[][src]Struct schnorrkel::keys::PublicKey

pub struct PublicKey(_);

A Ristretto Schnorr public key.

Internally, these are represented as a RistrettoPoint, meaning an Edwards point with a static guarantee to be 2-torsion free.

At present, we decompress PublicKeys into this representation during deserialization, which improves error handling, but costs a compression during signing and verifiaction.

Implementations

impl PublicKey[src]

pub fn as_compressed(&self) -> &CompressedRistretto[src]

Access the compressed Ristretto form

pub fn into_compressed(self) -> CompressedRistretto[src]

Extract the compressed Ristretto form

pub fn as_point(&self) -> &RistrettoPoint[src]

Access the point form

pub fn into_point(self) -> RistrettoPoint[src]

Extract the point form

pub fn from_compressed(
    compressed: CompressedRistretto
) -> SignatureResult<PublicKey>
[src]

Decompress into the PublicKey format that also retains the compressed form.

pub fn from_point(point: RistrettoPoint) -> PublicKey[src]

Compress into the PublicKey format that also retains the uncompressed form.

pub fn to_bytes(&self) -> [u8; 32][src]

Convert this public key to a byte array.

Example

use schnorrkel::{SecretKey, PublicKey, PUBLIC_KEY_LENGTH, SignatureError};

let public_key: PublicKey = SecretKey::generate().to_public();
let public_key_bytes = public_key.to_bytes();
let public_key_again: PublicKey = PublicKey::from_bytes(&public_key_bytes[..]).unwrap();
assert_eq!(public_key_bytes, public_key_again.to_bytes());

pub fn from_bytes(bytes: &[u8]) -> SignatureResult<PublicKey>[src]

Construct a PublicKey from a slice of bytes.

Example

use schnorrkel::{PublicKey, PUBLIC_KEY_LENGTH, SignatureError};

let public_key_bytes: [u8; PUBLIC_KEY_LENGTH] = [
    208, 120, 140, 129, 177, 179, 237, 159,
    252, 160, 028, 013, 206, 005, 211, 241,
    192, 218, 001, 097, 130, 241, 020, 169,
    119, 046, 246, 029, 079, 080, 077, 084];

let public_key = PublicKey::from_bytes(&public_key_bytes).unwrap();
assert_eq!(public_key.to_bytes(), public_key_bytes);

Returns

A Result whose okay value is an EdDSA PublicKey or whose error value is an SignatureError describing the error that occurred.

impl PublicKey[src]

pub fn verify<T: SigningTranscript>(
    &self,
    t: T,
    signature: &Signature
) -> SignatureResult<()>
[src]

Verify a signature by this public key on a transcript.

Requires a SigningTranscript, normally created from a SigningContext and a message, as well as the signature to be verified.

pub fn verify_simple(
    &self,
    ctx: &[u8],
    msg: &[u8],
    signature: &Signature
) -> SignatureResult<()>
[src]

Verify a signature by this public key on a message.

pub fn verify_simple_preaudit_deprecated(
    &self,
    ctx: &'static [u8],
    msg: &[u8],
    sig: &[u8]
) -> SignatureResult<()>
[src]

A temporary verification routine for use in transitioning substrate testnets only.

impl PublicKey[src]

pub fn vrf_hash<T>(&self, t: T) -> RistrettoBoth where
    T: VRFSigningTranscript
[src]

Create a non-malleable VRF input point by hashing a transcript to a point.

pub fn vrf_attach_hash<T>(
    &self,
    output: VRFOutput,
    t: T
) -> SignatureResult<VRFInOut> where
    T: VRFSigningTranscript
[src]

Pair a non-malleable VRF output with the hash of the given transcript.

impl PublicKey[src]

pub fn vrfs_merge<B>(&self, ps: &[B], vartime: bool) -> VRFInOut where
    B: Borrow<VRFInOut>, 
[src]

Merge VRF input and output pairs from the same signer, using variable time arithmetic

You should use vartime=true when verifying VRF proofs batched by the singer. You could usually use vartime=true even when producing proofs, provided the set being signed is not secret.

There is sadly no constant time 128 bit multiplication in dalek, making vartime=false somewhat slower than necessary. It should only impact signers in niche scenarios however, so the slower variant should normally be unnecessary.

Panics if given an empty points list.

TODO: Add constant time 128 bit batched multiplication to dalek. TODO: Is rand_chacha's gen::<u128>() standardizable enough to prefer it over merlin for the output?

impl PublicKey[src]

pub fn dleq_verify<T>(
    &self,
    t: T,
    p: &VRFInOut,
    proof: &VRFProof,
    kusama: bool
) -> SignatureResult<VRFProofBatchable> where
    T: SigningTranscript
[src]

Verify DLEQ proof that p.output = s * p.input where self s times the basepoint.

