FROST Rerandomized TypeScript Library - v0.2.2-alpha.3
    Preparing search index...

    Interface RandomizedCiphersuite

    A Ciphersuite that supports rerandomization.

    This interface extends the base Ciphersuite with an additional hash function that maps arbitrary inputs to a randomizer scalar.

    The underlying ciphersuite type

    interface RandomizedCiphersuite {
        ID: string;
        group: Group;
        Scalar: unknown;
        Element: unknown;
        VerifyingKey: unknown;
        SigningKey: unknown;
        SIGNATURE_LENGTH?: number;
        scalarZero(): unknown;
        scalarOne(): unknown;
        scalarInvert(scalar: unknown): unknown;
        scalarRandom(rng: { fill(array: Uint8Array): void }): unknown;
        serializeScalar(scalar: unknown): Uint8Array;
        deserializeScalar(bytes: Uint8Array): unknown;
        scalarAdd(a: unknown, b: unknown): unknown;
        scalarSub(a: unknown, b: unknown): unknown;
        scalarMul(a: unknown, b: unknown): unknown;
        scalarsEqual(a: unknown, b: unknown): boolean;
        elementSize(): number;
        scalarSize(): number;
        cofactor(): unknown;
        identity(): unknown;
        generator(): unknown;
        serializeElement(element: unknown): Uint8Array;
        deserializeElement(bytes: Uint8Array): unknown;
        elementAdd(a: unknown, b: unknown): unknown;
        elementSub(a: unknown, b: unknown): unknown;
        elementMul(element: unknown, scalar: unknown): unknown;
        scalarBaseMult(scalar: unknown): unknown;
        elementsEqual(a: unknown, b: unknown): boolean;
        isIdentity(element: unknown): boolean;
        H1(m: Uint8Array): unknown;
        H2(m: Uint8Array): unknown;
        H3(m: Uint8Array): unknown;
        H4(m: Uint8Array): Uint8Array;
        H5(m: Uint8Array): Uint8Array;
        HDKG?(m: Uint8Array): unknown;
        HID?(m: Uint8Array): unknown;
        singleSign?(
            signingKey: unknown,
            message: Uint8Array,
            rng: { fill(array: Uint8Array): void },
        ): unknown;
        verifySignature?(
            verifyingKey: unknown,
            message: Uint8Array,
            signature: unknown,
        ): boolean;
        serializeSignature?(signature: unknown): Uint8Array;
        deserializeSignature?(bytes: Uint8Array): unknown;
        challenge(
            R: unknown,
            verifyingKey: unknown,
            message: Uint8Array,
        ): Challenge<RandomizedCiphersuite>;
        preSign?<C extends Ciphersuite>(
            signingPackage: SigningPackage<C>,
            signerNonces: SigningNoncesLike<C>,
            keyPackage: KeyPackageLike<C>,
        ): {
            signingPackage: SigningPackage<C>;
            signerNonces: SigningNoncesLike<C>;
            keyPackage: KeyPackageLike<C>;
        };
        preCommitmentSign?<C extends Ciphersuite>(
            signingPackage: SigningPackage<C>,
            signingNonces: SigningNoncesLike<C>,
            bindingFactorList: BindingFactorList<C>,
        ): {
            signingPackage: SigningPackage<C>;
            signerNonces: SigningNoncesLike<C>;
        };
        computeSignatureShare?<C extends Ciphersuite>(
            groupCommitment: GroupCommitment<C>,
            signerNonces: SigningNoncesLike<C>,
            bindingFactor: BindingFactor<C>,
            lambdaI: unknown,
            keyPackage: KeyPackageLike<C>,
            challenge: Challenge<C>,
        ): SignatureShareLike<C>;
        verifyShare?<C extends Ciphersuite>(
            groupCommitment: GroupCommitment<C>,
            signatureShare: SignatureShareLike<C>,
            identifier: IdentifierLike<C>,
            groupCommitmentShare: GroupCommitmentShareLike<C>,
            verifyingShare: VerifyingShareLike<C>,
            lambdaI: unknown,
            challenge: Challenge<C>,
            groupVerifyingKey?: unknown,
        ): void;
        computeBindingFactorList<C extends Ciphersuite>(
            signingPackage: SigningPackage<C>,
            verifyingKey: unknown,
            additionalPrefix: Uint8Array,
        ): BindingFactorList<C>;
        computeGroupCommitment<C extends Ciphersuite>(
            signingPackage: SigningPackage<C>,
            bindingFactorList: BindingFactorList<C>,
        ): GroupCommitment<C>;
        deriveInterpolatingValue<C extends Ciphersuite>(
            signerId: IdentifierLike<C>,
            signingPackage: SigningPackage<C>,
        ): unknown;
        postDkg?<C extends Ciphersuite>(
            keyPackage: KeyPackageLike<C>,
            publicKeyPackage: PublicKeyPackageLike<C>,
        ): [KeyPackageLike<C>, PublicKeyPackageLike<C>];
        hashRandomizer(m: Uint8Array): unknown;
    }

    Hierarchy (View Summary)

    Index

    Properties

    ID group Scalar Element VerifyingKey SigningKey SIGNATURE_LENGTH?

    Methods

    scalarZero scalarOne scalarInvert scalarRandom serializeScalar deserializeScalar scalarAdd scalarSub scalarMul scalarsEqual elementSize scalarSize cofactor identity generator serializeElement deserializeElement elementAdd elementSub elementMul scalarBaseMult elementsEqual isIdentity H1 H2 H3 H4 H5 HDKG? HID? singleSign? verifySignature? serializeSignature? deserializeSignature? challenge preSign? preCommitmentSign? computeSignatureShare? verifyShare? computeBindingFactorList computeGroupCommitment deriveInterpolatingValue postDkg? hashRandomizer

    Properties

    ID: string

    The ciphersuite ID string. It should be equal to the contextString in the spec. For new ciphersuites, this should be a string that identifies the ciphersuite; it's recommended to use a similar format to the ciphersuites in the FROST spec, e.g. "FROST-RISTRETTO255-SHA512-v1".

    group: Group

    The prime order group (or subgroup) that this ciphersuite operates over. Provides access to Field and Group operations in a hierarchical manner.

