diff --git a/frost-core/src/batch.rs b/frost-core/src/batch.rs index 9d4a4197..c0a12af0 100644 --- a/frost-core/src/batch.rs +++ b/frost-core/src/batch.rs @@ -120,8 +120,8 @@ where let z = item.sig.z; let mut R = item.sig.R; let mut vk = item.vk.element; - if ::is_need_tweaking() { - R = ::tweaked_R(&item.sig.R); + if ::is_taproot_compat() { + R = ::taproot_compat_R(&item.sig.R); vk = ::tweaked_public_key(&item.vk.element); } diff --git a/frost-core/src/lib.rs b/frost-core/src/lib.rs index 0c47a11d..623f7b13 100644 --- a/frost-core/src/lib.rs +++ b/frost-core/src/lib.rs @@ -588,7 +588,7 @@ where z = z + signature_share.share; } - if ::is_need_tweaking() { + if ::is_taproot_compat() { let challenge = ::challenge( &group_commitment.0, &pubkeys.verifying_key, diff --git a/frost-core/src/round2.rs b/frost-core/src/round2.rs index 28382789..462960bf 100644 --- a/frost-core/src/round2.rs +++ b/frost-core/src/round2.rs @@ -95,12 +95,12 @@ where ) -> Result<(), Error> { let mut commitment_share = group_commitment_share.0; let mut vsh = verifying_share.0; - if ::is_need_tweaking() { - commitment_share = ::tweaked_group_commitment_share( + if ::is_taproot_compat() { + commitment_share = ::taproot_compat_commitment_share( &group_commitment_share.0, &group_commitment.0 ); - vsh = ::tweaked_verifying_share( + vsh = ::taproot_compat_verifying_share( &verifying_share.0, &verifying_key.element ); @@ -233,8 +233,8 @@ pub fn sign( ); // Compute the Schnorr signature share. - if ::is_need_tweaking() { - let signature_share = ::compute_tweaked_signature_share( + if ::is_taproot_compat() { + let signature_share = ::compute_taproot_compat_signature_share( signer_nonces, binding_factor, group_commitment, diff --git a/frost-core/src/signing_key.rs b/frost-core/src/signing_key.rs index 80c36015..9fc59308 100644 --- a/frost-core/src/signing_key.rs +++ b/frost-core/src/signing_key.rs @@ -47,19 +47,19 @@ where pub fn sign(&self, mut rng: R, msg: &[u8]) -> Signature { let public = VerifyingKey::::from(*self); let mut secret = self.scalar; - if ::is_need_tweaking() { + if ::is_taproot_compat() { secret = ::tweaked_secret_key(secret, &public.element); } let mut k = random_nonzero::(&mut rng); let R = ::generator() * k; - if ::is_need_tweaking() { - k = ::tweaked_nonce(k, &R); + if ::is_taproot_compat() { + k = ::taproot_compat_nonce(k, &R); } // Generate Schnorr challenge let c: Challenge = ::challenge(&R, &public, msg); - if ::is_need_tweaking() { + if ::is_taproot_compat() { let z = ::tweaked_z(k, secret, c.0, &public.element); Signature { R, z } } else { diff --git a/frost-core/src/traits.rs b/frost-core/src/traits.rs index a3d3acc3..f3b33484 100644 --- a/frost-core/src/traits.rs +++ b/frost-core/src/traits.rs @@ -256,12 +256,12 @@ pub trait Ciphersuite: Copy + Clone + PartialEq + Debug { challenge(R, verifying_key, msg) } - /// determine tweak is need - fn is_need_tweaking() -> bool { + /// determine code is taproot compatible (used in frost-sepc256k1-tr) + fn is_taproot_compat() -> bool { false } - /// aggregate tweak z + /// aggregate tweak z (used in frost-sepc256k1-tr) #[allow(unused)] fn aggregate_tweak_z( z: <::Field as Field>::Scalar, @@ -272,7 +272,7 @@ pub trait Ciphersuite: Copy + Clone + PartialEq + Debug { panic!("Not implemented"); } - /// tweaked z for SigningKey sign + /// tweaked z for SigningKey sign (used in frost-sepc256k1-tr) #[allow(unused)] fn tweaked_z( k: <::Field as Field>::Scalar, @@ -284,9 +284,9 @@ pub trait Ciphersuite: Copy + Clone + PartialEq + Debug { panic!("Not implemented"); } - /// signature_share tweak + /// signature_share compatible with taproot (used in frost-sepc256k1-tr) #[allow(unused)] - fn compute_tweaked_signature_share( + fn compute_taproot_compat_signature_share( signer_nonces: &crate::round1::SigningNonces, binding_factor: crate::BindingFactor, group_commitment: crate::GroupCommitment, @@ -298,7 +298,7 @@ pub trait Ciphersuite: Copy + Clone + PartialEq + Debug { panic!