feat: add frost-secp256k1-evm crate

.github/workflows/main.yml

@@ -69,7 +69,7 @@ jobs:
     # Skip ed448 which does not support it.
     strategy:
       matrix:
-        crate: [ristretto255, ed25519, p256, secp256k1, secp256k1-tr, rerandomized]
+        crate: [ristretto255, ed25519, p256, secp256k1-evm, secp256k1-tr, rerandomized]
     steps:
     - uses: actions/[email protected]
     - uses: dtolnay/rust-toolchain@master

Cargo.toml

@@ -6,7 +6,7 @@ members = [
     "frost-ed448",
     "frost-p256",
     "frost-ristretto255",
-    "frost-secp256k1",
+    "frost-secp256k1-evm",
     "frost-secp256k1-tr",
     "frost-rerandomized",
     "gencode"

README.md

@@ -2,16 +2,16 @@
 
 [![CI](https://github.com/ZcashFoundation/frost/actions/workflows/main.yml/badge.svg?branch=main)](https://github.com/ZcashFoundation/frost/actions/workflows/main.yml)
 
-| Crate                           |                        | Crates.io                                                                                                           | Documentation                                                                                        |
-| ------------------------------- | ---------------------- | ------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- |
-| Generic FROST implementation    | [`frost-core`]         | [![crates.io](https://img.shields.io/crates/v/frost-core.svg)](https://crates.io/crates/frost-core)                 | [![Documentation](https://docs.rs/frost-core/badge.svg)](https://docs.rs/frost-core)                 |
-| Ristretto255 ciphersuite        | [`frost-ristretto255`] | [![crates.io](https://img.shields.io/crates/v/frost-ristretto255.svg)](https://crates.io/crates/frost-ristretto255) | [![Documentation](https://docs.rs/frost-ristretto255/badge.svg)](https://docs.rs/frost-ristretto255) |
-| Ed25519 ciphersuite             | [`frost-ed25519`]      | [![crates.io](https://img.shields.io/crates/v/frost-ed25519.svg)](https://crates.io/crates/frost-ed25519)           | [![Documentation](https://docs.rs/frost-ed25519/badge.svg)](https://docs.rs/frost-ed25519)           |
-| Ed448 ciphersuite               | [`frost-ed448`]        | [![crates.io](https://img.shields.io/crates/v/frost-ed448.svg)](https://crates.io/crates/frost-ed448)               | [![Documentation](https://docs.rs/frost-ed448/badge.svg)](https://docs.rs/frost-ed448)               |
-| P-256 ciphersuite               | [`frost-p256`]         | [![crates.io](https://img.shields.io/crates/v/frost-p256.svg)](https://crates.io/crates/frost-p256)                 | [![Documentation](https://docs.rs/frost-p256/badge.svg)](https://docs.rs/frost-p256)                 |
-| secp256k1 ciphersuite           | [`frost-secp256k1`]    | [![crates.io](https://img.shields.io/crates/v/frost-secp256k1.svg)](https://crates.io/crates/frost-secp256k1)       | [![Documentation](https://docs.rs/frost-secp256k1/badge.svg)](https://docs.rs/frost-secp256k1)       |
-| secp256k1 ciphersuite (Taproot) | [`frost-secp256k1-tr`] | [![crates.io](https://img.shields.io/crates/v/frost-secp256k1-tr.svg)](https://crates.io/crates/frost-secp256k1-tr) | [![Documentation](https://docs.rs/frost-secp256k1-tr/badge.svg)](https://docs.rs/frost-secp256k1-tr) |
-| Generic Re-randomized FROST     | [`frost-rerandomized`] | [![crates.io](https://img.shields.io/crates/v/frost-rerandomized.svg)](https://crates.io/crates/frost-rerandomized) | [![Documentation](https://docs.rs/frost-rerandomized/badge.svg)](https://docs.rs/frost-rerandomized) |
