[−][src]Trait schnorrkel::context::SigningTranscript
Schnorr signing transcript
We envision signatures being on messages, but if a signature occurs inside a larger protocol then the signature scheme's internal transcript may exist before or persist after signing.
In this trait, we provide an interface for Schnorr signature-like
constructions that is compatable with merlin::Transcript
, but
abstract enough to support conventional hash functions as well.
We warn however that conventional hash functions do not provide
strong enough domain seperation for usage via &mut
references.
We fold randomness into witness generation here too, which
gives every function that takes a SigningTranscript
a default
argument rng: impl Rng = thread_rng()
too.
We also abstract over owned and borrowed merlin::Transcript
s,
so that simple use cases do not suffer from our support for.
Required methods
fn commit_bytes(&mut self, label: &'static [u8], bytes: &[u8])
Extend transcript with some bytes, shadowed by merlin::Transcript
.
fn challenge_bytes(&mut self, label: &'static [u8], dest: &mut [u8])
Produce some challenge bytes, shadowed by merlin::Transcript
.
fn witness_bytes_rng<R>(
&self,
label: &'static [u8],
dest: &mut [u8],
nonce_seeds: &[&[u8]],
rng: R
) where
R: RngCore + CryptoRng,
&self,
label: &'static [u8],
dest: &mut [u8],
nonce_seeds: &[&[u8]],
rng: R
) where
R: RngCore + CryptoRng,
Produce secret witness bytes from the protocol transcript and any "nonce seeds" kept with the secret keys.
Provided methods
fn proto_name(&mut self, label: &'static [u8])
Extend transcript with a protocol name
fn commit_point(
&mut self,
label: &'static [u8],
compressed: &CompressedRistretto
)
&mut self,
label: &'static [u8],
compressed: &CompressedRistretto
)
Extend the transcript with a compressed Ristretto point
fn challenge_scalar(&mut self, label: &'static [u8]) -> Scalar
Produce the public challenge scalar e
.
fn witness_scalar(&self, label: &'static [u8], nonce_seeds: &[&[u8]]) -> Scalar
Produce a secret witness scalar k
, aka nonce, from the protocol
transcript and any "nonce seeds" kept with the secret keys.
fn witness_bytes(
&self,
label: &'static [u8],
dest: &mut [u8],
nonce_seeds: &[&[u8]]
)
&self,
label: &'static [u8],
dest: &mut [u8],
nonce_seeds: &[&[u8]]
)
Produce secret witness bytes from the protocol transcript and any "nonce seeds" kept with the secret keys.
Implementations on Foreign Types
impl<T: ?Sized, '_> SigningTranscript for &'_ mut T where
T: SigningTranscript,
[src]
T: SigningTranscript,
We delegates any mutable reference to its base type, like &mut Rng
or similar to BorrowMut<..>
do, but doing so here simplifies
alternative implementations.
fn commit_bytes(&mut self, label: &'static [u8], bytes: &[u8])
[src]
fn proto_name(&mut self, label: &'static [u8])
[src]
fn commit_point(
&mut self,
label: &'static [u8],
compressed: &CompressedRistretto
)
[src]
&mut self,
label: &'static [u8],
compressed: &CompressedRistretto
)
fn challenge_bytes(&mut self, label: &'static [u8], dest: &mut [u8])
[src]
fn challenge_scalar(&mut self, label: &'static [u8]) -> Scalar
[src]
fn witness_scalar(&self, label: &'static [u8], nonce_seeds: &[&[u8]]) -> Scalar
[src]
fn witness_bytes(
&self,
label: &'static [u8],
dest: &mut [u8],
nonce_seeds: &[&[u8]]
)
[src]
&self,
label: &'static [u8],
dest: &mut [u8],
nonce_seeds: &[&[u8]]
)
fn witness_bytes_rng<R>(
&self,
label: &'static [u8],
dest: &mut [u8],
nonce_seeds: &[&[u8]],
rng: R
) where
R: RngCore + CryptoRng,
[src]
&self,
label: &'static [u8],
dest: &mut [u8],
nonce_seeds: &[&[u8]],
rng: R
) where
R: RngCore + CryptoRng,
impl SigningTranscript for Transcript
[src]
We delegate SigningTranscript
methods to the corresponding
inherent methods of merlin::Transcript
and implement two
witness methods to avoid abrtasting the merlin::TranscriptRng
machenry.
fn commit_bytes(&mut self, label: &'static [u8], bytes: &[u8])
[src]
fn challenge_bytes(&mut self, label: &'static [u8], dest: &mut [u8])
[src]
fn witness_bytes_rng<R>(
&self,
label: &'static [u8],
dest: &mut [u8],
nonce_seeds: &[&[u8]],
rng: R
) where
R: RngCore + CryptoRng,
[src]
&self,
label: &'static [u8],
dest: &mut [u8],
nonce_seeds: &[&[u8]],
rng: R
) where
R: RngCore + CryptoRng,
Implementors
impl<H> SigningTranscript for XoFTranscript<H> where
H: Input + ExtendableOutput + Clone,
[src]
H: Input + ExtendableOutput + Clone,
fn commit_bytes(&mut self, label: &'static [u8], bytes: &[u8])
[src]
fn challenge_bytes(&mut self, label: &'static [u8], dest: &mut [u8])
[src]
fn witness_bytes_rng<R>(
&self,
label: &'static [u8],
dest: &mut [u8],
nonce_seeds: &[&[u8]],
rng: R
) where
R: RngCore + CryptoRng,
[src]
&self,
label: &'static [u8],
dest: &mut [u8],
nonce_seeds: &[&[u8]],
rng: R
) where
R: RngCore + CryptoRng,
impl<T, R> SigningTranscript for SigningTranscriptWithRng<T, R> where
T: SigningTranscript,
R: RngCore + CryptoRng,
[src]
T: SigningTranscript,
R: RngCore + CryptoRng,
fn commit_bytes(&mut self, label: &'static [u8], bytes: &[u8])
[src]
fn challenge_bytes(&mut self, label: &'static [u8], dest: &mut [u8])
[src]
fn witness_bytes(
&self,
label: &'static [u8],
dest: &mut [u8],
nonce_seeds: &[&[u8]]
)
[src]
&self,
label: &'static [u8],
dest: &mut [u8],
nonce_seeds: &[&[u8]]
)
fn witness_bytes_rng<RR>(
&self,
label: &'static [u8],
dest: &mut [u8],
nonce_seeds: &[&[u8]],
rng: RR
) where
RR: RngCore + CryptoRng,
[src]
&self,
label: &'static [u8],
dest: &mut [u8],
nonce_seeds: &[&[u8]],
rng: RR
) where
RR: RngCore + CryptoRng,