frosix

Multiparty signature service (experimental)
Log | Files | Refs | README | LICENSE

generate_commitment.c (2289B)

      1 /*
      2   This file is part of Frosix
      3   Copyright (C) 2022, 2023 Frosix
      4 
      5   Frosix is free software; you can redistribute it and/or modify it under the
      6   terms of the GNU Affero General Public License as published by the Free Software
      7   Foundation; either version 3, or (at your option) any later version.
      8 
      9   Frosix is distributed in the hope that it will be useful, but WITHOUT ANY
     10   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
     11   A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more details.
     12 
     13   You should have received a copy of the GNU Affero General Public License along with
     14   Frosix; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
     15 */
     16 /**
     17  * @file generate_commitment.c
     18  * Derives a nonce and a corresponding commitment from the given message hash
     19  * and the secret key.
     20 */
     21 #include "frost_high.h"
     22 
     23 
     24 void
     25 FROST_get_random_seed (struct FROST_CommitmentSeed *seed)
     26 {
     27   FROST_scalar_random (&seed->scal);
     28 }
     29 
     30 
     31 void
     32 FROST_generate_nonce_and_commitment (
     33   struct FROST_Nonce *nonce,
     34   struct FROST_Commitment *commitment,
     35   const struct FROST_MessageHash *message_hash,
     36   const struct FROST_CommitmentSeed *seed)
     37 {
     38   /* get hash of message and secret key, this is our kdf master key */
     39   struct FROST_ShortHashState shs;
     40   struct FROST_ShortHashCode kdf_masterkey;
     41 
     42   FROST_short_hash_init (&shs);
     43   FROST_short_hash_update_fixed (&shs,
     44                                  message_hash,
     45                                  sizeof (*message_hash));
     46   FROST_short_hash_update_fixed (&shs,
     47                                  seed,
     48                                  sizeof (*seed));
     49   FROST_short_hash_final (&shs,
     50                           &kdf_masterkey);
     51 
     52   /* get nonce values with the kdf master key */
     53   FROST_kdf_scalar_to_curve (&nonce->hiding_nonce,
     54                              1,
     55                              &kdf_masterkey);
     56   FROST_kdf_scalar_to_curve (&nonce->binding_nonce,
     57                              2,
     58                              &kdf_masterkey);
     59 
     60   /* get commitment values from the nonce values */
     61   FROST_base_mul_scalar (&commitment->hiding_commitment,
     62                          &nonce->hiding_nonce);
     63   FROST_base_mul_scalar (&commitment->binding_commitment,
     64                          &nonce->binding_nonce);
     65 }