@unlink-xyz/multisig 0.1.0

package/dist/src/frost/mock-coordinator.js

@@ -0,0 +1,288 @@
+/**
+ * In-memory mock of the frost HTTP server for tests.
+ *
+ * Implements the same state machine as `backend/frost/src/state.rs`
+ * without requiring a Rust toolchain.
+ */
+import { createServer, } from "node:http";
+// --- Helpers ---
+function readBody(req) {
+    return new Promise((resolve) => {
+        let data = "";
+        req.on("data", (chunk) => (data += chunk.toString()));
+        req.on("end", () => resolve(data));
+    });
+}
+function json(res, status, body) {
+    res.writeHead(status, { "Content-Type": "application/json" });
+    res.end(JSON.stringify(body));
+}
+function err(res, status, message) {
+    json(res, status, { error: message });
+}
+// --- Server ---
+export async function startMockCoordinator() {
+    const dkgSessions = new Map();
+    const signingSessions = new Map();
+    let codeCounter = 0;
+    const nextCode = () => `mock-${++codeCounter}`;
+    const server = createServer(async (req, res) => {
+        const method = req.method ?? "GET";
+        // Strip /frost prefix so the mock works with both direct and gateway-style URLs
+        const rawUrl = req.url ?? "/";
+        const url = rawUrl.startsWith("/frost")
+            ? rawUrl.slice("/frost".length) || "/"
+            : rawUrl;
+        // --- DKG ---
+        if (method === "POST" && url === "/dkg/groups") {
+            const { threshold, total_participants } = JSON.parse(await readBody(req));
+            if (!threshold || threshold > total_participants)
+                return err(res, 400, "threshold must be in [1, total_participants]");
+            if (total_participants < 2)
+                return err(res, 400, "total_participants must be >= 2");
+            const code = nextCode();
+            dkgSessions.set(code, {
+                threshold,
+                totalParticipants: total_participants,
+                nextIndex: 2,
+                round1Packages: [],
+                round1Indices: new Set(),
+                round2Packages: [],
+                round2Indices: new Set(),
+            });
+            return json(res, 201, { code, status: "waiting_for_round1" });
+        }
+        const dkgJoin = url.match(/^\/dkg\/groups\/([^/]+)\/join$/);
+        if (method === "POST" && dkgJoin) {
+            const s = dkgSessions.get(dkgJoin[1]);
+            if (!s)
+                return err(res, 404, "not found");
+            if (s.nextIndex > s.totalParticipants)
+                return err(res, 400, "group is full");
+            const idx = s.nextIndex++;
+            return json(res, 200, {
+                participant_index: idx,
+                threshold: s.threshold,
+                total_participants: s.totalParticipants,
+            });
+        }
+        const dkgR1 = url.match(/^\/dkg\/groups\/([^/]+)\/round1$/);
+        if (dkgR1) {
+            const s = dkgSessions.get(dkgR1[1]);
+            if (!s)
+                return err(res, 404, "not found");
+            if (method === "GET") {
+                return json(res, 200, {
+                    packages: s.round1Packages,
+                    complete: s.round1Packages.length === s.totalParticipants,
+                });
+            }
+            if (method === "POST") {
+                const { participant_index, data } = JSON.parse(await readBody(req));
+                if (s.round1Packages.length === s.totalParticipants)
+                    return err(res, 400, "not accepting round1 submissions");
+                if (s.round1Indices.has(participant_index))
+                    return err(res, 409, "duplicate submission");
+                s.round1Packages.push(data);
+                s.round1Indices.add(participant_index);
+                const status = s.round1Packages.length === s.totalParticipants
+                    ? "waiting_for_round2"
+                    : "waiting_for_round1";
+                return json(res, 200, { status });
+            }
+        }
+        const dkgR2 = url.match(/^\/dkg\/groups\/([^/]+)\/round2$/);
+        if (dkgR2) {
+            const s = dkgSessions.get(dkgR2[1]);
+            if (!s)
+                return err(res, 404, "not found");
+            if (method === "GET") {
+                return json(res, 200, {
+                    packages: s.round2Packages,
+                    complete: s.round2Packages.length === s.totalParticipants,
