FROST P-256 TypeScript Library - v0.2.2-alpha.3
    Preparing search index...

    Interface P256Sha256Impl

    An implementation of the FROST(P-256, SHA-256) ciphersuite.

    This ciphersuite uses:

    • P-256 group (NIST P-256 / secp256r1) for group operations
    • SHA-256 for hashing
    • 32-byte scalars (big-endian)
    • 33-byte SEC1 compressed points

    The ciphersuite follows RFC 9591 Section 6.4 specification.

    interface P256Sha256Impl {
        ID: "FROST-P256-SHA256-v1";
        group: P256GroupImpl;
        Scalar: P256Scalar;
        Element: P256Point;
        VerifyingKey: VerifyingKey<P256Sha256Impl>;
        SigningKey: SigningKey<P256Sha256Impl>;
        scalarZero(): P256Scalar;
        scalarOne(): P256Scalar;
        scalarInvert(scalar: P256Scalar): P256Scalar;
        scalarRandom(rng: { fill(array: Uint8Array): void }): P256Scalar;
        serializeScalar(scalar: P256Scalar): Uint8Array;
        deserializeScalar(bytes: Uint8Array): P256Scalar;
        scalarAdd(a: P256Scalar, b: P256Scalar): P256Scalar;
        scalarSub(a: P256Scalar, b: P256Scalar): P256Scalar;
        scalarMul(a: P256Scalar, b: P256Scalar): P256Scalar;
        scalarsEqual(a: P256Scalar, b: P256Scalar): boolean;
        elementSize(): number;
        scalarSize(): number;
        cofactor(): P256Scalar;
        identity(): P256Point;
        generator(): P256Point;
        serializeElement(element: P256Point): Uint8Array;
        deserializeElement(bytes: Uint8Array): P256Point;
        elementAdd(a: P256Point, b: P256Point): P256Point;
        elementSub(a: P256Point, b: P256Point): P256Point;
        elementMul(element: P256Point, scalar: P256Scalar): P256Point;
        scalarBaseMult(scalar: P256Scalar): P256Point;
        elementsEqual(a: P256Point, b: P256Point): boolean;
        isIdentity(element: P256Point): boolean;
        H1(m: Uint8Array): P256Scalar;
        H2(m: Uint8Array): P256Scalar;
        H3(m: Uint8Array): P256Scalar;
        H4(m: Uint8Array): Uint8Array;
        H5(m: Uint8Array): Uint8Array;
        HDKG(m: Uint8Array): P256Scalar | null;
        HID(m: Uint8Array): P256Scalar | null;
        hashRandomizer(m: Uint8Array): P256Scalar | null;
        challenge(
            R: P256Point,
            verifyingKey: unknown,
            message: Uint8Array,
        ): Challenge<P256Sha256Impl>;
        computeBindingFactorList<C extends Ciphersuite>(
            signingPackage: SigningPackage<C>,
            verifyingKey: unknown,
            additionalPrefix: Uint8Array,
        ): BindingFactorList<C>;
        computeGroupCommitment<C extends Ciphersuite>(
            signingPackage: SigningPackage<C>,
            bindingFactorList: BindingFactorList<C>,
        ): GroupCommitment<C>;
        deriveInterpolatingValue<C extends Ciphersuite>(
            signerId: {
                toScalar(): unknown;
                serialize(): Uint8Array;
                clone(): unknown;
            },
            signingPackage: SigningPackage<C>,
        ): P256Scalar;
    }

    Implements

    • RandomizedCiphersuite
    Index

    Properties

    ID group Scalar Element VerifyingKey SigningKey

    Methods

    scalarZero scalarOne scalarInvert scalarRandom serializeScalar deserializeScalar scalarAdd scalarSub scalarMul scalarsEqual elementSize scalarSize cofactor identity generator serializeElement deserializeElement elementAdd elementSub elementMul scalarBaseMult elementsEqual isIdentity H1 H2 H3 H4 H5 HDKG HID hashRandomizer challenge computeBindingFactorList computeGroupCommitment deriveInterpolatingValue

    Properties

    ID: "FROST-P256-SHA256-v1" = CONTEXT_STRING

    The ciphersuite ID string. It should be equal to the contextString in the spec. For new ciphersuites, this should be a string that identifies the ciphersuite; it's recommended to use a similar format to the ciphersuites in the FROST spec, e.g. "FROST-RISTRETTO255-SHA512-v1".

    group: P256GroupImpl

    The prime order group (or subgroup) that this ciphersuite operates over. Provides access to Field and Group operations in a hierarchical manner.