("Not implemented"); } - /// calculate tweaked public key + /// calculate tweaked public key (used in frost-sepc256k1-tr) #[allow(unused)] fn tweaked_public_key( public_key: &::Element, @@ -306,15 +306,15 @@ pub trait Ciphersuite: Copy + Clone + PartialEq + Debug { panic!("Not implemented"); } - /// calculate tweaked R + /// calculate taproot compatible R (used in frost-sepc256k1-tr) #[allow(unused)] - fn tweaked_R( + fn taproot_compat_R( public_key: &::Element, ) -> ::Element { panic!("Not implemented"); } - /// tweaked secret + /// tweaked secret (used in frost-sepc256k1-tr) #[allow(unused)] fn tweaked_secret_key( secret: <::Field as Field>::Scalar, @@ -324,9 +324,9 @@ pub trait Ciphersuite: Copy + Clone + PartialEq + Debug { panic!("Not implemented"); } - /// tweaked nonce + /// calculate taproot compatible nonce (used in frost-sepc256k1-tr) #[allow(unused)] - fn tweaked_nonce( + fn taproot_compat_nonce( nonce: <::Field as Field>::Scalar, R: &Element, ) -> <::Field as Field>::Scalar @@ -334,9 +334,9 @@ pub trait Ciphersuite: Copy + Clone + PartialEq + Debug { panic!("Not implemented"); } - /// tweaked group commitment + /// calculate taproot compatible commitment share (used in frost-sepc256k1-tr) #[allow(unused)] - fn tweaked_group_commitment_share( + fn taproot_compat_commitment_share( group_commitment_share: &::Element, group_commitment: &::Element, ) -> ::Element @@ -344,9 +344,9 @@ pub trait Ciphersuite: Copy + Clone + PartialEq + Debug { panic!("Not implemented"); } - /// tweaked verifying share + /// calculate taproot compatible verifying share (used in frost-sepc256k1-tr) #[allow(unused)] - fn tweaked_verifying_share( + fn taproot_compat_verifying_share( verifying_share: &::Element, verifying_key: &::Element, ) -> ::Element diff --git a/frost-core/src/verifying_key.rs b/frost-core/src/verifying_key.rs index 7377f971..a86369fa 100644 --- a/frost-core/src/verifying_key.rs +++ b/frost-core/src/verifying_key.rs @@ -70,8 +70,8 @@ where // where h is the cofactor let mut R = signature.R; let mut vk = self.element; - if ::is_need_tweaking() { - R = ::tweaked_R(&signature.R); + if ::is_taproot_compat() { + R = ::taproot_compat_R(&signature.R); vk = ::tweaked_public_key(&self.element); } let zB = C::Group::generator() * signature.z; diff --git a/frost-secp256k1-tr/src/lib.rs b/frost-secp256k1-tr/src/lib.rs index 874453aa..8a6b32b2 100644 --- a/frost-secp256k1-tr/src/lib.rs +++ b/frost-secp256k1-tr/src/lib.rs @@ -324,8 +324,8 @@ impl Ciphersuite for Secp256K1Sha256 { Challenge::from_scalar(S::H2(&preimage[..])) } - /// determine tweak is need - fn is_need_tweaking() -> bool { + /// determine code is taproot compatible + fn is_taproot_compat() -> bool { true } @@ -360,8 +360,8 @@ impl Ciphersuite for Secp256K1Sha256 { } } - /// compute tweaked signature_share - fn compute_tweaked_signature_share( + /// signature_share compatible with taproot + fn compute_taproot_compat_signature_share( signer_nonces: &round1::SigningNonces, binding_factor: frost::BindingFactor, group_commitment: frost_core::GroupCommitment, @@ -395,8 +395,8 @@ impl Ciphersuite for Secp256K1Sha256 { real_tweaked_pubkey(public_key, &[]) } - /// calculate tweaked R - fn tweaked_R(R: &::Element) -> ::Element { + /// calculate taproot compatible R + fn taproot_compat_R(R: &::Element) -> ::Element { AffinePoint::decompact(&R.to_affine().x()).unwrap().into() } @@ -408,8 +408,8 @@ impl Ciphersuite for Secp256K1Sha256 { tweaked_secret_key(secret, &public, &[]) } - /// tweaked nonce - fn tweaked_nonce( + /// calculate taproot compatible nonce + fn taproot_compat_nonce( nonce: <::Field as Field>::Scalar, R: &Element, ) -> <::Field as Field>::Scalar { @@ -420,7 +420,8 @@ impl Ciphersuite for Secp256K1Sha256 { } } - fn tweaked_group_commitment_share( + /// calculate taproot compatible commitment share + fn taproot_compat_commitment_share( group_commitment_share: &Element, group_commitment: &Element, ) -> Element { @@ -431,7 +432,8 @@ impl Ciphersuite for Secp256K1Sha256 { } } - fn tweaked_verifying_share( + /// calculate taproot compatible verifying share + fn taproot_compat_verifying_share( verifying_share: &::Element, verifying_key: &::Element, ) -> ::Element {