+                });
+            }
+            if (method === "POST") {
+                const { participant_index, data } = JSON.parse(await readBody(req));
+                if (s.round1Packages.length < s.totalParticipants)
+                    return err(res, 400, "not accepting round2 submissions");
+                if (s.round2Packages.length === s.totalParticipants)
+                    return err(res, 400, "round2 already complete");
+                if (s.round2Indices.has(participant_index))
+                    return err(res, 409, "duplicate submission");
+                s.round2Packages.push(data);
+                s.round2Indices.add(participant_index);
+                const status = s.round2Packages.length === s.totalParticipants
+                    ? "complete"
+                    : "waiting_for_round2";
+                return json(res, 200, { status });
+            }
+        }
+        const dkgStatus = url.match(/^\/dkg\/groups\/([^/]+)\/status$/);
+        if (method === "GET" && dkgStatus) {
+            const s = dkgSessions.get(dkgStatus[1]);
+            if (!s)
+                return err(res, 404, "not found");
+            let status = "waiting_for_round1";
+            if (s.round2Packages.length === s.totalParticipants)
+                status = "complete";
+            else if (s.round1Packages.length === s.totalParticipants)
+                status = "waiting_for_round2";
+            return json(res, 200, {
+                code: dkgStatus[1],
+                status,
+                threshold: s.threshold,
+                total_participants: s.totalParticipants,
+                round1_count: s.round1Packages.length,
+                round2_count: s.round2Packages.length,
+            });
+        }
+        // --- Signing ---
+        // GET /sign/sessions?group_id=X — list non-complete sessions
+        if (method === "GET" && url.startsWith("/sign/sessions")) {
+            const parsed = new URL(url, "http://localhost");
+            if (parsed.pathname === "/sign/sessions") {
+                const groupId = parsed.searchParams.get("group_id");
+                if (!groupId)
+                    return err(res, 400, "group_id query parameter is required");
+                const sessions = [];
+                for (const [code, s] of signingSessions) {
+                    const complete = s.shares.length === s.participants.length;
+                    if (complete)
+                        continue;
+                    if (s.groupId !== groupId)
+                        continue;
+                    let status = "waiting_for_commitments";
+                    if (s.commitments.length === s.participants.length)
+                        status = "waiting_for_shares";
+                    sessions.push({
+                        code,
+                        status,
+                        participants: s.participants,
+                        message: s.message,
+                        group_id: s.groupId ?? null,
+                    });
+                }
+                return json(res, 200, { sessions });
+            }
+        }
+        // GET /sign/sessions/:code — get session detail (before /commitments and /shares matching)
+        const sigDetail = url.match(/^\/sign\/sessions\/([^/]+)$/);
+        if (method === "GET" && sigDetail) {
+            const s = signingSessions.get(sigDetail[1]);
+            if (!s)
+                return err(res, 404, "not found");
+            let status = "waiting_for_commitments";
+            if (s.shares.length === s.participants.length)
+                status = "complete";
+            else if (s.commitments.length === s.participants.length)
+                status = "waiting_for_shares";
+            return json(res, 200, {
+                code: sigDetail[1],
+                status,
+                participants: s.participants,
+                message: s.message,
+                group_id: s.groupId ?? null,
+            });
+        }
+        if (method === "POST" && url === "/sign/sessions") {
+            const { participants, message, group_id } = JSON.parse(await readBody(req));
+            if (!Array.isArray(participants) || participants.length < 2)
+                return err(res, 400, "need at least 2 participants");
+            if (participants.includes(0))
+                return err(res, 400, "participant index must be >= 1");
