Struct schnorrkel::keys::PublicKey

source · 
pub struct PublicKey(_);
Expand description

A Ristretto Schnorr public key.

Internally, these are represented as a RistrettoPoint, meaning an Edwards point with a static guarantee to be 2-torsion free.

At present, we decompress PublicKeys into this representation during deserialization, which improves error handling, but costs a compression during signing and verifiaction.

Implementations§

Access the compressed Ristretto form

Extract the compressed Ristretto form

Access the point form

Extract the point form

Decompress into the PublicKey format that also retains the compressed form.

Compress into the PublicKey format that also retains the uncompressed form.

Convert this public key to a byte array.

Example
use schnorrkel::{SecretKey, PublicKey, PUBLIC_KEY_LENGTH, SignatureError};

let public_key: PublicKey = SecretKey::generate().to_public();
let public_key_bytes = public_key.to_bytes();
let public_key_again: PublicKey = PublicKey::from_bytes(&public_key_bytes[..]).unwrap();
assert_eq!(public_key_bytes, public_key_again.to_bytes());

Construct a PublicKey from a slice of bytes.

Example
use schnorrkel::{PublicKey, PUBLIC_KEY_LENGTH, SignatureError};

let public_key_bytes: [u8; PUBLIC_KEY_LENGTH] = [
    208, 120, 140, 129, 177, 179, 237, 159,
    252, 160, 028, 013, 206, 005, 211, 241,
    192, 218, 001, 097, 130, 241, 020, 169,
    119, 046, 246, 029, 079, 080, 077, 084];

let public_key = PublicKey::from_bytes(&public_key_bytes).unwrap();
assert_eq!(public_key.to_bytes(), public_key_bytes);
Returns

A Result whose okay value is an EdDSA PublicKey or whose error value is an SignatureError describing the error that occurred.

Verify a signature by this public key on a transcript.

Requires a SigningTranscript, normally created from a SigningContext and a message, as well as the signature to be verified.

Verify a signature by this public key on a message.

A temporary verification routine for use in transitioning substrate testnets only.

Create a non-malleable VRF input point by hashing a transcript to a point.

Pair a non-malleable VRF output with the hash of the given transcript.

Merge VRF input and output pairs from the same signer, using variable time arithmetic

You should use vartime=true when verifying VRF proofs batched by the singer. You could usually use vartime=true even when producing proofs, provided the set being signed is not secret.

There is sadly no constant time 128 bit multiplication in dalek, making vartime=false somewhat slower than necessary. It should only impact signers in niche scenarios however, so the slower variant should normally be unnecessary.

Panics if given an empty points list.

TODO: Add constant time 128 bit batched multiplication to dalek. TODO: Is rand_chacha’s gen::<u128>() standardizable enough to prefer it over merlin for the output?

Verify DLEQ proof that p.output = s * p.input where self s times the basepoint.

We return an enlarged VRFProofBatchable instead of just true, so that verifiers can forward batchable proofs.

In principle, one might provide “blindly verifiable” VRFs that avoid requiring self here, but naively such constructions risk the same flaws as DLEQ based blind signatures, and this version exploits the slightly faster basepoint arithmetic.

Verify VRF proof for one single input transcript and corresponding output.

Verify VRF proof for one single input transcript and corresponding output.

Verify a common VRF short proof for several input transcripts and corresponding outputs.

Verify a common VRF short proof for several input transcripts and corresponding outputs.

Accept an ECQV implicit certificate

We request an ECQV implicit certificate by first creating an ephemeral Keypair and sending the public portion to the issuer as seed_public_key. An issuer issues the certificat by replying with the ECQVCertSecret created by issue_ecqv_cert.

Aside from the issuer PublicKey supplied as self, you provide (1) a SigningTranscript called t that incorporates both the context and the certificate requester’s identity, (2) the seed_secret_key corresponding to the seed_public_key they sent to the issuer by the certificate recipient in their certificate request, and (3) the ECQVCertSecret send by the issuer to the certificate requester. We return both your certificate’s new SecretKey as well as an ECQVCertPublic from which third parties may derive corresponding public key from h and the issuer’s public key.

Trait Implementations§

Converts this type into a shared reference of the (usually inferred) input type.
Returns a copy of the value. Read more
Performs copy-assignment from source. Read more
Formats the value using the given formatter. Read more
Returns the “default value” for a type. Read more
Derive key with subkey identified by a byte array presented via a SigningTranscript, and a chain code. Read more
Derive key with subkey identified by a byte array and a chain code. We do not include a context here becuase the chain code could serve this purpose. Read more
Derive key with subkey identified by a byte array and a chain code, and with external ranodmnesses. Read more
Converts to this type from the input type.
Feeds this value into the given Hasher. Read more
Feeds a slice of this type into the given Hasher. Read more
This method returns an Ordering between self and other. Read more
Compares and returns the maximum of two values. Read more
Compares and returns the minimum of two values. Read more
Restrict a value to a certain interval. Read more
This method tests for self and other values to be equal, and is used by ==. Read more
This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason. Read more
This method returns an ordering between self and other values if one exists. Read more
This method tests less than (for self and other) and is used by the < operator. Read more
This method tests less than or equal to (for self and other) and is used by the <= operator. Read more
This method tests greater than (for self and other) and is used by the > operator. Read more
This method tests greater than or equal to (for self and other) and is used by the >= operator. Read more

Auto Trait Implementations§

Blanket Implementations§

Gets the TypeId of self. Read more
Immutably borrows from an owned value. Read more
Mutably borrows from an owned value. Read more

Returns the argument unchanged.

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Should always be Self
The resulting type after obtaining ownership.
Creates owned data from borrowed data, usually by cloning. Read more
Uses borrowed data to replace owned data, usually by cloning. Read more
The type returned in the event of a conversion error.
Performs the conversion.
The type returned in the event of a conversion error.
Performs the conversion.