FROST ristretto255 TypeScript Library - v0.2.2-alpha.3
    Preparing search index...

    Interface Ristretto255Sha512Impl

    An implementation of the FROST(ristretto255, SHA-512) ciphersuite.

    This ciphersuite uses:

    • ristretto255 group for group operations
    • SHA-512 for hashing
    • 32-byte serialization for both scalars and points

    The ciphersuite follows RFC 9591 Section 6.2 specification.

    interface Ristretto255Sha512Impl {
        ID: "FROST-RISTRETTO255-SHA512-v1";
        group: RistrettoGroupImpl;
        Scalar: Ristretto255Scalar;
        Element: Ristretto255Point;
        VerifyingKey: VerifyingKey<Ristretto255Sha512Impl>;
        SigningKey: SigningKey<Ristretto255Sha512Impl>;
        scalarZero(): Ristretto255Scalar;
        scalarOne(): Ristretto255Scalar;
        scalarInvert(scalar: Ristretto255Scalar): Ristretto255Scalar;
        scalarRandom(rng: { fill(array: Uint8Array): void }): Ristretto255Scalar;
        serializeScalar(scalar: Ristretto255Scalar): Uint8Array;
        deserializeScalar(bytes: Uint8Array): Ristretto255Scalar;
        scalarAdd(a: Ristretto255Scalar, b: Ristretto255Scalar): Ristretto255Scalar;
        scalarSub(a: Ristretto255Scalar, b: Ristretto255Scalar): Ristretto255Scalar;
        scalarMul(a: Ristretto255Scalar, b: Ristretto255Scalar): Ristretto255Scalar;
        scalarsEqual(a: Ristretto255Scalar, b: Ristretto255Scalar): boolean;
        elementSize(): number;
        scalarSize(): number;
        cofactor(): Ristretto255Scalar;
        identity(): Ristretto255Point;
        generator(): Ristretto255Point;
        serializeElement(element: Ristretto255Point): Uint8Array;
        deserializeElement(bytes: Uint8Array): Ristretto255Point;
        elementAdd(a: Ristretto255Point, b: Ristretto255Point): Ristretto255Point;
        elementSub(a: Ristretto255Point, b: Ristretto255Point): Ristretto255Point;
        elementMul(
            element: Ristretto255Point,
            scalar: Ristretto255Scalar,
        ): Ristretto255Point;
        scalarBaseMult(scalar: Ristretto255Scalar): Ristretto255Point;
        elementsEqual(a: Ristretto255Point, b: Ristretto255Point): boolean;
        isIdentity(element: Ristretto255Point): boolean;
        H1(m: Uint8Array): Ristretto255Scalar;
        H2(m: Uint8Array): Ristretto255Scalar;
        H3(m: Uint8Array): Ristretto255Scalar;
        H4(m: Uint8Array): Uint8Array;
        H5(m: Uint8Array): Uint8Array;
        HDKG(m: Uint8Array): Ristretto255Scalar | null;
        HID(m: Uint8Array): Ristretto255Scalar | null;
        hashRandomizer(m: Uint8Array): Ristretto255Scalar | null;
        challenge(
            R: Ristretto255Point,
            verifyingKey: unknown,
            message: Uint8Array,
        ): Challenge<Ristretto255Sha512Impl>;
        computeBindingFactorList<C extends Ciphersuite>(
            signingPackage: SigningPackage<C>,
            verifyingKey: unknown,
            additionalPrefix: Uint8Array,
        ): BindingFactorList<C>;
        computeGroupCommitment<C extends Ciphersuite>(
            signingPackage: SigningPackage<C>,
            bindingFactorList: BindingFactorList<C>,
        ): GroupCommitment<C>;
        deriveInterpolatingValue<C extends Ciphersuite>(
            signerId: {
                toScalar(): unknown;
                serialize(): Uint8Array;
                clone(): unknown;
            },
            signingPackage: SigningPackage<C>,
        ): Ristretto255Scalar;
    }

    Implements

    • RandomizedCiphersuite
    Index

    Properties

    ID group Scalar Element VerifyingKey SigningKey

    Methods

    scalarZero scalarOne scalarInvert scalarRandom serializeScalar deserializeScalar scalarAdd scalarSub scalarMul scalarsEqual elementSize scalarSize cofactor identity generator serializeElement deserializeElement elementAdd elementSub elementMul scalarBaseMult elementsEqual isIdentity H1 H2 H3 H4 H5 HDKG HID hashRandomizer challenge computeBindingFactorList computeGroupCommitment deriveInterpolatingValue

    Properties

    ID: "FROST-RISTRETTO255-SHA512-v1" = CONTEXT_STRING

    The ciphersuite ID string. It should be equal to the contextString in the spec. For new ciphersuites, this should be a string that identifies the ciphersuite; it's recommended to use a similar format to the ciphersuites in the FROST spec, e.g. "FROST-RISTRETTO255-SHA512-v1".

    group: RistrettoGroupImpl

    The prime order group (or subgroup) that this ciphersuite operates over. Provides access to Field and Group operations in a hierarchical manner.