+            const code = nextCode();
+            signingSessions.set(code, {
+                participants,
+                message,
+                groupId: group_id ?? undefined,
+                commitments: [],
+                commitmentIndices: new Set(),
+                shares: [],
+                shareIndices: new Set(),
+            });
+            return json(res, 201, { code, status: "waiting_for_commitments" });
+        }
+        const sigCommit = url.match(/^\/sign\/sessions\/([^/]+)\/commitments$/);
+        if (sigCommit) {
+            const s = signingSessions.get(sigCommit[1]);
+            if (!s)
+                return err(res, 404, "not found");
+            if (method === "GET") {
+                return json(res, 200, {
+                    packages: s.commitments,
+                    complete: s.commitments.length === s.participants.length,
+                });
+            }
+            if (method === "POST") {
+                const { participant_index, data } = JSON.parse(await readBody(req));
+                if (s.commitments.length === s.participants.length)
+                    return err(res, 400, "not accepting commitments");
+                if (s.commitmentIndices.has(participant_index))
+                    return err(res, 409, "duplicate submission");
+                s.commitments.push(data);
+                s.commitmentIndices.add(participant_index);
+                const status = s.commitments.length === s.participants.length
+                    ? "waiting_for_shares"
+                    : "waiting_for_commitments";
+                return json(res, 200, { status });
+            }
+        }
+        const sigShare = url.match(/^\/sign\/sessions\/([^/]+)\/shares$/);
+        if (sigShare) {
+            const s = signingSessions.get(sigShare[1]);
+            if (!s)
+                return err(res, 404, "not found");
+            if (method === "GET") {
+                return json(res, 200, {
+                    packages: s.shares,
+                    complete: s.shares.length === s.participants.length,
+                });
+            }
+            if (method === "POST") {
+                const { participant_index, data } = JSON.parse(await readBody(req));
+                if (s.commitments.length < s.participants.length)
+                    return err(res, 400, "not accepting shares");
+                if (s.shares.length === s.participants.length)
+                    return err(res, 400, "shares already complete");
+                if (s.shareIndices.has(participant_index))
+                    return err(res, 409, "duplicate submission");
+                s.shares.push(data);
+                s.shareIndices.add(participant_index);
+                const status = s.shares.length === s.participants.length
+                    ? "complete"
+                    : "waiting_for_shares";
+                return json(res, 200, { status });
+            }
+        }
+        const sigStatus = url.match(/^\/sign\/sessions\/([^/]+)\/status$/);
+        if (method === "GET" && sigStatus) {
+            const s = signingSessions.get(sigStatus[1]);
+            if (!s)
+                return err(res, 404, "not found");
+            let status = "waiting_for_commitments";
+            if (s.shares.length === s.participants.length)
+                status = "complete";
+            else if (s.commitments.length === s.participants.length)
+                status = "waiting_for_shares";
+            return json(res, 200, {
+                code: sigStatus[1],
+                status,
+                expected_participants: s.participants.length,
+                commitment_count: s.commitments.length,
+                share_count: s.shares.length,
+                message: s.message,
+            });
+        }
+        err(res, 404, "not found");
+    });
+    return new Promise((resolve) => {
+        server.listen(0, "127.0.0.1", () => {
+            const addr = server.address();
+            resolve({
+                url: `http://127.0.0.1:${addr.port}`,
+                close: () => new Promise((r) => server.close(() => r())),
+            });
+        });
+    });
+}

package/dist/src/frost/serialization.d.ts

@@ -0,0 +1,86 @@
+/**
+ * Serialization for FROST types over HTTP/JSON.
+ *
+ * Convention (per RFC 9591, ciphersuite-specific):
+ * - bigint -> "0x..." hex string (EVM convention)
+ * - Point -> ["0x...", "0x..."]