+| Crate                           |                         | Crates.io                                                                                                             | Documentation                                                                                          |
+| ------------------------------- | ----------------------- | --------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------ |
+| Generic FROST implementation    | [`frost-core`]          | [![crates.io](https://img.shields.io/crates/v/frost-core.svg)](https://crates.io/crates/frost-core)                   | [![Documentation](https://docs.rs/frost-core/badge.svg)](https://docs.rs/frost-core)                   |
+| Ristretto255 ciphersuite        | [`frost-ristretto255`]  | [![crates.io](https://img.shields.io/crates/v/frost-ristretto255.svg)](https://crates.io/crates/frost-ristretto255)   | [![Documentation](https://docs.rs/frost-ristretto255/badge.svg)](https://docs.rs/frost-ristretto255)   |
+| Ed25519 ciphersuite             | [`frost-ed25519`]       | [![crates.io](https://img.shields.io/crates/v/frost-ed25519.svg)](https://crates.io/crates/frost-ed25519)             | [![Documentation](https://docs.rs/frost-ed25519/badge.svg)](https://docs.rs/frost-ed25519)             |
+| Ed448 ciphersuite               | [`frost-ed448`]         | [![crates.io](https://img.shields.io/crates/v/frost-ed448.svg)](https://crates.io/crates/frost-ed448)                 | [![Documentation](https://docs.rs/frost-ed448/badge.svg)](https://docs.rs/frost-ed448)                 |
+| P-256 ciphersuite               | [`frost-p256`]          | [![crates.io](https://img.shields.io/crates/v/frost-p256.svg)](https://crates.io/crates/frost-p256)                   | [![Documentation](https://docs.rs/frost-p256/badge.svg)](https://docs.rs/frost-p256)                   |
+| secp256k1 ciphersuite (EVM)     | [`frost-secp256k1-evm`] | [![crates.io](https://img.shields.io/crates/v/frost-secp256k1-evm.svg)](https://crates.io/crates/frost-secp256k1-evm) | [![Documentation](https://docs.rs/frost-secp256k1-evm/badge.svg)](https://docs.rs/frost-secp256k1-evm) |
+| secp256k1 ciphersuite (Taproot) | [`frost-secp256k1-tr`]  | [![crates.io](https://img.shields.io/crates/v/frost-secp256k1-tr.svg)](https://crates.io/crates/frost-secp256k1-tr)   | [![Documentation](https://docs.rs/frost-secp256k1-tr/badge.svg)](https://docs.rs/frost-secp256k1-tr)   |
+| Generic Re-randomized FROST     | [`frost-rerandomized`]  | [![crates.io](https://img.shields.io/crates/v/frost-rerandomized.svg)](https://crates.io/crates/frost-rerandomized)   | [![Documentation](https://docs.rs/frost-rerandomized/badge.svg)](https://docs.rs/frost-rerandomized)   |
 
 Rust implementations of ['Two-Round Threshold Schnorr Signatures with FROST'](https://datatracker.ietf.org/doc/draft-irtf-cfrg-frost/).
 
@@ -60,7 +60,7 @@ of the v0.6.0 release (corresponding to commit 5fa17ed) of the following crates:
 - frost-ristretto255
 
 This includes key generation (both trusted dealer and DKG) and FROST signing.
-This does not include frost-secp256k1-tr and rerandomized FROST.
+This does not include frost-secp256k1-evm, frost-secp256k1-tr and rerandomized FROST.
 
 The parts of the
 [`Ed448-Goldilocks`](https://github.com/crate-crypto/Ed448-Goldilocks)

book/src/dev/frost-dependencies-for-audit.md

@@ -46,6 +46,7 @@ The following crates and dependencies are out of scope for the audit.
 | Name | Version | Notes
 |------| ------- | -----
 | frost-rerandomized | v0.2.0 | To be audited after the security proof is complete.
+| frost-secp256k1-evm | N/A | Copy of frost-secp256k1 with keccak256 hash, has not been audited yet.
 | frost-secp256k1-tr | N/A | frost-secp256k1 with Taproot support, has not been audited yet.
 
