Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Frost CI check #3

Open
wants to merge 35 commits into
base: master
Choose a base branch
from
+4,319 −68
Open

Frost CI check #3

Changes from 1 commit
Commits
Show all changes
35 commits
Select commit Hold shift + click to select a range
7840a1f
frost: initialize project
jesseposner Sep 4, 2022
ec537f5
frost: share generation
jesseposner Sep 4, 2022
739e6a5
frost: share aggregation
jesseposner Sep 4, 2022
a33e998
frost: nonce generation
jesseposner Sep 4, 2022
0fb241b
frost: key tweaking
jesseposner Sep 4, 2022
ca20715
frost: nonce aggregation and adaptor signatures
jesseposner Sep 4, 2022
e495c9d
frost: signature generation and aggregation
jesseposner Sep 4, 2022
bf64786
frost: add tests
jesseposner Sep 4, 2022
edc12a5
frost: add example file
jesseposner Sep 4, 2022
6c1cf4e
frost: add documentation file
jesseposner Sep 4, 2022
532c20e
Remove unnecessary chacha rounds from share_gen
jesseposner Oct 7, 2022
a3e8515
Commit to agg_pk in noncehash
jesseposner Nov 2, 2022
fd70310
Commit to indexhashes in noncehash
jesseposner Nov 7, 2022
fe7e13c
Add secp256k1_frost_verify_adaptor API
jesseposner Dec 9, 2022
b0234a2
Add multi-hop lock tests
jesseposner Dec 9, 2022
e4bbe10
Resolve conflicts
jesseposner Mar 29, 2023
dc5c956
Improve variable naming
jesseposner Mar 29, 2023
b349f11
Add vss_gen
jesseposner Jul 29, 2023
76e4129
Remove keypair from share_gen
jesseposner Jul 29, 2023
99d1ef4
Remove vss_commitment from share_gen
jesseposner Jul 29, 2023
3764940
Add vss input to share_gen
jesseposner Jul 29, 2023
22a969c
Add pok input to share_gen
jesseposner Jul 29, 2023
004b79c
Verify pok in share_gen
jesseposner Jul 29, 2023
66041d3
Improve variable naming
jesseposner Jul 29, 2023
9bfd213
Resolve conflicts
jesseposner Jul 29, 2023
bee68f0
Revert "scalar: Remove unused secp256k1_scalar_chacha20"
jesseposner Jul 29, 2023
dd3d991
Fix valgrind
jesseposner Jul 29, 2023
9a6ad08
Fix valgrind
jesseposner Aug 17, 2023
6f2c074
Augment comment
jesseposner Aug 17, 2023
e1df046
Resolve conflicts
jesseposner Aug 17, 2023
2a785f4
Add missing string dependency
jesseposner Aug 17, 2023
88c2d96
Fix test contexts
jesseposner Aug 17, 2023
4a0b544
frost: make position of asterisk (*) consistent in include/ file
jonasnick Aug 21, 2023
4ac59b4
frost: remove deprecated CONTEXT_SIGN and CONTEXT_VERIFY flags
jonasnick Aug 21, 2023
715f547
frost: fix documentation on context flag requirements
jonasnick Aug 21, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Remove keypair from share_gen
@jesseposner
jesseposner committed Jul 29, 2023
commit 76e41295fcb0551e9454795b81d143a9b20a6e56
8 changes: 2 additions & 6 deletions examples/frost.c
View file
Original file line number Diff line number Diff line change
@@ -86,7 +86,7 @@ int create_shares(const secp256k1_context* ctx, struct signer_secrets *signer_se
fclose(frand);
/* Generate a polynomial share for the first participant and save the
* vss commitment */
if (!secp256k1_frost_share_gen(ctx, NULL, &shares[i][0], session_id, &signer_secrets[i].keypair, &signer[0].pubkey, THRESHOLD)) {
if (!secp256k1_frost_share_gen(ctx, NULL, &shares[i][0], session_id, &signer[0].pubkey, THRESHOLD)) {
return 0;
}
if (!secp256k1_frost_vss_gen(ctx, signer[i].vss_commitment, signer[i].pok, session_id, THRESHOLD)) {
@@ -95,7 +95,7 @@ int create_shares(const secp256k1_context* ctx, struct signer_secrets *signer_se
vss_commitments[i] = signer[i].vss_commitment;
for (j = 1; j < N_SIGNERS; j++) {
/* Generate a polynomial share for the remaining participants */
if (!secp256k1_frost_share_gen(ctx, NULL, &shares[i][j], session_id, &signer_secrets[i].keypair, &signer[j].pubkey, THRESHOLD)) {
if (!secp256k1_frost_share_gen(ctx, NULL, &shares[i][j], session_id, &signer[j].pubkey, THRESHOLD)) {
return 0;
}
}
@@ -209,7 +209,6 @@ int sign(const secp256k1_context* ctx, struct signer_secrets *signer_secrets, st