    Scalar: Ristretto255Scalar

    The scalar type for this ciphersuite

    Element: Ristretto255Point

    The element type for this ciphersuite

    VerifyingKey: VerifyingKey<Ristretto255Sha512Impl>

    The verifying key type

    SigningKey: SigningKey<Ristretto255Sha512Impl>

    The signing key type

    Methods

    • Returns the zero element of the field, the additive identity.

      Returns Ristretto255Scalar

    • Returns the one element of the field, the multiplicative identity.

      Returns Ristretto255Scalar

    • Computes the multiplicative inverse of an element of the scalar field.

      Parameters

      • scalar: Ristretto255Scalar

      Returns Ristretto255Scalar

      Error if the element is zero

    • Generate a random scalar from the entire space [0, l-1]

      Parameters

      • rng: { fill(array: Uint8Array): void }

      Returns Ristretto255Scalar

    • Serialize a scalar to bytes.

      Parameters

      • scalar: Ristretto255Scalar

      Returns Uint8Array

    • Deserialize a scalar from bytes.

      Parameters

      • bytes: Uint8Array

      Returns Ristretto255Scalar

      Error if the bytes are not a valid scalar encoding

    • Add two scalars.

      Parameters

      • a: Ristretto255Scalar
      • b: Ristretto255Scalar

      Returns Ristretto255Scalar

    • Subtract two scalars.

      Parameters

      • a: Ristretto255Scalar
      • b: Ristretto255Scalar

      Returns Ristretto255Scalar

    • Multiply two scalars.

      Parameters

      • a: Ristretto255Scalar
      • b: Ristretto255Scalar

      Returns Ristretto255Scalar

    • Check if two scalars are equal.

      Parameters

      • a: Ristretto255Scalar
      • b: Ristretto255Scalar

      Returns boolean

    • Returns the size in bytes of a serialized element.

      Returns number

    • Returns the size in bytes of a serialized scalar.

      Returns number

    • The order of the quotient group when the prime order subgroup divides the order of the full curve group. For prime order curves, this should return 1.

      Returns Ristretto255Scalar

    • Additive identity of the prime order group.

      Returns Ristretto255Point

    • The fixed generator element of the prime order group.

      Returns Ristretto255Point

    • Serialize an element to bytes.

      Parameters

      • element: Ristretto255Point

      Returns Uint8Array

      Error if the element is the identity

    • Deserialize an element from bytes.

      Parameters

      • bytes: Uint8Array

      Returns Ristretto255Point

      Error if the bytes are not a valid element encoding or represent the identity

    • Add two group elements.

      Parameters

      • a: Ristretto255Point
      • b: Ristretto255Point

      Returns Ristretto255Point

    • Subtract two group elements.

      Parameters

      • a: Ristretto255Point
      • b: Ristretto255Point

      Returns Ristretto255Point

    • Multiply a group element by a scalar.

      Parameters

      • element: Ristretto255Point
      • scalar: Ristretto255Scalar

      Returns Ristretto255Point

    • Scalar multiplication with the generator (g * scalar).

      Parameters

      • scalar: Ristretto255Scalar

      Returns Ristretto255Point

    • Check if two elements are equal.

      Parameters

      • a: Ristretto255Point
      • b: Ristretto255Point

      Returns boolean

    • Check if an element is the identity.

      Parameters

      • element: Ristretto255Point

      Returns boolean

    • HDKG for FROST(ristretto255, SHA-512)

      HDKG(m) = SHA-512("FROST-RISTRETTO255-SHA512-v1" || "dkg" || m)

      Used for distributed key generation.

      Parameters

      • m: Uint8Array

      Returns Ristretto255Scalar | null

    • HID for FROST(ristretto255, SHA-512)

      HID(m) = SHA-512("FROST-RISTRETTO255-SHA512-v1" || "id" || m)

      Used for deriving identifiers from arbitrary byte strings.

      Parameters

      • m: Uint8Array

      Returns Ristretto255Scalar | null

    • hashRandomizer for RandomizedCiphersuite

      hashRandomizer(m) = SHA-512("FROST-RISTRETTO255-SHA512-v1" || "randomizer" || m)

      Used for re-randomized FROST signatures.

      Parameters

      • m: Uint8Array

      Returns Ristretto255Scalar | null

    • Compute the signature challenge.

      For ristretto255, this follows the FROST challenge computation from RFC 9591 Section 6.2.

      Parameters

      • R: Ristretto255Point
      • verifyingKey: unknown
      • message: Uint8Array

      Returns Challenge<Ristretto255Sha512Impl>

    • Compute binding factors for all participants.

      Type Parameters

      Parameters

      • signingPackage: SigningPackage<C>
      • verifyingKey: unknown
      • additionalPrefix: Uint8Array

      Returns BindingFactorList<C>

    • Compute the group commitment from all signing commitments.

      Type Parameters

      Parameters

      • signingPackage: SigningPackage<C>
      • bindingFactorList: BindingFactorList<C>

      Returns GroupCommitment<C>

    • Derive the interpolating value (Lagrange coefficient) for a participant.

      Type Parameters

      Parameters

      • signerId: { toScalar(): unknown; serialize(): Uint8Array; clone(): unknown }
      • signingPackage: SigningPackage<C>

      Returns Ristretto255Scalar

    Settings

    Member Visibility

    On This Page

    Properties
    Methods