[][src]Trait schnorrkel::context::SigningTranscript

pub trait SigningTranscript {
    fn commit_bytes(&mut self, label: &'static [u8], bytes: &[u8]);
fn challenge_bytes(&mut self, label: &'static [u8], dest: &mut [u8]);
fn witness_bytes_rng<R>(
        &self,
        label: &'static [u8],
        dest: &mut [u8],
        nonce_seeds: &[&[u8]],
        rng: R
    )
    where
        R: RngCore + CryptoRng
; fn proto_name(&mut self, label: &'static [u8]) { ... }
fn commit_point(
        &mut self,
        label: &'static [u8],
        compressed: &CompressedRistretto
    ) { ... }
fn challenge_scalar(&mut self, label: &'static [u8]) -> Scalar { ... }
fn witness_scalar(
        &self,
        label: &'static [u8],
        nonce_seeds: &[&[u8]]
    ) -> Scalar { ... }
fn witness_bytes(
        &self,
        label: &'static [u8],
        dest: &mut [u8],
        nonce_seeds: &[&[u8]]
    ) { ... } }

Schnorr signing transcript

We envision signatures being on messages, but if a signature occurs inside a larger protocol then the signature scheme's internal transcript may exist before or persist after signing.

In this trait, we provide an interface for Schnorr signature-like constructions that is compatable with merlin::Transcript, but abstract enough to support conventional hash functions as well.

We warn however that conventional hash functions do not provide strong enough domain seperation for usage via &mut references.

We fold randomness into witness generation here too, which gives every function that takes a SigningTranscript a default argument rng: impl Rng = thread_rng() too.

We also abstract over owned and borrowed merlin::Transcripts, so that simple use cases do not suffer from our support for.

Required methods

fn commit_bytes(&mut self, label: &'static [u8], bytes: &[u8])

Extend transcript with some bytes, shadowed by merlin::Transcript.

fn challenge_bytes(&mut self, label: &'static [u8], dest: &mut [u8])

Produce some challenge bytes, shadowed by merlin::Transcript.

fn witness_bytes_rng<R>(
    &self,
    label: &'static [u8],
    dest: &mut [u8],
    nonce_seeds: &[&[u8]],
    rng: R
) where
    R: RngCore + CryptoRng

Produce secret witness bytes from the protocol transcript and any "nonce seeds" kept with the secret keys.

Loading content...

Provided methods

fn proto_name(&mut self, label: &'static [u8])

Extend transcript with a protocol name

fn commit_point(
    &mut self,
    label: &'static [u8],
    compressed: &CompressedRistretto
)

Extend the transcript with a compressed Ristretto point

fn challenge_scalar(&mut self, label: &'static [u8]) -> Scalar

Produce the public challenge scalar e.

fn witness_scalar(&self, label: &'static [u8], nonce_seeds: &[&[u8]]) -> Scalar

Produce a secret witness scalar k, aka nonce, from the protocol transcript and any "nonce seeds" kept with the secret keys.

fn witness_bytes(
    &self,
    label: &'static [u8],
    dest: &mut [u8],
    nonce_seeds: &[&[u8]]
)

Produce secret witness bytes from the protocol transcript and any "nonce seeds" kept with the secret keys.

Loading content...

Implementations on Foreign Types

impl<T: ?Sized, '_> SigningTranscript for &'_ mut T where
    T: SigningTranscript
[src]

We delegates any mutable reference to its base type, like &mut Rng or similar to BorrowMut<..> do, but doing so here simplifies alternative implementations.

impl SigningTranscript for Transcript[src]

We delegate SigningTranscript methods to the corresponding inherent methods of merlin::Transcript and implement two witness methods to avoid abrtasting the merlin::TranscriptRng machenry.

Loading content...

Implementors

impl<H> SigningTranscript for XoFTranscript<H> where
    H: Input + ExtendableOutput + Clone
[src]

impl<T, R> SigningTranscript for SigningTranscriptWithRng<T, R> where
    T: SigningTranscript,
    R: RngCore + CryptoRng
[src]

Loading content...