * const* ids33
+) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5) SECP256K1_ARG_NONNULL(8);
+
 #ifdef __cplusplus
 }
 #endif