FROST Ed448 TypeScript Library - v0.2.2-alpha.3
    Preparing search index...

    Interface Ed448Shake256Impl

    An implementation of the FROST(Ed448, SHAKE256) ciphersuite.

    This ciphersuite uses:

    • Ed448-Goldilocks curve for group operations
    • SHAKE256 XOF for hashing
    • 57-byte serialization for both scalars and points

    The ciphersuite follows RFC 9591 Section 6.3 specification.

    interface Ed448Shake256Impl {
        ID: "FROST-ED448-SHAKE256-v1";
        group: Ed448GroupImpl;
        Scalar: Ed448Scalar;
        Element: Ed448Point;
        VerifyingKey: VerifyingKey<Ed448Shake256Impl>;
        SigningKey: SigningKey<Ed448Shake256Impl>;
        scalarZero(): Ed448Scalar;
        scalarOne(): Ed448Scalar;
        scalarInvert(scalar: Ed448Scalar): Ed448Scalar;
        scalarRandom(rng: { fill(array: Uint8Array): void }): Ed448Scalar;
        serializeScalar(scalar: Ed448Scalar): Uint8Array;
        deserializeScalar(bytes: Uint8Array): Ed448Scalar;
        scalarAdd(a: Ed448Scalar, b: Ed448Scalar): Ed448Scalar;
        scalarSub(a: Ed448Scalar, b: Ed448Scalar): Ed448Scalar;
        scalarMul(a: Ed448Scalar, b: Ed448Scalar): Ed448Scalar;
        scalarsEqual(a: Ed448Scalar, b: Ed448Scalar): boolean;
        elementSize(): number;
        scalarSize(): number;
        cofactor(): Ed448Scalar;
        identity(): Ed448Point;
        generator(): Ed448Point;
        serializeElement(element: Ed448Point): Uint8Array;
        deserializeElement(bytes: Uint8Array): Ed448Point;
        elementAdd(a: Ed448Point, b: Ed448Point): Ed448Point;
        elementSub(a: Ed448Point, b: Ed448Point): Ed448Point;
        elementMul(element: Ed448Point, scalar: Ed448Scalar): Ed448Point;
        scalarBaseMult(scalar: Ed448Scalar): Ed448Point;
        elementsEqual(a: Ed448Point, b: Ed448Point): boolean;
        isIdentity(element: Ed448Point): boolean;
        H1(m: Uint8Array): Ed448Scalar;
        H2(m: Uint8Array): Ed448Scalar;
        H3(m: Uint8Array): Ed448Scalar;
        H4(m: Uint8Array): Uint8Array;
        H5(m: Uint8Array): Uint8Array;
        HDKG(m: Uint8Array): Ed448Scalar | null;
        HID(m: Uint8Array): Ed448Scalar | null;
        hashRandomizer(m: Uint8Array): Ed448Scalar | null;
        challenge(
            R: Ed448Point,
            verifyingKey: unknown,
            message: Uint8Array,
        ): Challenge<Ed448Shake256Impl>;
        computeBindingFactorList<C extends Ciphersuite>(
            signingPackage: SigningPackage<C>,
            verifyingKey: unknown,
            additionalPrefix: Uint8Array,
        ): BindingFactorList<C>;
        computeGroupCommitment<C extends Ciphersuite>(
            signingPackage: SigningPackage<C>,
            bindingFactorList: BindingFactorList<C>,
        ): GroupCommitment<C>;
        deriveInterpolatingValue<C extends Ciphersuite>(
            signerId: {
                toScalar(): unknown;
                serialize(): Uint8Array;
                clone(): unknown;
            },
            signingPackage: SigningPackage<C>,
        ): Ed448Scalar;
    }

    Implements

    • RandomizedCiphersuite
    Index

    Properties

    ID group Scalar Element VerifyingKey SigningKey

    Methods

    scalarZero scalarOne scalarInvert scalarRandom serializeScalar deserializeScalar scalarAdd scalarSub scalarMul scalarsEqual elementSize scalarSize cofactor identity generator serializeElement deserializeElement elementAdd elementSub elementMul scalarBaseMult elementsEqual isIdentity H1 H2 H3 H4 H5 HDKG HID hashRandomizer challenge computeBindingFactorList computeGroupCommitment deriveInterpolatingValue

    Properties

    ID: "FROST-ED448-SHAKE256-v1" = CONTEXT_STRING

    The ciphersuite ID string. It should be equal to the contextString in the spec. For new ciphersuites, this should be a string that identifies the ciphersuite; it's recommended to use a similar format to the ciphersuites in the FROST spec, e.g. "FROST-RISTRETTO255-SHA512-v1".

    group: Ed448GroupImpl

    The prime order group (or subgroup) that this ciphersuite operates over. Provides access to Field and Group operations in a hierarchical manner.