for (i = 0; i < N_SIGNERS; i++) {
FILE *frand;
unsigned char seckey[32];
unsigned char session_id[32];
/* Create random session ID. It is absolutely necessary that the session ID
* is unique for every call of secp256k1_frost_nonce_gen. Otherwise
@@ -223,9 +222,6 @@ int sign(const secp256k1_context* ctx, struct signer_secrets *signer_secrets, st
return 0;
}
fclose(frand);
if (!secp256k1_keypair_sec(ctx, seckey, &signer_secrets[i].keypair)) {
return 0;
}
/* Initialize session and create secret nonce for signing and public
* nonce to send to the other signers. */
if (!secp256k1_frost_nonce_gen(ctx, &signer_secrets[i].secnonce, &signer[i].pubnonce, session_id, &signer_secrets[i].agg_share, msg32, agg_pk, NULL)) {
5 changes: 1 addition & 4 deletions include/secp256k1_frost.h
View file
Original file line number Diff line number Diff line change
@@ -240,8 +240,6 @@ SECP256K1_API int secp256k1_frost_vss_gen(
* must be equal to the threshold (can be NULL).
* share: pointer to the key generation share
* In: session_id32: a 32-byte session_id32 as explained above
* keypair: pointer to a keypair that contains the secret that is
* shared
* recipient_pk: pointer to the public key of the share recipient
* threshold: the minimum number of signers required to produce a
* signature
@@ -251,10 +249,9 @@ SECP256K1_API int secp256k1_frost_share_gen(
secp256k1_pubkey *vss_commitment,
secp256k1_frost_share *share,
const unsigned char *session_id32,
const secp256k1_keypair *keypair,
const secp256k1_xonly_pubkey *recipient_pk,
size_t threshold
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5) SECP256K1_ARG_NONNULL(6);
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5);

/** Aggregates shares
*
3 changes: 1 addition & 2 deletions src/modules/frost/keygen_impl.h
View file
Original file line number Diff line number Diff line change
@@ -170,7 +170,7 @@ int secp256k1_frost_vss_gen(const secp256k1_context *ctx, secp256k1_pubkey *vss,
return 1;
}

int secp256k1_frost_share_gen(const secp256k1_context *ctx, secp256k1_pubkey *vss_commitment, secp256k1_frost_share *share, const unsigned char *session_id, const secp256k1_keypair *keypair, const secp256k1_xonly_pubkey *recipient_pk, size_t threshold) {
int secp256k1_frost_share_gen(const secp256k1_context *ctx, secp256k1_pubkey *vss_commitment, secp256k1_frost_share *share, const unsigned char *session_id, const secp256k1_xonly_pubkey *recipient_pk, size_t threshold) {
secp256k1_sha256 sha;
secp256k1_scalar idx;
secp256k1_scalar share_i;
@@ -183,7 +183,6 @@ int secp256k1_frost_share_gen(const secp256k1_context *ctx, secp256k1_pubkey *vs
ARG_CHECK(share != NULL);
memset(share, 0, sizeof(*share));
ARG_CHECK(session_id != NULL);
ARG_CHECK(keypair != NULL);
ARG_CHECK(recipient_pk != NULL);
ARG_CHECK(threshold > 1);