    Scalar: P256Scalar

    The scalar type for this ciphersuite

    Element: P256Point

    The element type for this ciphersuite

    VerifyingKey: VerifyingKey<P256Sha256Impl>

    The verifying key type

    SigningKey: SigningKey<P256Sha256Impl>

    The signing key type

    Methods

    • Returns the zero element of the field, the additive identity.

      Returns P256Scalar

    • Returns the one element of the field, the multiplicative identity.

      Returns P256Scalar

    • Computes the multiplicative inverse of an element of the scalar field.

      Parameters

      • scalar: P256Scalar

      Returns P256Scalar

      Error if the element is zero

    • Generate a random scalar from the entire space [0, l-1]

      Parameters

      • rng: { fill(array: Uint8Array): void }

      Returns P256Scalar

    • Serialize a scalar to bytes.

      Parameters

      • scalar: P256Scalar

      Returns Uint8Array

    • Deserialize a scalar from bytes.

      Parameters

      • bytes: Uint8Array

      Returns P256Scalar

      Error if the bytes are not a valid scalar encoding

    • Add two scalars.

      Parameters

      • a: P256Scalar
      • b: P256Scalar

      Returns P256Scalar

    • Subtract two scalars.

      Parameters

      • a: P256Scalar
      • b: P256Scalar

      Returns P256Scalar

    • Multiply two scalars.

      Parameters

      • a: P256Scalar
      • b: P256Scalar

      Returns P256Scalar

    • Check if two scalars are equal.

      Parameters

      • a: P256Scalar
      • b: P256Scalar

      Returns boolean

    • Returns the size in bytes of a serialized element.

      Returns number

    • Returns the size in bytes of a serialized scalar.

      Returns number

    • The order of the quotient group when the prime order subgroup divides the order of the full curve group. For prime order curves, this should return 1.

      Returns P256Scalar

    • Additive identity of the prime order group.

      Returns P256Point

    • The fixed generator element of the prime order group.

      Returns P256Point

    • Serialize an element to bytes.

      Parameters

      • element: P256Point

      Returns Uint8Array

      Error if the element is the identity

    • Deserialize an element from bytes.

      Parameters

      • bytes: Uint8Array

      Returns P256Point

      Error if the bytes are not a valid element encoding or represent the identity

    • Add two group elements.

      Parameters

      • a: P256Point
      • b: P256Point

      Returns P256Point

    • Subtract two group elements.

      Parameters

      • a: P256Point
      • b: P256Point

      Returns P256Point

    • Multiply a group element by a scalar.

      Parameters

      • element: P256Point
      • scalar: P256Scalar

      Returns P256Point

    • Scalar multiplication with the generator (g * scalar).

      Parameters

      • scalar: P256Scalar

      Returns P256Point

    • Check if two elements are equal.

      Parameters

      • a: P256Point
      • b: P256Point

      Returns boolean

    • Check if an element is the identity.

      Parameters

      • element: P256Point

      Returns boolean

    • HDKG for FROST(P-256, SHA-256)

      HDKG(m) = hash_to_field(m, "FROST-P256-SHA256-v1" || "dkg")

      Used for distributed key generation.

      Parameters

      • m: Uint8Array

      Returns P256Scalar | null

    • HID for FROST(P-256, SHA-256)

      HID(m) = hash_to_field(m, "FROST-P256-SHA256-v1" || "id")

      Used for deriving identifiers from arbitrary byte strings.

      Parameters

      • m: Uint8Array

      Returns P256Scalar | null

    • hashRandomizer for RandomizedCiphersuite

      hashRandomizer(m) = hash_to_field(m, "FROST-P256-SHA256-v1" || "randomizer")

      Used for re-randomized FROST signatures.

      Parameters

      • m: Uint8Array

      Returns P256Scalar | null

    • Compute the signature challenge.

      For P-256, this follows the FROST challenge computation from RFC 9591 Section 6.4.

      Parameters

      • R: P256Point
      • verifyingKey: unknown
      • message: Uint8Array

      Returns Challenge<P256Sha256Impl>

    • Compute binding factors for all participants.

      Type Parameters

      Parameters

      • signingPackage: SigningPackage<C>
      • verifyingKey: unknown
      • additionalPrefix: Uint8Array

      Returns BindingFactorList<C>

    • Compute the group commitment from all signing commitments.

      Type Parameters

      Parameters

      • signingPackage: SigningPackage<C>
      • bindingFactorList: BindingFactorList<C>

      Returns GroupCommitment<C>

    • Derive the interpolating value (Lagrange coefficient) for a participant.

      Type Parameters

      Parameters

      • signerId: { toScalar(): unknown; serialize(): Uint8Array; clone(): unknown }
      • signingPackage: SigningPackage<C>

      Returns P256Scalar

    Settings

    Member Visibility

    On This Page

    Properties
    Methods