+ * - Uint8Array -> base64 string
+ */
+import { type Point } from "./curve.js";
+import type { DkgRound1Package, DkgRound2Package, FrostConfig, MultisigAccount, SignatureShare, SigningCommitment } from "./types.js";
+export declare function serializeBigint(n: bigint): string;
+export declare function deserializeBigint(s: string): bigint;
+export declare function serializePoint(p: Point): [string, string];
+export declare function deserializePoint(arr: [string, string]): Point;
+export declare function serializeBytes(bytes: Uint8Array): string;
+export declare function deserializeBytes(b64: string): Uint8Array;
+type SerializedSchnorrProof = {
+    commitment: [string, string];
+    response: string;
+};
+type SerializedEncryptedShare = {
+    fromIndex: number;
+    toIndex: number;
+    ciphertext: string;
+    nonce: string;
+};
+type SerializedDkgRound1Package = {
+    participantIndex: number;
+    coefficientCommitments: [string, string][];
+    proof: SerializedSchnorrProof;
+};
+type SerializedEncryptedViewingKey = {
+    toIndex: number;
+    ciphertext: string;
+    nonce: string;
+};
+type SerializedDkgRound2Package = {
+    participantIndex: number;
+    encryptedShares: SerializedEncryptedShare[];
+    encryptedViewingKeys?: SerializedEncryptedViewingKey[];
+};
+type SerializedSigningCommitment = {
+    participantIndex: number;
+    hiding: [string, string];
+    binding: [string, string];
+};
+type SerializedSignatureShare = {
+    participantIndex: number;
+    share: string;
+};
+export declare function serializeDkgRound1Package(pkg: DkgRound1Package): SerializedDkgRound1Package;
+export declare function deserializeDkgRound1Package(data: SerializedDkgRound1Package): DkgRound1Package;
+export declare function serializeDkgRound2Package(pkg: DkgRound2Package): SerializedDkgRound2Package;
+export declare function deserializeDkgRound2Package(data: SerializedDkgRound2Package): DkgRound2Package;
+export declare function serializeSigningCommitment(c: SigningCommitment): SerializedSigningCommitment;
+export declare function deserializeSigningCommitment(data: SerializedSigningCommitment): SigningCommitment;
+export declare function serializeSignatureShare(s: SignatureShare): SerializedSignatureShare;
+export declare function deserializeSignatureShare(data: SerializedSignatureShare): SignatureShare;
+export declare const MULTISIG_ACCOUNT_VERSION = 1;
+type SerializedKeyShare = {
+    participantIndex: number;
+    secretShare: string;
+    verificationShare: [string, string];
+};
+type SerializedViewingKeyPair = {
+    privateKey: string;
+    pubkey: string;
+};
+export type SerializedMultisigAccount = {
+    version: typeof MULTISIG_ACCOUNT_VERSION;
+    groupId: string;
+    config: FrostConfig;
+    participantIndex: number;
+    keyShare: SerializedKeyShare;
+    groupPublicKey: [string, string];
+    coefficientCommitments: [number, [string, string][]][];
+    viewingKeyPair: SerializedViewingKeyPair;
+    nullifyingKey: string;
+    masterPublicKey: string;
+    gatewayUrl: string;
+    address: string;
+};
+export declare function serializeMultisigAccount(account: MultisigAccount): SerializedMultisigAccount;
+export declare function deserializeMultisigAccount(data: SerializedMultisigAccount): MultisigAccount;