We return an enlarged VRFProofBatchable instead of just true, so that verifiers can forward batchable proofs.

In principle, one might provide "blindly verifiable" VRFs that avoid requiring self here, but naively such constructions risk the same flaws as DLEQ based blind signatures, and this version exploits the slightly faster basepoint arithmetic.

pub fn vrf_verify<T: VRFSigningTranscript>(
    &self,
    t: T,
    out: &VRFOutput,
    proof: &VRFProof
) -> SignatureResult<(VRFInOut, VRFProofBatchable)>
[src]

Verify VRF proof for one single input transcript and corresponding output.

pub fn vrf_verify_extra<T, E>(
    &self,
    t: T,
    out: &VRFOutput,
    proof: &VRFProof,
    extra: E
) -> SignatureResult<(VRFInOut, VRFProofBatchable)> where
    T: VRFSigningTranscript,
    E: SigningTranscript
[src]

Verify VRF proof for one single input transcript and corresponding output.

pub fn vrfs_verify<T, I, O>(
    &self,
    transcripts: I,
    outs: &[O],
    proof: &VRFProof
) -> SignatureResult<(Box<[VRFInOut]>, VRFProofBatchable)> where
    T: VRFSigningTranscript,
    I: IntoIterator<Item = T>,
    O: Borrow<VRFOutput>, 
[src]

Verify a common VRF short proof for several input transcripts and corresponding outputs.

pub fn vrfs_verify_extra<T, E, I, O>(
    &self,
    transcripts: I,
    outs: &[O],
    proof: &VRFProof,
    extra: E
) -> SignatureResult<(Box<[VRFInOut]>, VRFProofBatchable)> where
    T: VRFSigningTranscript,
    E: SigningTranscript,
    I: IntoIterator<Item = T>,
    O: Borrow<VRFOutput>, 
[src]

Verify a common VRF short proof for several input transcripts and corresponding outputs.

impl PublicKey[src]

pub fn accept_ecqv_cert<T>(
    &self,
    t: T,
    seed_secret_key: &SecretKey,
    cert_secret: ECQVCertSecret
) -> SignatureResult<(ECQVCertPublic, SecretKey)> where
    T: SigningTranscript
[src]

Accept an ECQV implicit certificate

We request an ECQV implicit certificate by first creating an ephemeral Keypair and sending the public portion to the issuer as seed_public_key. An issuer issues the certificat by replying with the ECQVCertSecret created by issue_ecqv_cert.

Aside from the issuer PublicKey supplied as self, you provide (1) a SigningTranscript called t that incorporates both the context and the certificate requester's identity, (2) the seed_secret_key corresponding to the seed_public_key they sent to the issuer by the certificate recipient in their certificate request, and (3) the ECQVCertSecret send by the issuer to the certificate requester. We return both your certificate's new SecretKey as well as an ECQVCertPublic from which third parties may derive corresponding public key from h and the issuer's public key.

impl PublicKey[src]

pub fn open_ecqv_cert<T>(
    &self,
    t: T,
    cert_public: &ECQVCertPublic
) -> SignatureResult<PublicKey> where
    T: SigningTranscript
[src]

Trait Implementations

impl AsRef<[u8]> for PublicKey[src]

impl Clone for PublicKey[src]

impl Copy for PublicKey[src]

impl Debug for PublicKey[src]

impl Default for PublicKey[src]

impl Derivation for PublicKey[src]

impl Eq for PublicKey[src]

impl From<SecretKey> for PublicKey[src]

impl Hash for PublicKey[src]

impl Ord for PublicKey[src]

impl PartialEq<PublicKey> for PublicKey[src]

impl PartialOrd<PublicKey> for PublicKey[src]

impl StructuralEq for PublicKey[src]

impl StructuralPartialEq for PublicKey[src]

Auto Trait Implementations

impl RefUnwindSafe for PublicKey

impl Send for PublicKey

impl Sync for PublicKey

impl Unpin for PublicKey

impl UnwindSafe for PublicKey

Blanket Implementations

impl<T> Any for T where
    T: 'static + ?Sized
[src]

impl<T> Borrow<T> for T where
    T: ?Sized
[src]

impl<T> BorrowMut<T> for T where
    T: ?Sized
[src]

impl<T> From<T> for T[src]

impl<T, U> Into<U> for T where
    U: From<T>, 
[src]

impl<T> Same<T> for T[src]

type Output = T

Should always be Self

impl<T> ToOwned for T where
    T: Clone
[src]

type Owned = T

The resulting type after obtaining ownership.

impl<T, U> TryFrom<U> for T where
    U: Into<T>, 
[src]

type Error = Infallible

The type returned in the event of a conversion error.

impl<T, U> TryInto<U> for T where
    U: TryFrom<T>, 
[src]

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

impl<V, T> VZip<V> for T where
    V: MultiLane<T>, 
[src]