We have just released FROST v3.0.0-rc.0. The main changes in this release have been changing the cheater detection feature to allow specifying as a function parameter instead of a compile-time feature, a big refactor of the repair share and refresh share functionality, improving our test coverage for serialisation and async, and some significant improvements to our documentation.
Feature Configuration Changes
The `cheater-detection` feature was removed to simplify the feature matrix and reduce maintenance burden. Since most users want cheater detection enabled, it is now the default behavior. For users who explicitly need to disable it (e.g., for performance in trusted environments), a new `aggregate_custom()` function was added that accepts a `CheaterDetection` argument. The `std` and `nightly` features have also been removed since the crates are now no-std by default (with the exception of frost-ed448) and the nightly feature was never used.
Key Refresh and Repairable Module Improvements
The `refresh` module was simplified to improve usability: `compute_refreshing_shares()` no longer takes `min_signers` and `max_signers` arguments since these values can be inferred from the `PublicKeyPackage`. This prevents errors from mismatched parameters and makes the API harder to misuse.
The `repairable` module also underwent some refactoring to improve readability. Functions were renamed from `repair_share_step_X()` to `repair_share_partX()` for consistency with DKG naming. New `Delta` and `Sigma` types replace raw `Scalar` values, preventing accidental misuse, and these functions now return a `KeyPackage` instead of `SecretShare`, which is more useful since `SecretShare`s do not need to be stored long-term.
To improve security, `ZeroizeOnDrop` was implemented for `SigningNonces`, ensuring that sensitive nonce material is automatically zeroed from memory when it goes out of scope.
Enhancements
We added `pre_commitment_aggregate()` and `pre_commitment_sign()` hooks to the `Ciphersuite` trait as well as `Ciphersuite::post_generate()` to allow ciphersuit specific customization.
A `min_signers` argument was added to `PublicKeyPackage::new()` (wrapped in `Option` for backwards compatibility) to ensure threshold information is preserved with the public key package. The `frost-rerandomized` crate is now re-exported in ciphersuite crates, making it easier to use rerandomized signing without additional imports.
The `InvalidSignatureShare::culprit` field was changed to `culprits` (now a `Vec`), and `Error::culprit()` was similarly renamed to `culprits()`, allowing multiple misbehaving participants to be identified in a single aggregation attempt. The `Ciphersuite`, `Scalar`, and `Element` traits now require `Send` and `Sync` bounds to enable safe use in async contexts. The serialization traits (`SignatureSerialization`, `Field::Serialization`, `Element::Serialization`) were simplified to no longer require `TryFrom
frost-rerandomized Crate
The `cheater-detection` feature was also removed from this crate with the same behavior changes as frost-core.
The frost-rerandomized crate received a revamped API motivated by Zcash integration requirements. The previous approach generated randomizers in a way that depended on a single party’s randomness whereas the new API ensures all signing parties contribute to the randomness, improving security.
New functions include `RandomizedParams` created for generating a randomizer based on signing commitments and fresh random data, and for recreating the same randomizer from a stored seed.
Documentation Improvements
Documentation was expanded to clarify security requirements: authenticated and confidential channels are needed for DKG (to prevent man-in-the-middle attacks during key generation), but only authenticated channels are needed for signing. Warnings about secp256k1 usage were added to help users understand the security considerations.
A network topologies documentation section was added explaining the different ways FROST participants can be organized. A FROST Server section and zcash-devtool demo section have also been added.
There are lots of breaking changes, so please do have a look at the frost-core Changelog as well as the frost-rerandomized Changelog for more details before upgrading.
Many thanks to @conradoplg, @natalieesk, @mpguerra, @StackOverflowExcept1on, @VolodymyrBg, @crStiv, @azuchi and @kwsantiago for their contributions.
Thanks for reading!