113 changes: 51 additions & 62 deletions src/modules/frost/tests_impl.h
View file
Original file line number Diff line number Diff line change
@@ -23,22 +23,20 @@
#include "../../hash.h"
#include "../../util.h"

static int frost_create_keypair_and_pk(secp256k1_keypair *keypair, secp256k1_xonly_pubkey *pk, const unsigned char *sk) {
static int frost_create_pk(secp256k1_xonly_pubkey *pk, const unsigned char *sk) {
int ret;
secp256k1_keypair keypair_tmp;
ret = secp256k1_keypair_create(ctx, &keypair_tmp, sk);
ret &= secp256k1_keypair_xonly_pub(ctx, pk, NULL, &keypair_tmp);
if (keypair != NULL) {
*keypair = keypair_tmp;
}
secp256k1_pubkey pubkey_tmp;

ret = secp256k1_ec_pubkey_create(ctx, &pubkey_tmp, sk);
ret &= secp256k1_xonly_pubkey_from_pubkey(ctx, pk, NULL, &pubkey_tmp);

return ret;
}

/* Simple (non-adaptor, non-tweaked) 3-of-5 FROST aggregate, sign, verify
* test. */
void frost_simple_test(void) {
unsigned char sk[5][32];
secp256k1_keypair keypair[5];
secp256k1_frost_pubnonce pubnonce[5];
const secp256k1_frost_pubnonce *pubnonce_ptr[5];
unsigned char msg[32];
@@ -68,11 +66,11 @@ void frost_simple_test(void) {
pubnonce_ptr[i] = &pubnonce[i];
partial_sig_ptr[i] = &partial_sig[i];

