Skip to content

WIP: Implement COCKTAIL-DKG#1032

Draft
conradoplg wants to merge 29 commits intomainfrom
cocktail-dkg
Draft

WIP: Implement COCKTAIL-DKG#1032
conradoplg wants to merge 29 commits intomainfrom
cocktail-dkg

Conversation

@conradoplg
Copy link
Copy Markdown
Contributor

@conradoplg conradoplg commented Mar 26, 2026

This is an implementation of the COCKTAIL-DKG protocol as specified in this PR (test vectors).

While doing this I gathered feedback which was posted in C2SP.

This is blocked on that feedback being considered.

We should also eventually add more thorough testing.

In this PR I experimented with using Claude Code. The base implementation was done by it and some of the adjustments/refactors too. It did a pretty decent job but got some very straightforward things wrong (e.g. not using xaes-gcm where needed). I reviewed everything. I tried to preserve the history in the commits (each prompt generated a separate commit, but some of the commits were done manually; I didn't explicitly indicated which is which)

conradoplg added 29 commits March 13, 2026 18:27
@conradoplg
cocktail-dkg: first pass
1c1a31c
@conradoplg
correctly handle any hash size
075b36d
@conradoplg
allow computing extension from payloads
c43086a
@conradoplg
fix test vector test
000e357
@conradoplg
use JSON test vector
7c181b0
@conradoplg
readd separate pop sign/verify; check more values from vectors
114727d
@conradoplg
support recovery
496796b
@conradoplg
test all vectors; simplify recovery()
54abee8
@conradoplg
manual docs cleanup
569d970
@conradoplg
use get() for slices
2a6f690
@conradoplg
clippy fixes
04a3835
@conradoplg
inline element_to_bytes()
bf46628
@conradoplg
rename ParsedTranscript to Transcript, move functions to serialize me…
7c2e0c8 
…thods
@conradoplg
support all ciphersuites
602410d
@conradoplg
make test vector test generic
6a63c0c
@conradoplg
partial xaes-256-gcm support added
43561fe
@conradoplg
finished xaes usage; taproot test vector not passing due to tweak add…
684e718 
…ition
@conradoplg
added missing files
9f42c38
@conradoplg
clippy fixes
dd63723
@conradoplg
refactor CounterDrng into frost-core
cacee64
@conradoplg
fixed taproot test by applying post_dkg() to vectors
84a75c3
@conradoplg
move tests to a separate file
4b94ae3
@conradoplg
gate cocktail-dkg under feature
647d19a
@conradoplg
remove spec file
4424ac6
@conradoplg
also move cocktail-dkg ciphersuite tests to separate file; to be comp…
84e99f8 
…atible with gencode
@conradoplg
gencode
e0778ed
@conradoplg
cargo fmt
a97b03c
@conradoplg
add cocktail_dkg.rs to gencode
a9041a9
@conradoplg
cleaned up docs
eb57118
github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 26, 2026
View reviewed changes
frost-core/src/keys/cocktail_dkg.rs
h6: &[u8],
) -> Result<([u8; 32], [u8; 24]), Error<C>> {
let mut key = [0u8; 32];
let mut nonce = [0u8; 24];

Check failure

Code scanning / CodeQL

Hard-coded cryptographic value Critical

This hard-coded value is used as
a nonce
Loading
.
This hard-coded value is used as
a nonce
Loading
.
This hard-coded value is used as
a nonce
Loading
.

Copilot Autofix

AI 17 days ago

Copilot could not generate an autofix suggestion

Copilot could not generate an autofix suggestion for this alert. Try pushing a new commit or if the problem persists contact support.

This was referenced Mar 30, 2026
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@conradoplg @github-advanced-security