 ### `frost-core` Dependencies

book/src/dev/release-checklist.md

@@ -22,7 +22,7 @@
    4. [Frost p256 version number](https://github.com/ZcashFoundation/frost/blob/main/frost-p256/Cargo.toml#L8)
    5. [Frost re randomized version number](https://github.com/ZcashFoundation/frost/blob/main/frost-rerandomized/Cargo.toml#L8)
    6. [Frost ristretto255 version number](https://github.com/ZcashFoundation/frost/blob/main/frost-ristretto255/Cargo.toml#L8)
-   7. [Frost secp256k1 version number](https://github.com/ZcashFoundation/frost/blob/main/frost-secp256k1/Cargo.toml#L7)
+   7. [Frost secp256k1 evm version number](https://github.com/ZcashFoundation/frost/blob/main/frost-secp256k1-evm/Cargo.toml#L7)
    8. [Frost secp256k1 tr version number](https://github.com/ZcashFoundation/frost/blob/main/frost-secp256k1-tr/Cargo.toml#L7)
 
 5. Decide which version to tag the release with (e.g. v0.3.0). Currently we always use the same release number for all crates, but it's possible for them to get out of sync in the future.
@@ -75,7 +75,7 @@
 
 20. Publish it with `cargo publish -p frost-rerandomized`
 
-21. Check if other crates are ready to be published: `for cs in ristretto255 ed25519 secp256k1 secp256k1-tr p256 ed448; do cargo publish -p frost-$cs --dry-run; done`. Fix any issues if needed.
+21. Check if other crates are ready to be published: `for cs in ristretto255 ed25519 secp256k1-evm secp256k1-tr p256 ed448; do cargo publish -p frost-$cs --dry-run; done`. Fix any issues if needed.
 
     1. If you get an error like this:
 
@@ -87,7 +87,7 @@
 
     1. Use the same process as described for frost-core above (actions 1 - 3), but you can leave the changelog empty and **uncheck** “Set as the latest release”
 
-23. Publish those crates: `for cs in ristretto255 ed25519 secp256k1 secp256k1-tr p256 ed448; do cargo publish -p frost-$cs; done`
+23. Publish those crates: `for cs in ristretto255 ed25519 secp256k1-evm secp256k1-tr p256 ed448; do cargo publish -p frost-$cs; done`
 
 
 ## Confirm
@@ -99,7 +99,7 @@
     3. [Frost ed448](https://crates.io/crates/frost-ed448/versions)
     4. [Frost p256](https://crates.io/crates/frost-p256/versions)
     5. [Frost ristretto255](https://crates.io/crates/frost-ristretto255/versions)
-    6. [Frost secp256k1](https://crates.io/crates/frost-secp256k1/versions)
+    6. [Frost secp256k1 evm](https://crates.io/crates/frost-secp256k1-evm/versions)
     7. [Frost secp256k1 tr](https://crates.io/crates/frost-secp256k1-tr/versions)
     8. [Frost rerandomized](https://crates.io/crates/frost-rerandomized/versions)
 

book/src/tutorial.md

@@ -5,7 +5,7 @@ a generic implementation of the protocol, which can't be used directly
 without a concrete instantiation.
 