CHECK(frost_create_keypair_and_pk(&keypair[i], &pk[i], sk[i]));
CHECK(frost_create_pk(&pk[i], sk[i]));
}
for (i = 0; i < 5; i++) {
for (j = 0; j < 5; j++) {
CHECK(secp256k1_frost_share_gen(ctx, vss_commitment[i], &share[i][j], session_id[i], &keypair[i], &pk[j], 3) == 1);
CHECK(secp256k1_frost_share_gen(ctx, vss_commitment[i], &share[i][j], session_id[i], &pk[j], 3) == 1);
}
}
for (i = 0; i < 5; i++) {
@@ -139,8 +137,6 @@ void frost_api_tests(void) {
unsigned char pre_sig[64];
unsigned char buf[32];
unsigned char sk[5][32];
secp256k1_keypair keypair[5];
secp256k1_keypair invalid_keypair;
unsigned char max64[64];
unsigned char zeros68[68] = { 0 };
unsigned char session_id[5][32];
@@ -204,7 +200,6 @@ void frost_api_tests(void) {
/* Simulate structs being uninitialized by setting it to 0s. We don't want
* to produce undefined behavior by actually providing uninitialized
* structs. */
memset(&invalid_keypair, 0, sizeof(invalid_keypair));
memset(&invalid_pk, 0, sizeof(invalid_pk));
memset(&invalid_secnonce, 0, sizeof(invalid_secnonce));
memset(&invalid_partial_sig, 0, sizeof(invalid_partial_sig));
@@ -227,7 +222,7 @@ void frost_api_tests(void) {
invalid_partial_sig_ptr[i] = &partial_sig[i];
secp256k1_testrand256(session_id[i]);
secp256k1_testrand256(sk[i]);
CHECK(frost_create_keypair_and_pk(&keypair[i], &pk[i], sk[i]));
CHECK(frost_create_pk(&pk[i], sk[i]));
}
invalid_pubnonce_ptr[0] = &invalid_pubnonce;
invalid_pk_ptr[0] = &invalid_pk;
@@ -245,37 +240,34 @@ void frost_api_tests(void) {
ecount = 0;
for (i = 0; i < 5; i++) {
for (j = 0; j < 5; j++) {
CHECK(secp256k1_frost_share_gen(none, vss_commitment[i], &share[i][j], session_id[i], &keypair[i], pk_ptr[j], 3) == 1);
CHECK(secp256k1_frost_share_gen(sign, vss_commitment[i], &share[i][j], session_id[i], &keypair[i], pk_ptr[j], 3) == 1);
CHECK(secp256k1_frost_share_gen(vrfy, vss_commitment[i], &share[i][j], session_id[i], &keypair[i], pk_ptr[j], 3) == 1);
CHECK(secp256k1_frost_share_gen(vrfy, NULL, &share[i][j], session_id[i], &keypair[i], pk_ptr[j], 3) == 1);
CHECK(secp256k1_frost_share_gen(vrfy, vss_commitment[i], NULL, session_id[i], &keypair[i], pk_ptr[j], 3) == 0);
CHECK(ecount == (i*35)+(j*7)+1);
CHECK(secp256k1_frost_share_gen(vrfy, vss_commitment[i], &share[i][j], NULL, &keypair[i], pk_ptr[j], 3) == 0);
CHECK(ecount == (i*35)+(j*7)+2);
CHECK(frost_memcmp_and_randomize(share[i][j].data, zeros68, sizeof(share[i][j].data)) == 0);
CHECK(secp256k1_frost_share_gen(vrfy, vss_commitment[i], &share[i][j], session_id[i], NULL, pk_ptr[j], 3) == 0);
CHECK(ecount == (i*35)+(j*7)+3);
CHECK(secp256k1_frost_share_gen(none, vss_commitment[i], &share[i][j], session_id[i], pk_ptr[j], 3) == 1);
CHECK(secp256k1_frost_share_gen(sign, vss_commitment[i], &share[i][j], session_id[i], pk_ptr[j], 3) == 1);
CHECK(secp256k1_frost_share_gen(vrfy, vss_commitment[i], &share[i][j], session_id[i], pk_ptr[j], 3) == 1);
CHECK(secp256k1_frost_share_gen(vrfy, NULL, &share[i][j], session_id[i], pk_ptr[j], 3) == 1);
CHECK(secp256k1_frost_share_gen(vrfy, vss_commitment[i], NULL, session_id[i], pk_ptr[j], 3) == 0);
CHECK(ecount == (i*30)+(j*6)+1);
CHECK(secp256k1_frost_share_gen(vrfy, vss_commitment[i], &share[i][j], NULL, pk_ptr[j], 3) == 0);
CHECK(ecount == (i*30)+(j*6)+2);
CHECK(frost_memcmp_and_randomize(share[i][j].data, zeros68, sizeof(share[i][j].data)) == 0);
CHECK(secp256k1_frost_share_gen(vrfy, vss_commitment[i], &share[i][j], session_id[i], &keypair[i], NULL, 3) == 0);
CHECK(ecount == (i*35)+(j*7)+4);
CHECK(secp256k1_frost_share_gen(vrfy, vss_commitment[i], &share[i][j], session_id[i], NULL, 3) == 0);
CHECK(ecount == (i*30)+(j*6)+3);
CHECK(frost_memcmp_and_randomize(share[i][j].data, zeros68, sizeof(share[i][j].data)) == 0);
CHECK(secp256k1_frost_share_gen(vrfy, vss_commitment[i], &share[i][j], session_id[i], &keypair[i], &invalid_pk, 3) == 0);
CHECK(ecount == (i*35)+(j*7)+5);
CHECK(secp256k1_frost_share_gen(vrfy, vss_commitment[i], &share[i][j], session_id[i], &invalid_pk, 3) == 0);
CHECK(ecount == (i*30)+(j*6)+4);
CHECK(frost_memcmp_and_randomize(share[i][j].data, zeros68, sizeof(share[i][j].data)) == 0);
CHECK(secp256k1_frost_share_gen(vrfy, vss_commitment[i], &share[i][j], session_id[i], &keypair[i], pk_ptr[j], 0) == 0);
CHECK(ecount == (i*35)+(j*7)+6);
CHECK(secp256k1_frost_share_gen(vrfy, vss_commitment[i], &share[i][j], session_id[i], pk_ptr[j], 0) == 0);
CHECK(ecount == (i*30)+(j*6)+5);
CHECK(frost_memcmp_and_randomize(share[i][j].data, zeros68, sizeof(share[i][j].data)) == 0);
CHECK(secp256k1_frost_share_gen(vrfy, NULL, &share[i][j], session_id[i], &keypair[i], pk_ptr[j], 0) == 0);
CHECK(ecount == (i*35)+(j*7)+7);
CHECK(secp256k1_frost_share_gen(vrfy, NULL, &share[i][j], session_id[i], pk_ptr[j], 0) == 0);
CHECK(ecount == (i*30)+(j*6)+6);
CHECK(frost_memcmp_and_randomize(share[i][j].data, zeros68, sizeof(share[i][j].data)) == 0);