    Scalar: Ed448Scalar

    The scalar type for this ciphersuite

    Element: Ed448Point

    The element type for this ciphersuite

    VerifyingKey: VerifyingKey<Ed448Shake256Impl>

    The verifying key type

    SigningKey: SigningKey<Ed448Shake256Impl>

    The signing key type

    Methods

    • Returns the zero element of the field, the additive identity.

      Returns Ed448Scalar

    • Returns the one element of the field, the multiplicative identity.

      Returns Ed448Scalar

    • Computes the multiplicative inverse of an element of the scalar field.

      Parameters

      • scalar: Ed448Scalar

      Returns Ed448Scalar

      Error if the element is zero

    • Generate a random scalar from the entire space [0, l-1]

      Parameters

      • rng: { fill(array: Uint8Array): void }

      Returns Ed448Scalar

    • Serialize a scalar to bytes.

      Parameters

      • scalar: Ed448Scalar

      Returns Uint8Array

    • Deserialize a scalar from bytes.

      Parameters

      • bytes: Uint8Array

      Returns Ed448Scalar

      Error if the bytes are not a valid scalar encoding

    • Add two scalars.

      Parameters

      • a: Ed448Scalar
      • b: Ed448Scalar

      Returns Ed448Scalar

    • Subtract two scalars.

      Parameters

      • a: Ed448Scalar
      • b: Ed448Scalar

      Returns Ed448Scalar

    • Multiply two scalars.

      Parameters

      • a: Ed448Scalar
      • b: Ed448Scalar

      Returns Ed448Scalar

    • Check if two scalars are equal.

      Parameters

      • a: Ed448Scalar
      • b: Ed448Scalar

      Returns boolean

    • Returns the size in bytes of a serialized element.

      Returns number

    • Returns the size in bytes of a serialized scalar.

      Returns number

    • The order of the quotient group when the prime order subgroup divides the order of the full curve group. For prime order curves, this should return 1.

      Returns Ed448Scalar

    • Additive identity of the prime order group.

      Returns Ed448Point

    • The fixed generator element of the prime order group.

      Returns Ed448Point

    • Serialize an element to bytes.

      Parameters

      • element: Ed448Point

      Returns Uint8Array

      Error if the element is the identity

    • Deserialize an element from bytes.

      Parameters

      • bytes: Uint8Array

      Returns Ed448Point

      Error if the bytes are not a valid element encoding or represent the identity

    • Add two group elements.

      Parameters

      • a: Ed448Point
      • b: Ed448Point

      Returns Ed448Point

    • Subtract two group elements.

      Parameters

      • a: Ed448Point
      • b: Ed448Point

      Returns Ed448Point

    • Multiply a group element by a scalar.

      Parameters

      • element: Ed448Point
      • scalar: Ed448Scalar

      Returns Ed448Point

    • Scalar multiplication with the generator (g * scalar).

      Parameters

      • scalar: Ed448Scalar

      Returns Ed448Point

    • Check if two elements are equal.

      Parameters

      • a: Ed448Point
      • b: Ed448Point

      Returns boolean

    • Check if an element is the identity.

      Parameters

      • element: Ed448Point

      Returns boolean

    • HDKG for FROST(Ed448, SHAKE256)

      HDKG(m) = SHAKE256("FROST-ED448-SHAKE256-v1" || "dkg" || m, 114)

      Used for distributed key generation.

      Parameters

      • m: Uint8Array

      Returns Ed448Scalar | null

    • HID for FROST(Ed448, SHAKE256)

      HID(m) = SHAKE256("FROST-ED448-SHAKE256-v1" || "id" || m, 114)

      Used for deriving identifiers from arbitrary byte strings.

      Parameters

      • m: Uint8Array

      Returns Ed448Scalar | null

    • hashRandomizer for RandomizedCiphersuite

      hashRandomizer(m) = SHAKE256("FROST-ED448-SHAKE256-v1" || "randomizer" || m, 114)

      Used for re-randomized FROST signatures.

      Parameters

      • m: Uint8Array

      Returns Ed448Scalar | null

    • Compute the signature challenge.

      For Ed448, this follows the standard Ed448 signature challenge computation to ensure signatures are compatible with standard Ed448 verification.

      Parameters

      • R: Ed448Point
      • verifyingKey: unknown
      • message: Uint8Array

      Returns Challenge<Ed448Shake256Impl>

    • Compute binding factors for all participants.

      Type Parameters

      Parameters

      • signingPackage: SigningPackage<C>
      • verifyingKey: unknown
      • additionalPrefix: Uint8Array

      Returns BindingFactorList<C>

    • Compute the group commitment from all signing commitments.

      Type Parameters

      Parameters

      • signingPackage: SigningPackage<C>
      • bindingFactorList: BindingFactorList<C>

      Returns GroupCommitment<C>

    • Derive the interpolating value (Lagrange coefficient) for a participant.

      Type Parameters

      Parameters

      • signerId: { toScalar(): unknown; serialize(): Uint8Array; clone(): unknown }
      • signingPackage: SigningPackage<C>

      Returns Ed448Scalar

    Settings

    Member Visibility

    On This Page

    Properties
    Methods