Offer a multi-DLEq proof which simply merges challenges for n underlying proofs

This converts proofs from 2n elements to 1+n. Moves FROST over to it. Additionally, for FROST's binomial nonces, provides a single DLEq proof (2, not 1+2 elements) by proving the discrete log equality of their aggregate (with an appropriate binding factor). This may be split back up depending on later commentary...
2025-12-08 12:19:24 +00:00 · 2023-01-01 09:16:09 -05:00
parent 49c4acffbb
commit eeca440fa7
6 changed files with 291 additions and 86 deletions
--- a/crypto/dkg/src/frost.rs
+++ b/crypto/dkg/src/frost.rs
@@ -36,7 +36,7 @@ type FrostError<C> = DkgError<EncryptionKeyProof<C>>;
 #[allow(non_snake_case)]
 fn challenge<C: Ciphersuite>(context: &str, l: u16, R: &[u8], Am: &[u8]) -> C::F {
  let mut transcript = RecommendedTranscript::new(b"DKG FROST v0.2");
-  transcript.domain_separate(b"Schnorr Proof of Knowledge");
+  transcript.domain_separate(b"schnorr_proof_of_knowledge");
  transcript.append_message(b"context", context.as_bytes());
  transcript.append_message(b"participant", l.to_le_bytes());
  transcript.append_message(b"nonce", R);