 The ciphersuite crates (`frost-ristretto255`, `frost-ed25519`, `frost-ed448`,
-`frost-p256`, `frost-secp256k1` and `frost-secp256k1-tr`) provide ciphersuites
+`frost-p256`, `frost-secp256k1-evm` and `frost-secp256k1-tr`) provide ciphersuites
 to use with `frost-core`, but also re-expose the `frost-core` functions without
 generics. If you will only use a single ciphersuite, then we recommend
 using those functions, and this tutorial will follow this approach.

book/src/user.md

@@ -6,5 +6,5 @@
 - [frost-ed448](https://docs.rs/frost-ed448/)
 - [frost-p256](https://docs.rs/frost-p256/)
 - [frost-ristretto255](https://docs.rs/frost-ristretto255/)
-- [frost-secp256k1](https://docs.rs/frost-secp256k1/)
+- [frost-secp256k1-evm](https://docs.rs/frost-secp256k1-evm/)
 - [frost-secp256k1-tr](https://docs.rs/frost-secp256k1-tr/)

book/src/user/frost-secp256k1-evm.md

@@ -0,0 +1 @@
+{{#include ../../../frost-secp256k1-evm/README.md}}

book/src/user/frost-secp256k1-evm/dkg.md

@@ -0,0 +1 @@
+{{#include ../../../../frost-secp256k1-evm/dkg.md}}

frost-core/CHANGELOG.md

@@ -9,6 +9,8 @@ Entries are listed in reverse chronological order.
   frost_core::Error<C>::culprit()`).
 * Added frost-secp256k1-tr crate, allowing to generate Bitcoin Taproot (BIP340/BIP341)
   compatible signatures.
+* Added a new ciphersuite `frost-secp256k1-evm` that uses the secp256k1
+  elliptic curve with hash keccak256.
 
 ## 2.0.0
 

frost-secp256k1/Cargo.toml → frost-secp256k1-evm/Cargo.toml

@@ -1,5 +1,5 @@
 [package]
-name = "frost-secp256k1"
+name = "frost-secp256k1-evm"
 edition = "2021"
 # When releasing to crates.io:
 # - Update CHANGELOG.md
@@ -15,7 +15,7 @@ license = "MIT OR Apache-2.0"
 repository = "https://github.com/ZcashFoundation/frost"
 categories = ["cryptography"]
 keywords = ["cryptography", "crypto", "threshold", "signature"]
-description = "A Schnorr signature scheme over the secp256k1 curve that supports FROST."
+description = "A Schnorr signature scheme over the secp256k1 curve that supports FROST and EVM."
 
 [package.metadata.docs.rs]
 features = ["serde"]
@@ -27,7 +27,7 @@ frost-core = { path = "../frost-core", version = "2.0.0", default-features = fal
 frost-rerandomized = { path = "../frost-rerandomized", version = "2.0.0", default-features = false }
 k256 = { version = "0.13.0", features = ["arithmetic", "expose-field", "hash2curve"], default-features = false }
 rand_core = "0.6"
-sha2 = { version = "0.10.2", default-features = false }
+sha3 = { version = "0.10.6", default-features = false }
 
 [dev-dependencies]
 criterion = "0.5"

frost-secp256k1/README.md → frost-secp256k1-evm/README.md

@@ -1,4 +1,4 @@
-An implementation of Schnorr signatures on the secp256k1 curve for both single and threshold numbers
+An implementation of Schnorr signatures on the secp256k1 curve (EVM) for both single and threshold numbers
 of signers (FROST).
 
