From 3392167809b28b5f2fd4029ca3bd1cbef24890bf Mon Sep 17 00:00:00 2001
From: Lucas Meier <lucas@cronokirby.com>
Date: Tue, 14 Nov 2023 02:24:24 -0800
Subject: [PATCH] Add commitments to decaf377-frost protos

---
 ...penumbra.crypto.decaf377_frost.v1alpha1.rs |  16 +++++++++++++
 .../proto/src/gen/proto_descriptor.bin.no_lfs | Bin 354851 -> 355690 bytes
 .../v1alpha1/decaf377_frost.pb.go             |  22 +++++++++++++++---
 .../v1alpha1/decaf377_frost.proto             |  16 +++++++++++++
 4 files changed, 51 insertions(+), 3 deletions(-)

diff --git a/crates/proto/src/gen/penumbra.crypto.decaf377_frost.v1alpha1.rs b/crates/proto/src/gen/penumbra.crypto.decaf377_frost.v1alpha1.rs
index 9cafe4d71a..4e21ddd79f 100644
--- a/crates/proto/src/gen/penumbra.crypto.decaf377_frost.v1alpha1.rs
+++ b/crates/proto/src/gen/penumbra.crypto.decaf377_frost.v1alpha1.rs
@@ -1,46 +1,62 @@
+/// A commitment to a polynomial, as a list of group elements.
 #[allow(clippy::derive_partial_eq_without_eq)]
 #[derive(Clone, PartialEq, ::prost::Message)]
 pub struct VerifiableSecretSharingCommitment {
+    /// Each of these bytes should be the serialization of a group element.
     #[prost(bytes = "vec", repeated, tag = "1")]
     pub elements: ::prost::alloc::vec::Vec<::prost::alloc::vec::Vec<u8>>,
 }
+/// The public package sent in round 1 of the DKG protocol.
 #[allow(clippy::derive_partial_eq_without_eq)]
 #[derive(Clone, PartialEq, ::prost::Message)]
 pub struct DkgRound1Package {
+    /// A commitment to the polynomial for secret sharing.
     #[prost(message, optional, tag = "1")]
     pub commitment: ::core::option::Option<VerifiableSecretSharingCommitment>,
+    /// A proof of knowledge of the underlying secret being shared.
     #[prost(bytes = "vec", tag = "2")]
     pub proof_of_knowledge: ::prost::alloc::vec::Vec<u8>,
 }
+/// A share of the final signing key.
 #[allow(clippy::derive_partial_eq_without_eq)]
 #[derive(Clone, PartialEq, ::prost::Message)]
 pub struct SigningShare {
+    /// These bytes should be a valid scalar.
     #[prost(bytes = "vec", tag = "1")]
     pub scalar: ::prost::alloc::vec::Vec<u8>,
 }
+/// The per-participant package sent in round 2 of the DKG protocol.
 #[allow(clippy::derive_partial_eq_without_eq)]
 #[derive(Clone, PartialEq, ::prost::Message)]
 pub struct DkgRound2Package {
+    /// This is the share we're sending to that participant.
     #[prost(message, optional, tag = "1")]
     pub signing_share: ::core::option::Option<SigningShare>,
 }
+/// Represents a commitment to a nonce value.
 #[allow(clippy::derive_partial_eq_without_eq)]
 #[derive(Clone, PartialEq, ::prost::Message)]
 pub struct NonceCommitment {
+    /// These bytes should be a valid group element.
     #[prost(bytes = "vec", tag = "1")]
     pub element: ::prost::alloc::vec::Vec<u8>,
 }
+/// Represents the commitments to nonces needed for signing.
 #[allow(clippy::derive_partial_eq_without_eq)]
 #[derive(Clone, PartialEq, ::prost::Message)]
 pub struct SigningCommitments {
+    /// One nonce to hide them.
     #[prost(message, optional, tag = "1")]
     pub hiding: ::core::option::Option<NonceCommitment>,
+    /// Another to bind them.
     #[prost(message, optional, tag = "2")]
     pub binding: ::core::option::Option<NonceCommitment>,
 }
+/// A share of the final signature. These get aggregated to make the actual thing.
 #[allow(clippy::derive_partial_eq_without_eq)]
 #[derive(Clone, PartialEq, ::prost::Message)]
 pub struct SignatureShare {
+    /// These bytes should be a valid scalar.
     #[prost(bytes = "vec", tag = "1")]
     pub scalar: ::prost::alloc::vec::Vec<u8>,
 }
diff --git a/crates/proto/src/gen/proto_descriptor.bin.no_lfs b/crates/proto/src/gen/proto_descriptor.bin.no_lfs
index 6212b548ba39384b60d23bb914aa4af7dadff740..6e927fa7424e537ec887817a383ab2bb53e4e925 100644
GIT binary patch
delta 1561
zcmb7E&u`R581;<3i8~=Iak4<X37IWFR!f`R01*|?9s&dqmD&n%>}A%T>{{{KmOWdP
zUR<O|aO(w?KY%}=7bN})#Dx<VPF#BLoj103Ll6kD+RL*&@4fGR-#5=*H~xFm_-mi+
z)92>PxAY(9#jCfbWq$Mc2%B*%!`OH#{v}KK2D`(kWjI#Nu!;L4-{M|88U<=3BgIwB
z1yAB|FN#Nj2*2kd!-Fu$6pwfKAdSZfm!Z_(W?hD#X&J;ZYj%g-W0qx5!!c*+DR-N1
z3vZ~;sG-ax@9!y@@oX56^U&vgsUP!9rqBrf6e@@#{jE5x0D&W{rb#W$Iz=_0xnq-e
zke^*xo*)xwWtDBCMB-R;#xdev;rAhyjQe5W@#MDfcEv!8que0kC@J#!g~}?w`SWd_
zq_K*<IIIdJP?)n%vMm%ybb<5qlDqlz;s2zOA4J7>;uNG_Di!J!X%G!6|2Q+F51lSN
z0)cP-Om~9dc>cmgcDG>1t2$kCe?nK_0+Haq8^sSo>BDmwCx>B~hI>%RCyIRuROm{7
zDoYSloz7N5x{SK*P7q}4tEX5GK~cwAG>#MZG*q?qsnAXkiI8W(Akyr+a<58+f@;xT
zVw*WkQyoczF1l@<^Pygstrq+bblK;bCqj`{?r;k38kIXBP&VwNg*za)Yb-eI7q~MW
zYuQ*K?)9>bGF?wZssb-aM3gI@e6pVxCs}=>pC+W1(a#$&Z))>R+Hx<0J;*rz#bg#K
zJdkZ<fkE+g`B)7#6k2eiuDW?SlVCxIo3ykK1chdOr6>jn#WdGA`vJvRj<sfdOWg1H
zJ(;9P3wwmI|9AtVIP#>9Z7i$EG0o<heS%$sX-k`K(IvN=e<AWi3tJ_R(@4HmB@YDV
zmR&E*0>Ny{S!B0hw&qx8jq}94`k`4J&(v-X_sFHNoAF3WU;5=DlrvMAuR-E0M(-TV
z*R=UIU3HiFuaPW|YK~#x7q`NwvWf4IX`3z-#(==lc1}(ZY_^*#IXhEO;#~)~&I!I1
z#W0v^!hV3g1~?!jAnZ&D^*(f*^5Upb0>Tb1j^9x?Zp(FJgSfwaejkJyr?SiQ`^Cf$
zu=8RtNaa8%1OV}o*e&lk;i)lpNDVPURT?u8Ubm04O<14NY4pB!d2k9X?9thBn*l-D
VtF{LSwe%i6d1t<O^3M8u|2>;pPrCpB