+export {};
+//# sourceMappingURL=serialization.d.ts.map

package/dist/src/frost/serialization.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"serialization.d.ts","sourceRoot":"","sources":["../../../src/frost/serialization.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAc,KAAK,KAAK,EAAE,MAAM,YAAY,CAAC;AACpD,OAAO,KAAK,EACV,gBAAgB,EAChB,gBAAgB,EAGhB,WAAW,EACX,eAAe,EAEf,cAAc,EACd,iBAAiB,EAClB,MAAM,YAAY,CAAC;AAIpB,wBAAgB,eAAe,CAAC,CAAC,EAAE,MAAM,GAAG,MAAM,CAEjD;AAED,wBAAgB,iBAAiB,CAAC,CAAC,EAAE,MAAM,GAAG,MAAM,CAGnD;AAED,wBAAgB,cAAc,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAEzD;AAED,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,KAAK,CAS7D;AAED,wBAAgB,cAAc,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAOxD;AAED,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAOxD;AAID,KAAK,sBAAsB,GAAG;IAC5B,UAAU,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,QAAQ,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,KAAK,wBAAwB,GAAG;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF,KAAK,0BAA0B,GAAG;IAChC,gBAAgB,EAAE,MAAM,CAAC;IACzB,sBAAsB,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC;IAC3C,KAAK,EAAE,sBAAsB,CAAC;CAC/B,CAAC;AAEF,KAAK,6BAA6B,GAAG;IACnC,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF,KAAK,0BAA0B,GAAG;IAChC,gBAAgB,EAAE,MAAM,CAAC;IACzB,eAAe,EAAE,wBAAwB,EAAE,CAAC;IAC5C,oBAAoB,CAAC,EAAE,6BAA6B,EAAE,CAAC;CACxD,CAAC;AAEF,KAAK,2BAA2B,GAAG;IACjC,gBAAgB,EAAE,MAAM,CAAC;IACzB,MAAM,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACzB,OAAO,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC3B,CAAC;AAEF,KAAK,wBAAwB,GAAG;IAC9B,gBAAgB,EAAE,MAAM,CAAC;IACzB,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAIF,wBAAgB,yBAAyB,CACvC,GAAG,EAAE,gBAAgB,GACpB,0BAA0B,CAS5B;AAED,wBAAgB,2BAA2B,CACzC,IAAI,EAAE,0BAA0B,GAC/B,gBAAgB,CASlB;AAID,wBAAgB,yBAAyB,CACvC,GAAG,EAAE,gBAAgB,GACpB,0BAA0B,CAsB5B;AAED,wBAAgB,2BAA2B,CACzC,IAAI,EAAE,0BAA0B,GAC/B,gBAAgB,CAsBlB;AAID,wBAAgB,0BAA0B,CACxC,CAAC,EAAE,iBAAiB,GACnB,2BAA2B,CAM7B;AAED,wBAAgB,4BAA4B,CAC1C,IAAI,EAAE,2BAA2B,GAChC,iBAAiB,CAMnB;AAID,wBAAgB,uBAAuB,CACrC,CAAC,EAAE,cAAc,GAChB,wBAAwB,CAK1B;AAED,wBAAgB,yBAAyB,CACvC,IAAI,EAAE,wBAAwB,GAC7B,cAAc,CAKhB;AAID,eAAO,MAAM,wBAAwB,IAAI,CAAC;AAE1C,KAAK,kBAAkB,GAAG;IACxB,gBAAgB,EAAE,MAAM,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,iBAAiB,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACrC,CAAC;AAEF,KAAK,wBAAwB,GAAG;IAC9B,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,MAAM,MAAM,yBAAyB,GAAG;IACtC,OAAO,EAAE,OAAO,wBAAwB,CAAC;IACzC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,WAAW,CAAC;IACpB,gBAAgB,EAAE,MAAM,CAAC;IACzB,QAAQ,EAAE,kBAAkB,CAAC;IAC7B,cAAc,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,sBAAsB,EAAE,CAAC,MAAM,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC;IACvD,cAAc,EAAE,wBAAwB,CAAC;IACzC,aAAa,EAAE,MAAM,CAAC;IACtB,eAAe,EAAE,MAAM,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,wBAAgB,wBAAwB,CACtC,OAAO,EAAE,eAAe,GACvB,yBAAyB,CA2B3B;AAED,wBAAgB,0BAA0B,CACxC,IAAI,EAAE,yBAAyB,GAC9B,eAAe,CA8BjB"}

package/dist/src/frost/serialization.js

@@ -0,0 +1,193 @@
+/**
+ * Serialization for FROST types over HTTP/JSON.
+ *
+ * Convention (per RFC 9591, ciphersuite-specific):
+ * - bigint -> "0x..." hex string (EVM convention)
+ * - Point -> ["0x...", "0x..."]
