Add DKG support

[conradoplg]

Implements DKG per the FROST paper.

This required adding a new hash function to the Ciphersuite. I named it HDKG instead of H6 to avoid future collisions. I also made it optional by returning an Option, so that ciphersuites can return None if they don't need the DKG, and making returning None the default implementation so that ciphersuites don't even need to implement it if not needed.

I'm not super happy with the struct names, suggestions are welcome. Though I think that using "Round1/2" in them makes it a bit clearer for users than trying to come up with semantic names.

Based on #112

Closes #35 , #63

[conradoplg]

@dconnolly I rebased and solved conflicts. I reproduced the issue you found, it was caused by a mistake in generate_secret_shares. My intention was for it to prepend the secret to the coefficient vector and return it, matching the spec. But it was returning the original vector, which caused problems when rebasing it here due to the refactorings.

I changed generate_secret_shares to return the full vector in 418500a, and that allowed me to simplify evaluate_polynomial in cb657a9

[codecov-commenter]

Codecov Report

Base: 83.54% // Head: 86.48% // Increases project coverage by +2.94% 🎉

Coverage data is based on head (fea60bb) compared to base (be43c4a).
Patch coverage: 96.39% of modified lines in pull request are covered.

❗ Current head fea60bb differs from pull request most recent head ae7145d. Consider uploading reports for the commit ae7145d to get more accurate results

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #129      +/-   ##
==========================================
+ Coverage   83.54%   86.48%   +2.94%     
==========================================
  Files          17       18       +1     
  Lines        1392     1769     +377     
==========================================
+ Hits         1163     1530     +367     
- Misses        229      239      +10     

Impacted Files	Coverage Δ
frost-core/src/lib.rs	72.97% <0.00%> (-6.44%)	⬇️
frost-core/src/frost/keys.rs	80.81% <92.15%> (+1.04%)	⬆️
frost-core/src/frost/keys/dkg.rs	96.63% <96.63%> (ø)
frost-core/src/tests.rs	99.55% <99.25%> (-0.45%)	⬇️
frost-p256/src/lib.rs	73.46% <100.00%> (+1.20%)	⬆️
frost-ristretto255/src/lib.rs	74.32% <100.00%> (+2.47%)	⬆️
frost-core/src/error.rs	100.00% <0.00%> (+100.00%)	⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

[upbqdn]

The PR looks very good. I tried to thoroughly check if the implementation matches the spec and the paper. I just have a few very minor suggestions.

Note that running

cargo d --document-private-items

produces two warnings about unresolved links.

[conradoplg]

The PR looks very good. I tried to thoroughly check if the implementation matches the spec and the paper. I just have a few very minor suggestions.

Note that running

cargo d --document-private-items

produces two warnings about unresolved links.

Thanks, great suggestions! I also fixed the warnings.