We have released FROST v3.0.0-rc.0. The main changes in this release have been changing the cheater detection feature to allow specifying as a function parameter instead of a compile-time feature, a big refactor of the repair share and refresh share functionality, improving our test coverage for serialisation and async, and some significant improvements to our documentation.
Feature Configuration Changes
The cheater-detection feature was removed to simplify the feature matrix and reduce maintenance burden. Since most users want cheater detection enabled, it is now the default behavior. For users who explicitly need to disable it (e.g., for performance in trusted environments), a new aggregate_custom() function was added that accepts a CheaterDetection argument. The std and nightly features have also been removed since the crates are now no-std by default (with the exception of frost-ed448) and the nightly feature was never used.
Key Refresh and Repairable Module Improvements
The refresh module was simplified to improve usability: compute_refreshing_shares() no longer takes min_signers and max_signers arguments since these values can be inferred from the PublicKeyPackage. This prevents errors from mismatched parameters and makes the API harder to misuse.
The repairable module also underwent some refactoring to improve readability. Functions were renamed from repair_share_step_X() to repair_share_partX() for consistency with DKG naming. New Delta and Sigma types replace raw Scalar values, preventing accidental misuse, and these functions now return a KeyPackage instead of SecretShare, which is more useful since SecretShares do not need to be stored long-term.
To improve security, ZeroizeOnDrop was implemented for SigningNonces, ensuring that sensitive nonce material is automatically zeroed from memory when it goes out of scope.
Enhancements
We added pre_commitment_aggregate() and pre_commitment_sign() hooks to the Ciphersuite trait as well as Ciphersuite::post_generate() to allow ciphersuit specific customization.
A min_signers argument was added to PublicKeyPackage::new() (wrapped in Option for backwards compatibility) to ensure threshold information is preserved with the public key package. The frost-rerandomized crate is now re-exported in ciphersuite crates, making it easier to use rerandomized signing without additional imports.
The InvalidSignatureShare::culprit field was changed to culprits (now a Vec), and Error::culprit() was similarly renamed to culprits(), allowing multiple misbehaving participants to be identified in a single aggregation attempt. The Ciphersuite, Scalar, and Element traits now require Send and Sync bounds to enable safe use in async contexts. The serialization traits (SignatureSerialization, Field::Serialization, Element::Serialization) were simplified to no longer require TryFrom<Vec<u8>>; instead they must implement AsMut<[u8]> and TryFrom<&[u8]>, which avoids unnecessary allocator usage and enables encryption of DKG round 2 data without allocation.
frost-rerandomized Crate
The cheater-detection feature was also removed from this crate with the same behavior changes as frost-core.
The frost-rerandomized crate received a revamped API motivated by Zcash integration requirements. The previous approach generated randomizers in a way that depended on a single party’s randomness whereas the new API ensures all signing parties contribute to the randomness, improving security.
New functions include RandomizedParams created for generating a randomizer based on signing commitments and fresh random data, and for recreating the same randomizer from a stored seed.
Documentation Improvements
Documentation was expanded to clarify security requirements: authenticated and confidential channels are needed for DKG (to prevent man-in-the-middle attacks during key generation), but only authenticated channels are needed for signing. Warnings about secp256k1 usage were added to help users understand the security considerations.
A network topologies documentation section was added explaining the different ways FROST participants can be organized. A FROST Server section and zcash-devtool demo section have also been added.
There are lots of breaking changes, so please do have a look at the frost-core Changelog as well as the frost-rerandomized Changelog for more details before upgrading.
Many thanks to @conradoplg, @natalieesk, @mpguerra, @StackOverflowExcept1on, @VolodymyrBg, @crStiv, @azuchi and @kwsantiago for their contributions.
Thanks for reading!