+ * - Uint8Array -> base64 string
+ */
+import { babyjubjub } from "./curve.js";
+// === Primitives ===
+export function serializeBigint(n) {
+    return "0x" + n.toString(16);
+}
+export function deserializeBigint(s) {
+    if (!s.startsWith("0x"))
+        throw new Error(`expected hex string, got: ${s}`);
+    return BigInt(s);
+}
+export function serializePoint(p) {
+    return [serializeBigint(p[0]), serializeBigint(p[1])];
+}
+export function deserializePoint(arr) {
+    const p = [deserializeBigint(arr[0]), deserializeBigint(arr[1])];
+    if (!babyjubjub.isOnCurve(p)) {
+        throw new Error("deserialized point is not on the curve");
+    }
+    if (babyjubjub.isIdentity(p)) {
+        throw new Error("deserialized point is the identity");
+    }
+    return p;
+}
+export function serializeBytes(bytes) {
+    // Use btoa-compatible approach that works in Node and browser
+    let binary = "";
+    for (let i = 0; i < bytes.length; i++) {
+        binary += String.fromCharCode(bytes[i]);
+    }
+    return btoa(binary);
+}
+export function deserializeBytes(b64) {
+    const binary = atob(b64);
+    const bytes = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++) {
+        bytes[i] = binary.charCodeAt(i);
+    }
+    return bytes;
+}
+// DkgRound1Package
+export function serializeDkgRound1Package(pkg) {
+    return {
+        participantIndex: pkg.participantIndex,
+        coefficientCommitments: pkg.coefficientCommitments.map(serializePoint),
+        proof: {
+            commitment: serializePoint(pkg.proof.commitment),
+            response: serializeBigint(pkg.proof.response),
+        },
+    };
+}
+export function deserializeDkgRound1Package(data) {
+    return {
+        participantIndex: data.participantIndex,
+        coefficientCommitments: data.coefficientCommitments.map(deserializePoint),
+        proof: {
+            commitment: deserializePoint(data.proof.commitment),
+            response: deserializeBigint(data.proof.response),
+        },
+    };
+}
+// DkgRound2Package
+export function serializeDkgRound2Package(pkg) {
+    const result = {
+        participantIndex: pkg.participantIndex,
+        encryptedShares: pkg.encryptedShares.map((s) => ({
+            fromIndex: s.fromIndex,
+            toIndex: s.toIndex,
+            ciphertext: serializeBytes(s.ciphertext),
+            nonce: serializeBytes(s.nonce),
+        })),
+    };
+    if (pkg.encryptedViewingKeys) {
+        result.encryptedViewingKeys = pkg.encryptedViewingKeys.map((k) => ({
+            toIndex: k.toIndex,
+            ciphertext: serializeBytes(k.ciphertext),
+            nonce: serializeBytes(k.nonce),
+        }));
+    }
+    return result;
+}
+export function deserializeDkgRound2Package(data) {
+    const result = {
+        participantIndex: data.participantIndex,
+        encryptedShares: data.encryptedShares.map((s) => ({
+            fromIndex: s.fromIndex,
+            toIndex: s.toIndex,
+            ciphertext: deserializeBytes(s.ciphertext),
+            nonce: deserializeBytes(s.nonce),
+        })),
+    };
+    if (data.encryptedViewingKeys) {
+        result.encryptedViewingKeys = data.encryptedViewingKeys.map((k) => ({
+            toIndex: k.toIndex,
+            ciphertext: deserializeBytes(k.ciphertext),
+            nonce: deserializeBytes(k.nonce),
+        }));
+    }
+    return result;
+}
+// SigningCommitment
+export function serializeSigningCommitment(c) {
+    return {
+        participantIndex: c.participantIndex,
+        hiding: serializePoint(c.hiding),
+        binding: serializePoint(c.binding),
+    };
+}
+export function deserializeSigningCommitment(data) {
+    return {
+        participantIndex: data.participantIndex,
+        hiding: deserializePoint(data.hiding),
+        binding: deserializePoint(data.binding),
+    };
+}
+// SignatureShare
+export function serializeSignatureShare(s) {
+    return {
+        participantIndex: s.participantIndex,
+        share: serializeBigint(s.share),
+    };
+}
+export function deserializeSignatureShare(data) {
