Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

merge queue: embarking main (2d88edf) and #753 together #759

Closed
wants to merge 2 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 18 additions & 3 deletions book/src/frost.md
Original file line number Diff line number Diff line change
Expand Up @@ -78,12 +78,12 @@ be able to produce the final signature. Of course, the Coordinator
is still free to start the process with only 2 participants if they wish.
```

## Verifying
## Verifying Signatures

Signature verification is carried out as normal with single-party signatures,
along with the signed message and the group verifying key as inputs.

## Repairing
## Repairing Shares

Repairing shares allow participants to help another participant recover their
share if they have lost it, or also issue a new share to a new participant
Expand All @@ -97,7 +97,7 @@ The functionality works in such a way that each participant running the repair
share function is not able to obtain the share that is being recovered or
issued.

## Refreshing
## Refreshing Shares

Refreshing shares allow participants (or a subset of them) to update their
shares in a way that maintains the same group public key. Some applications are:
Expand All @@ -117,6 +117,21 @@ This is also possible via Distributed Key Generation but this has not yet been
implemented.
```

```admonish danger
It is critically important to keep in mind that the **Refresh Shares
functionality does not "restore full security" to a group**. While the group
evolves and participants are removed and new participants are added, the
security of the group does not depend only on the threshold of the current
participants being honest, but also **on the threshold of all previous set of
participants being honest**! For example, if Alice, Mallory and Eve form a group
and Mallory is eventually excluded from the group and replaced with Bob, it is
not enough to trust 2 out of 3 between Alice, Bob and Eve. **You also need to
trust that Mallory won't collude with, say, Eve which could have kept her
original pre-refresh share and they could both together recompute the original
key and compromise the group.** If that's a unnaceptable risk to your use case,
you will need to migrate to a new group if that makes sense to your application.
```

## Ciphersuites

FROST is a generic protocol that works with any adequate prime-order group,
Expand Down
6 changes: 6 additions & 0 deletions book/src/tutorial/refreshing-shares.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,3 +32,9 @@ Applications should first ensure that all participants who refreshed their
`KeyPackages`. How this is done is up to the application; it might require
sucessfully generating a signature with all of those participants.
```

```admonish danger
Refreshing Shares may be not enough to address security concerns
after a share has been compromised. Refer to to the [Understanding
FROST](../frost.md#refreshing-shares) section.
```
Loading