delta 731
zcmX|<J#yPH5JrK;f`LGr3Re;(k&>uP(x}NK_K9*5rqE2vls<qD;KnnqbAXH+S8?Ii
zlT-M^pF2M8w{La<{QtMQeOmoI>oeV(zc2JyKRmt|HnTt0SHemiZ+_hA<@C*aPppJl
zRT|%hl@`P9<ZF+Aq{LV{_zQ0Xa3EjEg6fZj&}Q3hAp_d&qg)F+RVTSd%DGLHYse=v
zqwClMss!}85R$VmUkkxE`+k-CQ1Ue9lExUGJ`@Ty*B3&Y-yh-_Bz&pnX$(T@(k*>G
zVMz*0HnfO60Qj2h10mVCrqtkTT8Ta*+^R+L8Km00mI*qcPq77nt%Q;QgrLlKrDi7J
zc#J+4Ua58RF=8vXj_Y#pb+n8<0F2k=@jwW6ZeD5_uaia8S>dhPC7nfTi$e)lYJ;w)
zeQdE)oUf-gVf6K~DFk0X>~bF@Lw*XDG}ap4+rqUDk}e-Lv<><4@zxINn8v7(I=C+C
isxZb#r*!HdtTpDfKuC`H)Iso#zn)*s!}BZuKEDAF6)jl+

diff --git a/proto/go/gen/penumbra/crypto/decaf377_frost/v1alpha1/decaf377_frost.pb.go b/proto/go/gen/penumbra/crypto/decaf377_frost/v1alpha1/decaf377_frost.pb.go
index a39b3e7d84..7fd91635ca 100644
--- a/proto/go/gen/penumbra/crypto/decaf377_frost/v1alpha1/decaf377_frost.pb.go
+++ b/proto/go/gen/penumbra/crypto/decaf377_frost/v1alpha1/decaf377_frost.pb.go
@@ -20,11 +20,13 @@ const (
 	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
 )
 
+// A commitment to a polynomial, as a list of group elements.
 type VerifiableSecretSharingCommitment struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
+	// Each of these bytes should be the serialization of a group element.
 	Elements [][]byte `protobuf:"bytes,1,rep,name=elements,proto3" json:"elements,omitempty"`
 }
 
@@ -67,13 +69,16 @@ func (x *VerifiableSecretSharingCommitment) GetElements() [][]byte {
 	return nil
 }
 