+    return {
+        participantIndex: data.participantIndex,
+        share: deserializeBigint(data.share),
+    };
+}
+// MultisigAccount
+export const MULTISIG_ACCOUNT_VERSION = 1;
+export function serializeMultisigAccount(account) {
+    const coeffEntries = [];
+    for (const [idx, points] of account.coefficientCommitments) {
+        coeffEntries.push([idx, points.map(serializePoint)]);
+    }
+    return {
+        version: MULTISIG_ACCOUNT_VERSION,
+        groupId: account.groupId,
+        config: account.config,
+        participantIndex: account.participantIndex,
+        keyShare: {
+            participantIndex: account.keyShare.participantIndex,
+            secretShare: serializeBigint(account.keyShare.secretShare),
+            verificationShare: serializePoint(account.keyShare.verificationShare),
+        },
+        groupPublicKey: serializePoint(account.groupPublicKey),
+        coefficientCommitments: coeffEntries,
+        viewingKeyPair: {
+            privateKey: serializeBytes(account.viewingKeyPair.privateKey),
+            pubkey: serializeBytes(account.viewingKeyPair.pubkey),
+        },
+        nullifyingKey: serializeBigint(account.nullifyingKey),
+        masterPublicKey: serializeBigint(account.masterPublicKey),
+        gatewayUrl: account.gatewayUrl,
+        address: account.address,
+    };
+}
+export function deserializeMultisigAccount(data) {
+    if (data.version !== MULTISIG_ACCOUNT_VERSION) {
+        throw new Error(`unsupported multisig account version ${data.version}`);
+    }
+    const coefficientCommitments = new Map();
+    for (const [idx, serializedPoints] of data.coefficientCommitments) {
+        coefficientCommitments.set(idx, serializedPoints.map(deserializePoint));
+    }
+    return {
+        groupId: data.groupId,
+        config: data.config,
+        participantIndex: data.participantIndex,
+        keyShare: {
+            participantIndex: data.keyShare.participantIndex,
+            secretShare: deserializeBigint(data.keyShare.secretShare),
+            verificationShare: deserializePoint(data.keyShare.verificationShare),
+        },
+        groupPublicKey: deserializePoint(data.groupPublicKey),
+        coefficientCommitments,
+        viewingKeyPair: {
+            privateKey: deserializeBytes(data.viewingKeyPair.privateKey),
+            pubkey: deserializeBytes(data.viewingKeyPair.pubkey),
+        },
+        nullifyingKey: deserializeBigint(data.nullifyingKey),
+        masterPublicKey: deserializeBigint(data.masterPublicKey),
+        gatewayUrl: data.gatewayUrl,
+        address: data.address,
+    };
+}

package/dist/src/frost/signing.d.ts

@@ -0,0 +1,64 @@
+/**
+ * Generalized m-of-n FROST signing protocol.
+ *
+ * Reimplements core signing from poc.ts with:
+ * - Any m-of-n threshold support
+ * - Mandatory per-share verification (for ROAST compatibility)
+ * - Nonce reuse protection
+ *
+ * References:
+ * - RFC 9591: https://datatracker.ietf.org/doc/html/rfc9591
+ * - FROST Paper: https://eprint.iacr.org/2020/852.pdf
+ */
+import { type Point } from "./curve.js";
+import type { FrostSignature, GroupPublicKey, KeyShare, SignatureShare, SigningCommitment, SigningNonces } from "./types.js";
+/**
+ * Compute Lagrange coefficient for participant i at x=0.
+ *
+ * lambda_i = product_{j in participants, j != i} (0 - j) / (i - j)
+ */
+export declare function lagrangeCoefficient(participantIndex: number, allParticipants: number[]): bigint;
+/**
+ * Round 1: Generate nonces and commitments.
+ * Caller MUST store nonces securely and never reuse them.
+ */
+export declare function generateCommitment(participantIndex: number): {
+    nonces: SigningNonces;
+    commitment: SigningCommitment;
+};
+/**
+ * Compute binding factor for a participant.
+ * rho_i = H(i || message || encoded_commitments)
+ */
+export declare function computeBindingFactor(participantIndex: number, message: bigint, commitments: SigningCommitment[]): bigint;
+/**
+ * Compute the group commitment R from all participants' commitments.