CHECK(secp256k1_frost_share_gen(none, vss_commitment[i], &share[i][j], session_id[i], &keypair[i], pk_ptr[j], 3) == 1);
CHECK(secp256k1_frost_share_gen(sign, vss_commitment[i], &share[i][j], session_id[i], &keypair[i], pk_ptr[j], 3) == 1);
CHECK(secp256k1_frost_share_gen(vrfy, vss_commitment[i], &share[i][j], session_id[i], &keypair[i], pk_ptr[j], 3) == 1);
CHECK(secp256k1_frost_share_gen(none, vss_commitment[i], &share[i][j], session_id[i], pk_ptr[j], 3) == 1);
CHECK(secp256k1_frost_share_gen(sign, vss_commitment[i], &share[i][j], session_id[i], pk_ptr[j], 3) == 1);
CHECK(secp256k1_frost_share_gen(vrfy, vss_commitment[i], &share[i][j], session_id[i], pk_ptr[j], 3) == 1);
}
}
CHECK(ecount == 175);
CHECK(ecount == 150);

/* Share aggregation */
ecount = 0;
@@ -894,7 +886,6 @@ void frost_tweak_test_helper(const secp256k1_xonly_pubkey* agg_pk, const secp256
* ordinary tweaking) and test signing. */
void frost_tweak_test(void) {
unsigned char sk[5][32];
secp256k1_keypair keypair[5];
secp256k1_xonly_pubkey pk[5];
const secp256k1_xonly_pubkey *pk_ptr[5];
secp256k1_pubkey pubshare[5];
@@ -919,14 +910,14 @@ void frost_tweak_test(void) {
vss_ptr[i] = vss_commitment[i];
share_ptr[i] = &share[i];

