Remove DLEq proofs from CLSAG multisig

1) Removes the key image DLEq on the Monero side of things, as the produced
   signature share serves as a DLEq for it.
2) Removes the nonce DLEqs from modular-frost as they're unnecessary for
   monero-serai. Updates documentation accordingly.

Without the proof the nonces are internally consistent, the produced signatures
from modular-frost can be argued as a batch-verifiable CP93 DLEq (R0, R1, s),
or as a GSP for the CP93 DLEq statement (which naturally produces (R0, R1, s)).

The lack of proving the nonces consistent does make the process weaker, yet
it's also unnecessary for the class of protocols this is intended to service.
To provide DLEqs for the nonces would be to provide PoKs for the nonce
commitments (in the traditional Schnorr case).

crypto/frost/src/sign.rs

@@ -125,14 +125,8 @@ impl<C: Curve, A: Algorithm<C>> AlgorithmMachine<C, A> {
     let mut params = self.params;
 
     let mut rng = ChaCha20Rng::from_seed(*seed.0);
-    // Get a challenge to the existing transcript for use when proving for the commitments
-    let commitments_challenge = params.algorithm.transcript().challenge(b"commitments");
-    let (nonces, commitments) = Commitments::new::<_, A::Transcript>(
-      &mut rng,
-      params.keys.secret_share(),
-      &params.algorithm.nonces(),
-      commitments_challenge.as_ref(),
-    );
+    let (nonces, commitments) =
+      Commitments::new::<_>(&mut rng, params.keys.secret_share(), &params.algorithm.nonces());
     let addendum = params.algorithm.preprocess_addendum(&mut rng, &params.keys);
 
     let preprocess = Preprocess { commitments, addendum };
@@ -141,27 +135,18 @@ impl<C: Curve, A: Algorithm<C>> AlgorithmMachine<C, A> {
     let mut blame_entropy = [0; 32];
     rng.fill_bytes(&mut blame_entropy);
     (
-      AlgorithmSignMachine {
-        params,
-        seed,
-        commitments_challenge,
-        nonces,
-        preprocess: preprocess.clone(),
-        blame_entropy,
-      },
+      AlgorithmSignMachine { params, seed, nonces, preprocess: preprocess.clone(), blame_entropy },
       preprocess,
     )
   }
 
   #[cfg(any(test, feature = "tests"))]
   pub(crate) fn unsafe_override_preprocess(
-    mut self,
+    self,
     nonces: Vec<Nonce<C>>,
     preprocess: Preprocess<C, A::Addendum>,
   ) -> AlgorithmSignMachine<C, A> {
     AlgorithmSignMachine {
-      commitments_challenge: self.params.algorithm.transcript().challenge(b"commitments"),
-
       params: self.params,
       seed: CachedPreprocess(Zeroizing::new([0; 32])),
 
@@ -255,8 +240,6 @@ pub struct AlgorithmSignMachine<C: Curve, A: Algorithm<C>> {
   params: Params<C, A>,
   seed: CachedPreprocess,
 
-  #[zeroize(skip)]
-  commitments_challenge: <A::Transcript as Transcript>::Challenge,
   pub(crate) nonces: Vec<Nonce<C>>,
   // Skips the preprocess due to being too large a bound to feasibly enforce on users
   #[zeroize(skip)]
@@ -285,11 +268,7 @@ impl<C: Curve, A: Algorithm<C>> SignMachine<A::Signature> for AlgorithmSignMachi
 
   fn read_preprocess<R: Read>(&self, reader: &mut R) -> io::Result<Self::Preprocess> {
     Ok(Preprocess {
-      commitments: Commitments::read::<_, A::Transcript>(
-        reader,
-        &self.params.algorithm.nonces(),
-        self.commitments_challenge.as_ref(),
-      )?,
+      commitments: Commitments::read::<_>(reader, &self.params.algorithm.nonces())?,
       addendum: self.params.algorithm.read_addendum(reader)?,
     })
   }