+// The public package sent in round 1 of the DKG protocol.
 type DKGRound1Package struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	Commitment       *VerifiableSecretSharingCommitment `protobuf:"bytes,1,opt,name=commitment,proto3" json:"commitment,omitempty"`
-	ProofOfKnowledge []byte                             `protobuf:"bytes,2,opt,name=proof_of_knowledge,json=proofOfKnowledge,proto3" json:"proof_of_knowledge,omitempty"`
+	// A commitment to the polynomial for secret sharing.
+	Commitment *VerifiableSecretSharingCommitment `protobuf:"bytes,1,opt,name=commitment,proto3" json:"commitment,omitempty"`
+	// A proof of knowledge of the underlying secret being shared.
+	ProofOfKnowledge []byte `protobuf:"bytes,2,opt,name=proof_of_knowledge,json=proofOfKnowledge,proto3" json:"proof_of_knowledge,omitempty"`
 }
 
 func (x *DKGRound1Package) Reset() {
@@ -122,11 +127,13 @@ func (x *DKGRound1Package) GetProofOfKnowledge() []byte {
 	return nil
 }
 
+// A share of the final signing key.
 type SigningShare struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
+	// These bytes should be a valid scalar.
 	Scalar []byte `protobuf:"bytes,1,opt,name=scalar,proto3" json:"scalar,omitempty"`
 }
 
@@ -169,11 +176,13 @@ func (x *SigningShare) GetScalar() []byte {
 	return nil
 }
 
+// The per-participant package sent in round 2 of the DKG protocol.
 type DKGRound2Package struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
+	// This is the share we're sending to that participant.
 	SigningShare *SigningShare `protobuf:"bytes,1,opt,name=signing_share,json=signingShare,proto3" json:"signing_share,omitempty"`
 }
 
@@ -216,11 +225,13 @@ func (x *DKGRound2Package) GetSigningShare() *SigningShare {
 	return nil
 }
 
+// Represents a commitment to a nonce value.
 type NonceCommitment struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
+	// These bytes should be a valid group element.
 	Element []byte `protobuf:"bytes,1,opt,name=element,proto3" json:"element,omitempty"`
 }
 
@@ -263,12 +274,15 @@ func (x *NonceCommitment) GetElement() []byte {
 	return nil
 }
 
+// Represents the commitments to nonces needed for signing.
 type SigningCommitments struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	Hiding  *NonceCommitment `protobuf:"bytes,1,opt,name=hiding,proto3" json:"hiding,omitempty"`
+	// One nonce to hide them.
+	Hiding *NonceCommitment `protobuf:"bytes,1,opt,name=hiding,proto3" json:"hiding,omitempty"`
+	// Another to bind them.
 	Binding *NonceCommitment `protobuf:"bytes,2,opt,name=binding,proto3" json:"binding,omitempty"`
 }
 
@@ -318,11 +332,13 @@ func (x *SigningCommitments) GetBinding() *NonceCommitment {
 	return nil
 }
 
+// A share of the final signature. These get aggregated to make the actual thing.
 type SignatureShare struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
+	// These bytes should be a valid scalar.
 	Scalar []byte `protobuf:"bytes,1,opt,name=scalar,proto3" json:"scalar,omitempty"`
 }
 
diff --git a/proto/penumbra/penumbra/crypto/decaf377_frost/v1alpha1/decaf377_frost.proto b/proto/penumbra/penumbra/crypto/decaf377_frost/v1alpha1/decaf377_frost.proto
index 888f034fa7..35efa19fa6 100644
--- a/proto/penumbra/penumbra/crypto/decaf377_frost/v1alpha1/decaf377_frost.proto
+++ b/proto/penumbra/penumbra/crypto/decaf377_frost/v1alpha1/decaf377_frost.proto
@@ -2,33 +2,49 @@ syntax = "proto3";
 
 package penumbra.crypto.decaf377_frost.v1alpha1;
 
+// A commitment to a polynomial, as a list of group elements.
 message VerifiableSecretSharingCommitment {
+  // Each of these bytes should be the serialization of a group element.
   repeated bytes elements = 1; 
 }
 
+// The public package sent in round 1 of the DKG protocol.
 message DKGRound1Package {
+  // A commitment to the polynomial for secret sharing.
   VerifiableSecretSharingCommitment commitment = 1; 
+  // A proof of knowledge of the underlying secret being shared.
   bytes proof_of_knowledge = 2;
 }
 
+// A share of the final signing key.
 message SigningShare {
+  // These bytes should be a valid scalar.
   bytes scalar = 1;
 }
 
+// The per-participant package sent in round 2 of the DKG protocol.
 message DKGRound2Package {
+  // This is the share we're sending to that participant.
   SigningShare signing_share = 1;
 }
 
+// Represents a commitment to a nonce value.
 message NonceCommitment {
+  // These bytes should be a valid group element.
   bytes element = 1;
 }
 
+// Represents the commitments to nonces needed for signing.
 message SigningCommitments {
+  // One nonce to hide them.
   NonceCommitment hiding = 1;
+  // Another to bind them.
   NonceCommitment binding = 2;
 }
 
+// A share of the final signature. These get aggregated to make the actual thing.
 message SignatureShare {
+  // These bytes should be a valid scalar.
   bytes scalar = 1;
 }