    Scalar: unknown

    The scalar type for this ciphersuite

    Element: unknown

    The element type for this ciphersuite

    VerifyingKey: unknown

    The verifying key type

    SigningKey: unknown

    The signing key type

    SIGNATURE_LENGTH?: number

    The length of a serialized signature in bytes. Defaults to elementSize() + scalarSize() if not specified. For BIP-340/Taproot ciphersuites this is typically 64 (2 * scalarSize).

    Methods

    • Returns the zero element of the field, the additive identity.

      Returns unknown

    • Returns the one element of the field, the multiplicative identity.

      Returns unknown

    • Computes the multiplicative inverse of an element of the scalar field.

      Parameters

      • scalar: unknown

      Returns unknown

      Error if the element is zero

    • Generate a random scalar from the entire space [0, l-1]

      Parameters

      • rng: { fill(array: Uint8Array): void }

      Returns unknown

    • Serialize a scalar to bytes.

      Parameters

      • scalar: unknown

      Returns Uint8Array

    • Deserialize a scalar from bytes.

      Parameters

      • bytes: Uint8Array

      Returns unknown

      Error if the bytes are not a valid scalar encoding

    • Add two scalars.

      Parameters

      • a: unknown
      • b: unknown

      Returns unknown

    • Subtract two scalars.

      Parameters

      • a: unknown
      • b: unknown

      Returns unknown

    • Multiply two scalars.

      Parameters

      • a: unknown
      • b: unknown

      Returns unknown

    • Check if two scalars are equal.

      Parameters

      • a: unknown
      • b: unknown

      Returns boolean

    • Returns the size in bytes of a serialized element.

      Returns number

    • Returns the size in bytes of a serialized scalar.

      Returns number

    • The order of the quotient group when the prime order subgroup divides the order of the full curve group. For prime order curves, this should return 1.

      Returns unknown

    • Additive identity of the prime order group.

      Returns unknown

    • The fixed generator element of the prime order group.

      Returns unknown

    • Serialize an element to bytes.

      Parameters

      • element: unknown

      Returns Uint8Array

      Error if the element is the identity

    • Deserialize an element from bytes.

      Parameters

      • bytes: Uint8Array

      Returns unknown

      Error if the bytes are not a valid element encoding or represent the identity

    • Add two group elements.

      Parameters

      • a: unknown
      • b: unknown

      Returns unknown

    • Subtract two group elements.

      Parameters

      • a: unknown
      • b: unknown

      Returns unknown

    • Multiply a group element by a scalar.

      Parameters

      • element: unknown
      • scalar: unknown

      Returns unknown

    • Scalar multiplication with the generator (g * scalar).

      Parameters

      • scalar: unknown

      Returns unknown

    • Check if two elements are equal.

      Parameters

      • a: unknown
      • b: unknown

      Returns boolean

    • Check if an element is the identity.

      Parameters

      • element: unknown

      Returns boolean

    • Hash function for a FROST ciphersuite, used for the DKG.

      The DKG is not part of the specification, thus this is optional. Returns null if DKG is not supported by the Ciphersuite.

      Maps arbitrary inputs to non-zero Scalar elements of the prime-order group scalar field.

      Parameters

      • m: Uint8Array

      Returns unknown

    • Hash function for a FROST ciphersuite, used for deriving identifiers from strings.

      This feature is not part of the specification and is just a convenient way of creating identifiers. Returns null if this is not supported.

      Maps arbitrary inputs to non-zero Scalar elements of the prime-order group scalar field.

      Parameters

      • m: Uint8Array

      Returns unknown

    • Optional. Single-signer Schnorr signing. If provided, allows for optimized single-party signing without the full FROST protocol.

      Parameters

      • signingKey: unknown
      • message: Uint8Array
      • rng: { fill(array: Uint8Array): void }

      Returns unknown

    • Optional. Verify a Schnorr signature. If provided, allows for direct signature verification without going through FROST.

      Parameters

      • verifyingKey: unknown
      • message: Uint8Array
      • signature: unknown

      Returns boolean

    • Optional. Serialize a signature to bytes. If provided, allows for custom signature serialization.

      Parameters

      • signature: unknown

      Returns Uint8Array

    • Optional. Deserialize a signature from bytes. If provided, allows for custom signature deserialization.

      Parameters

      • bytes: Uint8Array

      Returns unknown

    • Optional. Generates the challenge as is required for Schnorr signatures. Called by round2.sign() and aggregate().

      Parameters

      • R: unknown
      • verifyingKey: unknown
      • message: Uint8Array

      Returns Challenge<RandomizedCiphersuite>

    • Optional. Post-process DKG output (called at the end of part3). Used for ciphersuites that need to apply transformations after DKG, such as taproot tweaking for secp256k1-tr.

      Type Parameters

      Parameters

      Returns [KeyPackageLike<C>, PublicKeyPackageLike<C>]

    • A hash function that hashes into a randomizer scalar.

      Maps arbitrary inputs to Scalar elements of the prime-order group scalar field. Returns null if the hash fails (e.g., if the result is zero or invalid).

      Parameters

      • m: Uint8Array

        The input bytes to hash

      Returns unknown

      The randomizer scalar, or null if hashing fails

    Settings

    Member Visibility

    On This Page

    Properties
    Methods