FROST (crypto)

Sep 27, 2022

https://github.com/lightningdevkit/rust-lightning/pull/138

Host: ariard  -  PR author: jesseposner

The PR branch HEAD was 6c1cf4e at the time of this review club meeting.

Notes

• libsecp256k1-zkp is a C cryptographic library for experimental EC cryptosystems, e.g ECDSA sign-to-contract, ECDSA adaptor, MuSig2 and range proofs.
• This library is an upstream fork of libsecp256k1. While libsecp256k1’s scope is strictly the cryptosystems required to validate consensus rules, libsecp256k1-zkp aims to encompass any Bitcoin-related cryptosystems.
• #138 is an implementation of Flexible Round-Optimized Schnorr Threshold Signatures, a threshold multi-party signature scheme.

Questions

1. What’s elliptic curve cryptography? What’s the base mathematical assumption providing hardness of the cryptosystems (e.g compared to [RSA](https://en.wikipedia.org/wiki/RSA_(cryptosystem)? What are the fundamental concepts of ECC and how do they interrelate?
2. What’s ECDSA, the original signature scheme supported by Bitcoin consensus rules? What’s Schnorr, the novel signature scheme soft-forked in 2021?
3. MuSig2 is another multi-party signature scheme. What’s the fundamental difference compared to FROST?
4. What are the properties of the FROST scheme (e.g unbound concurrency, efficiency, etc)?
5. What are the operations and their outcomes followed by FROST key-generation, preprocessing and signing phases?
6. What are the advantages of using FROST in a Lightning node deployment context?