 ## Example: key generation with trusted dealer and FROST signing
@@ -10,7 +10,7 @@ scenario in a single thread and it abstracts away any communication between peer
 
 ```rust
 # // ANCHOR: tkg_gen
-use frost_secp256k1 as frost;
+use frost_secp256k1_evm as frost;
 use rand::thread_rng;
 use std::collections::BTreeMap;
 

frost-secp256k1/benches/bench.rs → frost-secp256k1-evm/benches/bench.rs

@@ -1,18 +1,18 @@
 use criterion::{criterion_group, criterion_main, Criterion};
 use rand::thread_rng;
 
-use frost_secp256k1::*;
+use frost_secp256k1_evm::*;
 
 fn bench_secp256k1_batch_verify(c: &mut Criterion) {
     let mut rng = thread_rng();
 
-    frost_core::benches::bench_batch_verify::<Secp256K1Sha256, _>(c, "secp256k1", &mut rng);
+    frost_core::benches::bench_batch_verify::<Secp256K1Keccak256, _>(c, "secp256k1", &mut rng);
 }
 
 fn bench_secp256k1_sign(c: &mut Criterion) {
     let mut rng = thread_rng();
 
-    frost_core::benches::bench_sign::<Secp256K1Sha256, _>(c, "secp256k1", &mut rng);
+    frost_core::benches::bench_sign::<Secp256K1Keccak256, _>(c, "secp256k1", &mut rng);
 }
 
 criterion_group!(benches, bench_secp256k1_batch_verify, bench_secp256k1_sign);

frost-secp256k1/dkg.md → frost-secp256k1-evm/dkg.md

@@ -29,7 +29,7 @@ they can proceed to sign messages with FROST.
 use rand::thread_rng;
 use std::collections::BTreeMap;
 
-use frost_secp256k1 as frost;
+use frost_secp256k1_evm as frost;
 
 let mut rng = thread_rng();
 

frost-secp256k1/src/keys/repairable.rs → frost-secp256k1-evm/src/keys/repairable.rs

@@ -10,7 +10,7 @@ use alloc::collections::BTreeMap;
 // (if it were below, the position of the import would vary between ciphersuites
 //  after `cargo fmt`)
 use crate::{frost, Ciphersuite, CryptoRng, Identifier, RngCore, Scalar};
-use crate::{Error, Secp256K1Sha256};
+use crate::{Error, Secp256K1Keccak256};
 
 use super::{SecretShare, VerifiableSecretSharingCommitment};
 
@@ -38,7 +38,7 @@ pub fn repair_share_step_1<C: Ciphersuite, R: RngCore + CryptoRng>(
 ///
 /// Returns a scalar
 pub fn repair_share_step_2(deltas_j: &[Scalar]) -> Scalar {
-    frost::keys::repairable::repair_share_step_2::<Secp256K1Sha256>(deltas_j)
+    frost::keys::repairable::repair_share_step_2::<Secp256K1Keccak256>(deltas_j)
 }
 
 /// Step 3 of RTS
@@ -61,7 +61,7 @@ mod tests {
     use rand::thread_rng;
     use serde_json::Value;
 
-    use crate::Secp256K1Sha256;
+    use crate::Secp256K1Keccak256;
 
     lazy_static! {
         pub static ref REPAIR_SHARE: Value =
@@ -73,18 +73,20 @@ mod tests {
     fn check_repair_share_step_1() {
         let rng = thread_rng();
 
-        frost_core::tests::repairable::check_repair_share_step_1::<Secp256K1Sha256, _>(rng);
+        frost_core::tests::repairable::check_repair_share_step_1::<Secp256K1Keccak256, _>(rng);
     }
 
     #[test]
     fn check_repair_share_step_2() {
-        frost_core::tests::repairable::check_repair_share_step_2::<Secp256K1Sha256>(&REPAIR_SHARE);
+        frost_core::tests::repairable::check_repair_share_step_2::<Secp256K1Keccak256>(
+            &REPAIR_SHARE,
+        );
     }
 
     #[test]
     fn check_repair_share_step_3() {
         let rng = thread_rng();
-        frost_core::tests::repairable::check_repair_share_step_3::<Secp256K1Sha256, _>(
+        frost_core::tests::repairable::check_repair_share_step_3::<Secp256K1Keccak256, _>(
             rng,
             &REPAIR_SHARE,
         );
@@ -94,7 +96,7 @@ mod tests {
     fn check_repair_share_step_1_fails_with_invalid_min_signers() {
         let rng = thread_rng();
         frost_core::tests::repairable::check_repair_share_step_1_fails_with_invalid_min_signers::<
-            Secp256K1Sha256,
+            Secp256K1Keccak256,
             _,
         >(rng);
     }