We have now simply launched FROST v3.0.0-rc.0. The principle modifications on this launch have been altering the cheater detection characteristic to permit specifying as a operate parameter as a substitute of a compile-time characteristic, an enormous refactor of the restore share and refresh share performance, enhancing our check protection for serialisation and async, and a few important enhancements to our documentation.
Characteristic Configuration Modifications
The `cheater-detection` characteristic was eliminated to simplify the characteristic matrix and cut back upkeep burden. Since most customers need cheater detection enabled, it’s now the default conduct. For customers who explicitly have to disable it (e.g., for efficiency in trusted environments), a brand new `aggregate_custom()` operate was added that accepts a `CheaterDetection` argument. The `std` and `nightly` options have additionally been eliminated for the reason that crates are actually no-std by default (except frost-ed448) and the nightly characteristic was by no means used.
Key Refresh and Repairable Module Enhancements
The `refresh` module was simplified to enhance usability: `compute_refreshing_shares()` not takes `min_signers` and `max_signers` arguments since these values may be inferred from the `PublicKeyPackage`. This prevents errors from mismatched parameters and makes the API more durable to misuse.
The `repairable` module additionally underwent some refactoring to enhance readability. Capabilities have been renamed from `repair_share_step_X()` to `repair_share_partX()` for consistency with DKG naming. New `Delta` and `Sigma` varieties substitute uncooked `Scalar` values, stopping unintentional misuse, and these capabilities now return a `KeyPackage` as a substitute of `SecretShare`, which is extra helpful since `SecretShare`s don’t have to be saved long-term.
To enhance safety, `ZeroizeOnDrop` was carried out for `SigningNonces`, guaranteeing that delicate nonce materials is mechanically zeroed from reminiscence when it goes out of scope.
Enhancements
We added `pre_commitment_aggregate()` and `pre_commitment_sign()` hooks to the `Ciphersuite` trait in addition to `Ciphersuite::post_generate()` to permit ciphersuit particular customization.
A `min_signers` argument was added to `PublicKeyPackage::new()` (wrapped in `Possibility` for backwards compatibility) to make sure threshold data is preserved with the general public key bundle. The `frost-rerandomized` crate is now re-exported in ciphersuite crates, making it simpler to make use of rerandomized signing with out further imports.
The `InvalidSignatureShare::offender` subject was modified to `culprits` (now a `Vec`), and `Error::offender()` was equally renamed to `culprits()`, permitting a number of misbehaving individuals to be recognized in a single aggregation try. The `Ciphersuite`, `Scalar`, and `Ingredient` traits now require `Ship` and `Sync` bounds to allow protected use in async contexts. The serialization traits (`SignatureSerialization`, `Subject::Serialization`, `Ingredient::Serialization`) have been simplified to not require `TryFrom
frost-rerandomized Crate
The `cheater-detection` characteristic was additionally faraway from this crate with the identical conduct modifications as frost-core.
The frost-rerandomized crate obtained a revamped API motivated by Zcash integration necessities. The earlier strategy generated randomizers in a method that relied on a single celebration’s randomness whereas the brand new API ensures all signing events contribute to the randomness, enhancing safety.
New capabilities embrace `RandomizedParams` created for producing a randomizer based mostly on signing commitments and recent random knowledge, and for recreating the identical randomizer from a saved seed.
Documentation Enhancements
Documentation was expanded to make clear safety necessities: authenticated and confidential channels are wanted for DKG (to forestall man-in-the-middle assaults throughout key technology), however solely authenticated channels are wanted for signing. Warnings about secp256k1 utilization have been added to assist customers perceive the safety issues.
A community topologies documentation part was added explaining the alternative ways FROST individuals may be organized. A FROST Server part and zcash-devtool demo part have additionally been added.
There are many breaking modifications, so please do take a look on the frost-core Changelog in addition to the frost-rerandomized Changelog for extra particulars earlier than upgrading.
Many due to @conradoplg, @natalieesk, @mpguerra, @StackOverflowExcept1on, @VolodymyrBg, @crStiv, @azuchi and @kwsantiago for his or her contributions.
Thanks for studying!