+ * R = sum(D_i + rho_i * E_i) for all participants
+ */
+export declare function computeGroupCommitment(commitments: SigningCommitment[], bindingFactors: Map<number, bigint>): Point;
+/**
+ * Round 2: Generate signature share.
+ * z_i = d_i + rho_i * e_i + 8 * c * lambda_i * s_i
+ *
+ * Nonces are zeroed after use to prevent reuse.
+ */
+export declare function generateSignatureShare(keyShare: KeyShare, nonces: SigningNonces, message: bigint, commitments: SigningCommitment[], groupPublicKey: GroupPublicKey): SignatureShare;
+/**
+ * Verify a single signature share before aggregation.
+ * z_i * G == D_i + rho_i * E_i + 8 * c * lambda_i * V_i
+ */
+export declare function verifySignatureShare(share: SignatureShare, commitment: SigningCommitment, verificationShare: Point, message: bigint, allCommitments: SigningCommitment[], groupPublicKey: GroupPublicKey): boolean;
+/**
+ * Aggregate signature shares into final FROST signature.
+ * Optionally verifies each share before aggregation.
+ */
+export declare function aggregateSignatures(commitments: SigningCommitment[], shares: SignatureShare[], message: bigint, options?: {
+    verificationShares?: Map<number, Point>;
+    groupPublicKey?: GroupPublicKey;
+}): FrostSignature;
+/**
+ * Verify a FROST signature.
+ * S * G == R + 8 * c * Y
+ */
+export declare function verifyFrostSignature(signature: FrostSignature, message: bigint, groupPublicKey: GroupPublicKey): boolean;
+//# sourceMappingURL=signing.d.ts.map

package/dist/src/frost/signing.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"signing.d.ts","sourceRoot":"","sources":["../../../src/frost/signing.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH,OAAO,EAOL,KAAK,KAAK,EACX,MAAM,YAAY,CAAC;AACpB,OAAO,KAAK,EACV,cAAc,EACd,cAAc,EACd,QAAQ,EACR,cAAc,EACd,iBAAiB,EACjB,aAAa,EACd,MAAM,YAAY,CAAC;AAEpB;;;;GAIG;AACH,wBAAgB,mBAAmB,CACjC,gBAAgB,EAAE,MAAM,EACxB,eAAe,EAAE,MAAM,EAAE,GACxB,MAAM,CAgBR;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,gBAAgB,EAAE,MAAM,GAAG;IAC5D,MAAM,EAAE,aAAa,CAAC;IACtB,UAAU,EAAE,iBAAiB,CAAC;CAC/B,CAkBA;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAClC,gBAAgB,EAAE,MAAM,EACxB,OAAO,EAAE,MAAM,EACf,WAAW,EAAE,iBAAiB,EAAE,GAC/B,MAAM,CA0BR;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CACpC,WAAW,EAAE,iBAAiB,EAAE,EAChC,cAAc,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GAClC,KAAK,CAWP;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CACpC,QAAQ,EAAE,QAAQ,EAClB,MAAM,EAAE,aAAa,EACrB,OAAO,EAAE,MAAM,EACf,WAAW,EAAE,iBAAiB,EAAE,EAChC,cAAc,EAAE,cAAc,GAC7B,cAAc,CAiDhB;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAClC,KAAK,EAAE,cAAc,EACrB,UAAU,EAAE,iBAAiB,EAC7B,iBAAiB,EAAE,KAAK,EACxB,OAAO,EAAE,MAAM,EACf,cAAc,EAAE,iBAAiB,EAAE,EACnC,cAAc,EAAE,cAAc,GAC7B,OAAO,CA6CT;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CACjC,WAAW,EAAE,iBAAiB,EAAE,EAChC,MAAM,EAAE,cAAc,EAAE,EACxB,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE;IACR,kBAAkB,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IACxC,cAAc,CAAC,EAAE,cAAc,CAAC;CACjC,GACA,cAAc,CA0DhB;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAClC,SAAS,EAAE,cAAc,EACzB,OAAO,EAAE,MAAM,EACf,cAAc,EAAE,cAAc,GAC7B,OAAO,CAiBT"}