#ifndef SECP256K1_FROST_H #define SECP256K1_FROST_H #include "secp256k1_extrakeys.h" #ifdef __cplusplus extern "C" { #endif #include /** This code is currently a work in progress. It's not secure nor stable. * IT IS EXTREMELY DANGEROUS AND RECKLESS TO USE THIS MODULE IN PRODUCTION! * * This module implements a variant of Flexible Round-Optimized Schnorr * Threshold Signatures (FROST) by Chelsea Komlo and Ian Goldberg * (https://crysp.uwaterloo.ca/software/frost/). */ /** Opaque data structures * * The exact representation of data inside is implementation defined and not * guaranteed to be portable between different platforms or versions. If you * need to convert to a format suitable for storage, transmission, or * comparison, use the corresponding serialization and parsing functions. */ /** Opaque data structure that holds a signer's _secret_ share. * * Guaranteed to be 36 bytes in size. Serialized and parsed with * `frost_share_serialize` and `frost_share_parse`. */ typedef struct { unsigned char data[36]; } secp256k1_frost_share; /** Serialize a FROST share * * Returns: 1 when the share could be serialized, 0 otherwise * Args: ctx: pointer to a context object * Out: out32: pointer to a 32-byte array to store the serialized share * In: share: pointer to the share */ SECP256K1_API int secp256k1_frost_share_serialize( const secp256k1_context *ctx, unsigned char *out32, const secp256k1_frost_share *share ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); /** Parse a FROST share. * * Returns: 1 when the share could be parsed, 0 otherwise. * Args: ctx: pointer to a context object * Out: share: pointer to a share object * In: in32: pointer to the 32-byte share to be parsed */ SECP256K1_API int secp256k1_frost_share_parse( const secp256k1_context *ctx, secp256k1_frost_share *share, const unsigned char *in32 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); /** Creates key shares * * To generate a key, each participant generates a share for each other * participant. For example, in the case of 2 particpants, Alice and Bob, they * each generate 2 shares, distribute 1 share to each other using a secure * channel, and keep 1 for themselves. * * Each participant must transmit shares over secure channels to each other * participant. * * Each call to this function must have a UNIQUE and uniformly RANDOM seed32 * that must that must NOT BE REUSED in subsequent calls to this function and * must be KEPT SECRET (even from other participants). * * Returns: 0 if the arguments are invalid, 1 otherwise * Args: ctx: pointer to a context object * Out: shares: pointer to the key shares * vss_commitment: pointer to the VSS commitment * pok64: pointer to the proof of knowledge * In: seed32: 32-byte random seed as explained above. Must be * unique to this call to secp256k1_frost_shares_gen * and must be uniformly random. * threshold: the minimum number of signers required to produce a * signature * n_participants: the total number of participants * ids33: array of 33-byte participant IDs */ SECP256K1_API int secp256k1_frost_shares_gen( const secp256k1_context *ctx, secp256k1_frost_share *shares, secp256k1_pubkey *vss_commitment, unsigned char *pok64, const unsigned char *seed32, size_t threshold, size_t n_participants, const unsigned char * const* ids33 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5) SECP256K1_ARG_NONNULL(8); #ifdef __cplusplus } #endif #endif