CHECK(frost_create_keypair_and_pk(&keypair[i], &pk[i], sk[i]));
CHECK(frost_create_pk(&pk[i], sk[i]));
}
/* Signer 1 */
CHECK(secp256k1_frost_share_gen(ctx, vss_commitment[0], &share[0], session_id[0], &keypair[0], pk_ptr[0], 3) == 1);
CHECK(secp256k1_frost_share_gen(ctx, vss_commitment[1], &share[1], session_id[1], &keypair[1], pk_ptr[0], 3) == 1);
CHECK(secp256k1_frost_share_gen(ctx, vss_commitment[2], &share[2], session_id[2], &keypair[2], pk_ptr[0], 3) == 1);
CHECK(secp256k1_frost_share_gen(ctx, vss_commitment[3], &share[3], session_id[3], &keypair[3], pk_ptr[0], 3) == 1);
CHECK(secp256k1_frost_share_gen(ctx, vss_commitment[4], &share[4], session_id[4], &keypair[4], pk_ptr[0], 3) == 1);
CHECK(secp256k1_frost_share_gen(ctx, vss_commitment[0], &share[0], session_id[0], pk_ptr[0], 3) == 1);
CHECK(secp256k1_frost_share_gen(ctx, vss_commitment[1], &share[1], session_id[1], pk_ptr[0], 3) == 1);
CHECK(secp256k1_frost_share_gen(ctx, vss_commitment[2], &share[2], session_id[2], pk_ptr[0], 3) == 1);
CHECK(secp256k1_frost_share_gen(ctx, vss_commitment[3], &share[3], session_id[3], pk_ptr[0], 3) == 1);
CHECK(secp256k1_frost_share_gen(ctx, vss_commitment[4], &share[4], session_id[4], pk_ptr[0], 3) == 1);
CHECK(secp256k1_frost_share_verify(ctx, 3, pk_ptr[0], share_ptr[0], &vss_ptr[0]) == 1);
CHECK(secp256k1_frost_share_verify(ctx, 3, pk_ptr[0], share_ptr[1], &vss_ptr[1]) == 1);
CHECK(secp256k1_frost_share_verify(ctx, 3, pk_ptr[0], share_ptr[2], &vss_ptr[2]) == 1);
@@ -935,11 +926,11 @@ void frost_tweak_test(void) {
CHECK(secp256k1_frost_share_agg(ctx, &agg_share[0], &P_xonly[0], vss_hash, share_ptr, vss_ptr, 5, 3, pk_ptr[0]) == 1);
CHECK(secp256k1_frost_compute_pubshare(ctx, &pubshare[0], 3, pk_ptr[0], vss_ptr, 5) == 1);
/* Signer 2 */
CHECK(secp256k1_frost_share_gen(ctx, NULL, &share[0], session_id[0], &keypair[0], pk_ptr[1], 3) == 1);
CHECK(secp256k1_frost_share_gen(ctx, NULL, &share[1], session_id[1], &keypair[1], pk_ptr[1], 3) == 1);
CHECK(secp256k1_frost_share_gen(ctx, NULL, &share[2], session_id[2], &keypair[2], pk_ptr[1], 3) == 1);
CHECK(secp256k1_frost_share_gen(ctx, NULL, &share[3], session_id[3], &keypair[3], pk_ptr[1], 3) == 1);
CHECK(secp256k1_frost_share_gen(ctx, NULL, &share[4], session_id[4], &keypair[4], pk_ptr[1], 3) == 1);
CHECK(secp256k1_frost_share_gen(ctx, NULL, &share[0], session_id[0], pk_ptr[1], 3) == 1);
CHECK(secp256k1_frost_share_gen(ctx, NULL, &share[1], session_id[1], pk_ptr[1], 3) == 1);
CHECK(secp256k1_frost_share_gen(ctx, NULL, &share[2], session_id[2], pk_ptr[1], 3) == 1);
CHECK(secp256k1_frost_share_gen(ctx, NULL, &share[3], session_id[3], pk_ptr[1], 3) == 1);
CHECK(secp256k1_frost_share_gen(ctx, NULL, &share[4], session_id[4], pk_ptr[1], 3) == 1);
CHECK(secp256k1_frost_share_verify(ctx, 3, pk_ptr[1], share_ptr[0], &vss_ptr[0]) == 1);
CHECK(secp256k1_frost_share_verify(ctx, 3, pk_ptr[1], share_ptr[1], &vss_ptr[1]) == 1);
CHECK(secp256k1_frost_share_verify(ctx, 3, pk_ptr[1], share_ptr[2], &vss_ptr[2]) == 1);
@@ -948,11 +939,11 @@ void frost_tweak_test(void) {
CHECK(secp256k1_frost_share_agg(ctx, &agg_share[1], &P_xonly[0], vss_hash, share_ptr, vss_ptr, 5, 3, pk_ptr[1]) == 1);
CHECK(secp256k1_frost_compute_pubshare(ctx, &pubshare[1], 3, pk_ptr[1], vss_ptr, 5) == 1);
/* Signer 3 */
CHECK(secp256k1_frost_share_gen(ctx, NULL, &share[0], session_id[0], &keypair[0], pk_ptr[2], 3) == 1);
CHECK(secp256k1_frost_share_gen(ctx, NULL, &share[1], session_id[1], &keypair[1], pk_ptr[2], 3) == 1);
CHECK(secp256k1_frost_share_gen(ctx, NULL, &share[2], session_id[2], &keypair[2], pk_ptr[2], 3) == 1);
CHECK(secp256k1_frost_share_gen(ctx, NULL, &share[3], session_id[3], &keypair[3], pk_ptr[2], 3) == 1);
CHECK(secp256k1_frost_share_gen(ctx, NULL, &share[4], session_id[4], &keypair[4], pk_ptr[2], 3) == 1);
CHECK(secp256k1_frost_share_gen(ctx, NULL, &share[0], session_id[0], pk_ptr[2], 3) == 1);
CHECK(secp256k1_frost_share_gen(ctx, NULL, &share[1], session_id[1], pk_ptr[2], 3) == 1);
CHECK(secp256k1_frost_share_gen(ctx, NULL, &share[2], session_id[2], pk_ptr[2], 3) == 1);
CHECK(secp256k1_frost_share_gen(ctx, NULL, &share[3], session_id[3], pk_ptr[2], 3) == 1);
CHECK(secp256k1_frost_share_gen(ctx, NULL, &share[4], session_id[4], pk_ptr[2], 3) == 1);
CHECK(secp256k1_frost_share_verify(ctx, 3, pk_ptr[2], share_ptr[0], &vss_ptr[0]) == 1);
CHECK(secp256k1_frost_share_verify(ctx, 3, pk_ptr[2], share_ptr[1], &vss_ptr[1]) == 1);
CHECK(secp256k1_frost_share_verify(ctx, 3, pk_ptr[2], share_ptr[2], &vss_ptr[2]) == 1);
@@ -998,7 +989,7 @@ void frost_tweak_test(void) {
}

