Verify attestations to threshold aggregate public key

arminsabouri · arminsabouri · commit 9a8133d19468 · 2025-03-27T16:47:52.000-04:00
diff --git a/frost-secp256k1-tr/src/keys/dkg.rs b/frost-secp256k1-tr/src/keys/dkg.rs
@@ -139,3 +139,26 @@ pub fn attest_to_key_package<R: RngCore + CryptoRng>(key_package: KeyPackage, mu
 
     Ok(signature)
 }
+
+
+/// Verify a n signatures over the aggregate threshold key package
+pub fn verify_round3_attestations(public_key_package: &PublicKeyPackage, attestations: &BTreeMap<Identifier, Signature>) -> Result<(), Error> {
+    assert!(attestations.len() == public_key_package.verifying_shares().len());
+    // sort both maps by identifier
+
+    let vpk = public_key_package.verifying_key();
+    let G = <Secp256K1Sha256TR as Ciphersuite>::Group::generator();
+    // TODO: figure out ordering of keys in public_key_package and signatures
+    for (identifier, vs) in public_key_package.verifying_shares().iter() {
+        let signature = attestations.get(identifier).ok_or(Error::InvalidSignature)?;
+        let R = signature.R();
+        let z = signature.z();
+        let challenge = challenge_key_package(identifier, &vpk, vs, &R)?;
+        // Schnorr verification
+        if *R != G * z - vs.to_element() * challenge.to_scalar() {
+            return Err(Error::InvalidSignature);
+        }
+    }
+
+    Ok(())
+}
diff --git a/frost-secp256k1-tr/tests/round3_attestations.rs b/frost-secp256k1-tr/tests/round3_attestations.rs
@@ -17,17 +17,14 @@ fn sign_key_package() -> Result<(), Box<dyn Error>> {
         &mut rng,
     )?;
     let mut key_packages: BTreeMap<_, _> = BTreeMap::new();
+    let mut signatures: BTreeMap<_, _> = BTreeMap::new();
     for (identifier, secret_share) in shares {
         let key_package = frost::keys::KeyPackage::try_from(secret_share)?;
-        key_packages.insert(identifier, key_package);
+        key_packages.insert(identifier, key_package.clone());
+        let signature = frost::keys::dkg::attest_to_key_package(key_package, &mut rng)?;
+        signatures.insert(identifier, signature);
     }
 
-    let identifier = key_packages.keys().next().unwrap();
-    let key_package = key_packages.get(identifier).unwrap().clone();
-    let signature = frost::keys::dkg::attest_to_key_package(key_package, &mut rng)?;
-
-    println!("Signature: {:?}", signature);
-    // TODO verify signature
-
+    frost::keys::dkg::verify_round3_attestations(&pubkey_package, &signatures)?;
     Ok(())
 }
