FROST Core TypeScript Library - v0.2.2-alpha.3
    Preparing search index...

    Interface Ciphersuite

    A FROST ciphersuite specifies the underlying prime-order group details and cryptographic hash function.

    This is the unified Ciphersuite interface that combines both hierarchical access (via group) and flattened methods for convenience.

    https://datatracker.ietf.org/doc/html/rfc9591#name-ciphersuites

    interface Ciphersuite {
        ID: string;
        group: Group;
        Scalar: unknown;
        Element: unknown;
        VerifyingKey: unknown;
        SigningKey: unknown;
        SIGNATURE_LENGTH?: number;
        scalarZero(): unknown;
        scalarOne(): unknown;
        scalarInvert(scalar: unknown): unknown;
        scalarRandom(rng: { fill(array: Uint8Array): void }): unknown;
        serializeScalar(scalar: unknown): Uint8Array;
        deserializeScalar(bytes: Uint8Array): unknown;
        scalarAdd(a: unknown, b: unknown): unknown;
        scalarSub(a: unknown, b: unknown): unknown;
        scalarMul(a: unknown, b: unknown): unknown;
        scalarsEqual(a: unknown, b: unknown): boolean;
        elementSize(): number;
        scalarSize(): number;
        cofactor(): unknown;
        identity(): unknown;
        generator(): unknown;
        serializeElement(element: unknown): Uint8Array;
        deserializeElement(bytes: Uint8Array): unknown;
        elementAdd(a: unknown, b: unknown): unknown;
        elementSub(a: unknown, b: unknown): unknown;
        elementMul(element: unknown, scalar: unknown): unknown;
        scalarBaseMult(scalar: unknown): unknown;
        elementsEqual(a: unknown, b: unknown): boolean;
        isIdentity(element: unknown): boolean;
        H1(m: Uint8Array): unknown;
        H2(m: Uint8Array): unknown;
        H3(m: Uint8Array): unknown;
        H4(m: Uint8Array): Uint8Array;
        H5(m: Uint8Array): Uint8Array;
        HDKG?(m: Uint8Array): unknown;
        HID?(m: Uint8Array): unknown;
        singleSign?(
            signingKey: unknown,
            message: Uint8Array,
            rng: { fill(array: Uint8Array): void },
        ): unknown;
        verifySignature?(
            verifyingKey: unknown,
            message: Uint8Array,
            signature: unknown,
        ): boolean;
        serializeSignature?(signature: unknown): Uint8Array;
        deserializeSignature?(bytes: Uint8Array): unknown;
        challenge(
            R: unknown,
            verifyingKey: unknown,
            message: Uint8Array,
        ): Challenge<Ciphersuite>;
        preSign?<C extends Ciphersuite>(
            signingPackage: SigningPackage<C>,
            signerNonces: SigningNoncesLike<C>,
            keyPackage: KeyPackageLike<C>,
        ): {
            signingPackage: SigningPackage<C>;
            signerNonces: SigningNoncesLike<C>;
            keyPackage: KeyPackageLike<C>;
        };
        preCommitmentSign?<C extends Ciphersuite>(
            signingPackage: SigningPackage<C>,
            signingNonces: SigningNoncesLike<C>,
            bindingFactorList: BindingFactorList<C>,
        ): {
            signingPackage: SigningPackage<C>;
            signerNonces: SigningNoncesLike<C>;
        };
        computeSignatureShare?<C extends Ciphersuite>(
            groupCommitment: GroupCommitment<C>,
            signerNonces: SigningNoncesLike<C>,
            bindingFactor: BindingFactor<C>,
            lambdaI: unknown,
            keyPackage: KeyPackageLike<C>,
            challenge: Challenge<C>,
        ): SignatureShareLike<C>;
        verifyShare?<C extends Ciphersuite>(
            groupCommitment: GroupCommitment<C>,
            signatureShare: SignatureShareLike<C>,
            identifier: IdentifierLike<C>,
            groupCommitmentShare: GroupCommitmentShareLike<C>,
            verifyingShare: VerifyingShareLike<C>,
            lambdaI: unknown,
            challenge: Challenge<C>,
            groupVerifyingKey?: unknown,
        ): void;
        computeBindingFactorList<C extends Ciphersuite>(
            signingPackage: SigningPackage<C>,
            verifyingKey: unknown,
            additionalPrefix: Uint8Array,
        ): BindingFactorList<C>;
        computeGroupCommitment<C extends Ciphersuite>(
            signingPackage: SigningPackage<C>,
            bindingFactorList: BindingFactorList<C>,
        ): GroupCommitment<C>;
        deriveInterpolatingValue<C extends Ciphersuite>(
            signerId: IdentifierLike<C>,
            signingPackage: SigningPackage<C>,
        ): unknown;
        postDkg?<C extends Ciphersuite>(
            keyPackage: KeyPackageLike<C>,
            publicKeyPackage: PublicKeyPackageLike<C>,
        ): [KeyPackageLike<C>, PublicKeyPackageLike<C>];
    }
    Index

    Properties

    ID group Scalar Element VerifyingKey SigningKey SIGNATURE_LENGTH?

    Methods

    scalarZero scalarOne scalarInvert scalarRandom serializeScalar deserializeScalar scalarAdd scalarSub scalarMul scalarsEqual elementSize scalarSize cofactor identity generator serializeElement deserializeElement elementAdd elementSub elementMul scalarBaseMult elementsEqual isIdentity H1 H2 H3 H4 H5 HDKG? HID? singleSign? verifySignature? serializeSignature? deserializeSignature? challenge preSign? preCommitmentSign? computeSignatureShare? verifyShare? computeBindingFactorList computeGroupCommitment deriveInterpolatingValue postDkg?