/* Performs a FROST DKG */
void frost_dkg_test_helper(secp256k1_frost_share *agg_share, secp256k1_xonly_pubkey *agg_pk, const secp256k1_xonly_pubkey *pk, const secp256k1_keypair *keypair) {
void frost_dkg_test_helper(secp256k1_frost_share *agg_share, secp256k1_xonly_pubkey *agg_pk, const secp256k1_xonly_pubkey *pk) {
secp256k1_pubkey vss_commitment[5][3];
const secp256k1_pubkey *vss_ptr[5];
unsigned char vss_hash[32];
@@ -1013,7 +1004,7 @@ void frost_dkg_test_helper(secp256k1_frost_share *agg_share, secp256k1_xonly_pub
}
for (i = 0; i < 5; i++) {
for (j = 0; j < 5; j++) {
CHECK(secp256k1_frost_share_gen(ctx, vss_commitment[i], &share[i][j], session_id[i], &keypair[i], &pk[j], 3) == 1);
CHECK(secp256k1_frost_share_gen(ctx, vss_commitment[i], &share[i][j], session_id[i], &pk[j], 3) == 1);
}
}
for (i = 0; i < 5; i++) {
@@ -1075,8 +1066,6 @@ void frost_multi_hop_lock_tests(void) {
secp256k1_xonly_pubkey pk_b[5];
const secp256k1_xonly_pubkey *pk_ptr_a[5];
const secp256k1_xonly_pubkey *pk_ptr_b[5];
secp256k1_keypair keypair_a[5];
secp256k1_keypair keypair_b[5];
unsigned char sk_a[5][32];
unsigned char sk_b[5][32];
unsigned char asig_ab[64];
@@ -1101,18 +1090,18 @@ void frost_multi_hop_lock_tests(void) {
secp256k1_testrand256(sk_a[i]);
pk_ptr_a[i] = &pk_a[i];

CHECK(frost_create_keypair_and_pk(&keypair_a[i], &pk_a[i], sk_a[i]));
CHECK(frost_create_pk(&pk_a[i], sk_a[i]));
}
frost_dkg_test_helper(agg_share_a, &agg_pk_a, pk_a, keypair_a);
frost_dkg_test_helper(agg_share_a, &agg_pk_a, pk_a);

/* Bob DKG */
for (i = 0; i < 5; i++) {
secp256k1_testrand256(sk_b[i]);
pk_ptr_b[i] = &pk_b[i];

CHECK(frost_create_keypair_and_pk(&keypair_b[i], &pk_b[i], sk_b[i]));
CHECK(frost_create_pk(&pk_b[i], sk_b[i]));
}
frost_dkg_test_helper(agg_share_b, &agg_pk_b, pk_b, keypair_b);
frost_dkg_test_helper(agg_share_b, &agg_pk_b, pk_b);

/* Carol setup */
/* Proof of payment */