Trait schnorrkel::context::SigningTranscript
source · pub trait SigningTranscript {
fn commit_bytes(&mut self, label: &'static [u8], bytes: &[u8]);
fn challenge_bytes(&mut self, label: &'static [u8], dest: &mut [u8]);
fn witness_bytes_rng<R>(
&self,
label: &'static [u8],
dest: &mut [u8],
nonce_seeds: &[&[u8]],
rng: R
)
where
R: RngCore + CryptoRng;
fn proto_name(&mut self, label: &'static [u8]) { ... }
fn commit_point(
&mut self,
label: &'static [u8],
compressed: &CompressedRistretto
) { ... }
fn challenge_scalar(&mut self, label: &'static [u8]) -> Scalar { ... }
fn witness_scalar(
&self,
label: &'static [u8],
nonce_seeds: &[&[u8]]
) -> Scalar { ... }
fn witness_bytes(
&self,
label: &'static [u8],
dest: &mut [u8],
nonce_seeds: &[&[u8]]
) { ... }
}
Expand description
Schnorr signing transcript
We envision signatures being on messages, but if a signature occurs inside a larger protocol then the signature scheme’s internal transcript may exist before or persist after signing.
In this trait, we provide an interface for Schnorr signature-like
constructions that is compatable with merlin::Transcript
, but
abstract enough to support conventional hash functions as well.
We warn however that conventional hash functions do not provide
strong enough domain seperation for usage via &mut
references.
We fold randomness into witness generation here too, which
gives every function that takes a SigningTranscript
a default
argument rng: impl Rng = thread_rng()
too.
We also abstract over owned and borrowed merlin::Transcript
s,
so that simple use cases do not suffer from our support for.
Required Methods§
sourcefn commit_bytes(&mut self, label: &'static [u8], bytes: &[u8])
fn commit_bytes(&mut self, label: &'static [u8], bytes: &[u8])
Extend transcript with some bytes, shadowed by merlin::Transcript
.
sourcefn challenge_bytes(&mut self, label: &'static [u8], dest: &mut [u8])
fn challenge_bytes(&mut self, label: &'static [u8], dest: &mut [u8])
Produce some challenge bytes, shadowed by merlin::Transcript
.
Provided Methods§
sourcefn proto_name(&mut self, label: &'static [u8])
fn proto_name(&mut self, label: &'static [u8])
Extend transcript with a protocol name
sourcefn commit_point(&mut self, label: &'static [u8], compressed: &CompressedRistretto)
fn commit_point(&mut self, label: &'static [u8], compressed: &CompressedRistretto)
Extend the transcript with a compressed Ristretto point
sourcefn challenge_scalar(&mut self, label: &'static [u8]) -> Scalar
fn challenge_scalar(&mut self, label: &'static [u8]) -> Scalar
Produce the public challenge scalar e
.
sourcefn witness_scalar(&self, label: &'static [u8], nonce_seeds: &[&[u8]]) -> Scalar
fn witness_scalar(&self, label: &'static [u8], nonce_seeds: &[&[u8]]) -> Scalar
Produce a secret witness scalar k
, aka nonce, from the protocol
transcript and any “nonce seeds” kept with the secret keys.
sourcefn witness_bytes(
&self,
label: &'static [u8],
dest: &mut [u8],
nonce_seeds: &[&[u8]]
)
fn witness_bytes(
&self,
label: &'static [u8],
dest: &mut [u8],
nonce_seeds: &[&[u8]]
)
Produce secret witness bytes from the protocol transcript and any “nonce seeds” kept with the secret keys.
Implementations on Foreign Types§
source§impl<T> SigningTranscript for &mut Twhere
T: SigningTranscript + ?Sized,
impl<T> SigningTranscript for &mut Twhere
T: SigningTranscript + ?Sized,
We delegates any mutable reference to its base type, like &mut Rng
or similar to BorrowMut<..>
do, but doing so here simplifies
alternative implementations.
fn commit_bytes(&mut self, label: &'static [u8], bytes: &[u8])
fn proto_name(&mut self, label: &'static [u8])
fn commit_point(&mut self, label: &'static [u8], compressed: &CompressedRistretto)
fn challenge_bytes(&mut self, label: &'static [u8], dest: &mut [u8])
fn challenge_scalar(&mut self, label: &'static [u8]) -> Scalar
fn witness_scalar(&self, label: &'static [u8], nonce_seeds: &[&[u8]]) -> Scalar
fn witness_bytes(
&self,
label: &'static [u8],
dest: &mut [u8],
nonce_seeds: &[&[u8]]
)
fn witness_bytes_rng<R>(
&self,
label: &'static [u8],
dest: &mut [u8],
nonce_seeds: &[&[u8]],
rng: R
)where
R: RngCore + CryptoRng,
source§impl SigningTranscript for Transcript
impl SigningTranscript for Transcript
We delegate SigningTranscript
methods to the corresponding
inherent methods of merlin::Transcript
and implement two
witness methods to avoid abrtasting the merlin::TranscriptRng
machenry.