    Properties

    ID: string

    The ciphersuite ID string. It should be equal to the contextString in the spec. For new ciphersuites, this should be a string that identifies the ciphersuite; it's recommended to use a similar format to the ciphersuites in the FROST spec, e.g. "FROST-RISTRETTO255-SHA512-v1".

    group: Group

    The prime order group (or subgroup) that this ciphersuite operates over. Provides access to Field and Group operations in a hierarchical manner.

    Scalar: unknown

    The scalar type for this ciphersuite

    Element: unknown

    The element type for this ciphersuite

    VerifyingKey: unknown

    The verifying key type

    SigningKey: unknown

    The signing key type

    SIGNATURE_LENGTH?: number

    The length of a serialized signature in bytes. Defaults to elementSize() + scalarSize() if not specified. For BIP-340/Taproot ciphersuites this is typically 64 (2 * scalarSize).

    Methods

    • Returns the zero element of the field, the additive identity.

      Returns unknown

    • Returns the one element of the field, the multiplicative identity.

      Returns unknown

    • Computes the multiplicative inverse of an element of the scalar field.

      Parameters

      • scalar: unknown

      Returns unknown

      Error if the element is zero

    • Generate a random scalar from the entire space [0, l-1]

      Parameters

      • rng: { fill(array: Uint8Array): void }

      Returns unknown

    • Serialize a scalar to bytes.

      Parameters

      • scalar: unknown

      Returns Uint8Array

    • Deserialize a scalar from bytes.

      Parameters

      • bytes: Uint8Array

      Returns unknown

      Error if the bytes are not a valid scalar encoding

    • Add two scalars.

      Parameters

      • a: unknown
      • b: unknown

      Returns unknown

    • Subtract two scalars.

      Parameters

      • a: unknown
      • b: unknown

      Returns unknown

    • Multiply two scalars.

      Parameters

      • a: unknown
      • b: unknown

      Returns unknown

    • Check if two scalars are equal.

      Parameters

      • a: unknown
      • b: unknown

      Returns boolean

    • Returns the size in bytes of a serialized element.

      Returns number

    • Returns the size in bytes of a serialized scalar.

      Returns number

    • The order of the quotient group when the prime order subgroup divides the order of the full curve group. For prime order curves, this should return 1.

      Returns unknown

    • Additive identity of the prime order group.

      Returns unknown

    • The fixed generator element of the prime order group.

      Returns unknown

    • Serialize an element to bytes.

      Parameters

      • element: unknown

      Returns Uint8Array

      Error if the element is the identity

    • Deserialize an element from bytes.

      Parameters

      • bytes: Uint8Array

      Returns unknown

      Error if the bytes are not a valid element encoding or represent the identity

    • Add two group elements.

      Parameters

      • a: unknown
      • b: unknown

      Returns unknown

    • Subtract two group elements.

      Parameters

      • a: unknown
      • b: unknown

      Returns unknown

    • Multiply a group element by a scalar.

      Parameters

      • element: unknown
      • scalar: unknown

      Returns unknown

    • Scalar multiplication with the generator (g * scalar).

      Parameters

      • scalar: unknown

      Returns unknown

    • Check if two elements are equal.

      Parameters

      • a: unknown
      • b: unknown

      Returns boolean

    • Check if an element is the identity.

      Parameters

      • element: unknown

      Returns boolean

    • Hash function for a FROST ciphersuite, used for the DKG.

      The DKG is not part of the specification, thus this is optional. Returns null if DKG is not supported by the Ciphersuite.

      Maps arbitrary inputs to non-zero Scalar elements of the prime-order group scalar field.

      Parameters

      • m: Uint8Array

      Returns unknown

    • Hash function for a FROST ciphersuite, used for deriving identifiers from strings.

      This feature is not part of the specification and is just a convenient way of creating identifiers. Returns null if this is not supported.

      Maps arbitrary inputs to non-zero Scalar elements of the prime-order group scalar field.

      Parameters

      • m: Uint8Array

      Returns unknown

    • Optional. Single-signer Schnorr signing. If provided, allows for optimized single-party signing without the full FROST protocol.

      Parameters

      • signingKey: unknown
      • message: Uint8Array
      • rng: { fill(array: Uint8Array): void }

      Returns unknown

    • Optional. Verify a Schnorr signature. If provided, allows for direct signature verification without going through FROST.

      Parameters

      • verifyingKey: unknown
      • message: Uint8Array
      • signature: unknown

      Returns boolean

    • Optional. Serialize a signature to bytes. If provided, allows for custom signature serialization.

      Parameters

      • signature: unknown

      Returns Uint8Array

    • Optional. Deserialize a signature from bytes. If provided, allows for custom signature deserialization.

      Parameters

      • bytes: Uint8Array

      Returns unknown

    • Optional. Generates the challenge as is required for Schnorr signatures. Called by round2.sign() and aggregate().

      Parameters

      • R: unknown
      • verifyingKey: unknown
      • message: Uint8Array

      Returns Challenge<Ciphersuite>

    • Optional. Post-process DKG output (called at the end of part3). Used for ciphersuites that need to apply transformations after DKG, such as taproot tweaking for secp256k1-tr.

      Type Parameters

      Parameters

      Returns [KeyPackageLike<C>, PublicKeyPackageLike<C>]

    Settings

    Member Visibility

    On This Page

    Properties
    Methods