frosix

Multiparty signature service (experimental)
Log | Files | Refs | README | LICENSE

compose_signature.c (2415B)

      1 /*
      2   This file is part of Frosix
      3   Copyright (C) 2022, 2023 Joel Urech
      4 
      5   Frosix is free software; you can redistribute it and/or modify it under the
      6   terms of the GNU Affero General Public License as published by the Free Software
      7   Foundation; either version 3, or (at your option) any later version.
      8 
      9   Frosix is distributed in the hope that it will be useful, but WITHOUT ANY
     10   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
     11   A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more details.
     12 
     13   You should have received a copy of the GNU Affero General Public License along with
     14   Frosix; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
     15 */
     16 /**
     17  * @file compose_signature.c
     18  * @brief Allows the 'Signatur Aggregator' to aggregate all received signature shares (z-value)
     19  * and together with the commitments, computes the challenge (r-value).
     20  * @author Joel Urech
     21 */
     22 #include "frost_high.h"
     23 #include "high_common.h"
     24 
     25 /**
     26  * Aggregates the signature shares from all participants, computes the group commitment aka 'R' value
     27  * and returns the final signature over the given message.
     28  */
     29 void
     30 FROST_compose_signature (struct FROST_Signature *signature,
     31                          const struct FROST_Commitment commitments[],
     32                          const struct FROST_SignatureShare signature_shares[],
     33                          uint8_t commitments_and_sig_shares_len,
     34                          const struct FROST_MessageHash *message_hash)
     35 {
     36   FROST_scalar_zero (&signature->z);
     37 
     38   for (uint8_t i = 0; i < commitments_and_sig_shares_len; i++)
     39   {
     40     FROST_scalar_add_scalar (&signature->z, &signature->z,
     41                              &signature_shares[i].sig_share);
     42   }
     43 
     44   // === Compute the binding factors ===
     45   struct FROST_BindingFactor binding_factors[commitments_and_sig_shares_len];
     46   FROST_compute_binding_factors_ (binding_factors, commitments,
     47                                   commitments_and_sig_shares_len,
     48                                   message_hash);
     49 
     50   // Compute the group commitment
     51   struct FROST_GroupCommitment group_commitment;
     52   FROST_compute_group_commitment_ (&group_commitment, commitments,
     53                                    binding_factors,
     54                                    commitments_and_sig_shares_len);
     55 
     56   // Copy group_commitment to sig
     57   FROST_point_copy_to (&signature->r, &group_commitment.commitment);
     58 }