Trait schnorrkel::context::SigningTranscript
source · [−]pub trait SigningTranscript {
fn commit_bytes(&mut self, label: &'static [u8], bytes: &[u8]);
fn challenge_bytes(&mut self, label: &'static [u8], dest: &mut [u8]);
fn witness_bytes_rng<R>(
&self,
label: &'static [u8],
dest: &mut [u8],
nonce_seeds: &[&[u8]],
rng: R
)
where
R: RngCore + CryptoRng;
fn proto_name(&mut self, label: &'static [u8]) { ... }
fn commit_point(
&mut self,
label: &'static [u8],
compressed: &CompressedRistretto
) { ... }
fn challenge_scalar(&mut self, label: &'static [u8]) -> Scalar { ... }
fn witness_scalar(
&self,
label: &'static [u8],
nonce_seeds: &[&[u8]]
) -> Scalar { ... }
fn witness_bytes(
&self,
label: &'static [u8],
dest: &mut [u8],
nonce_seeds: &[&[u8]]
) { ... }
}Expand description
Schnorr signing transcript
We envision signatures being on messages, but if a signature occurs inside a larger protocol then the signature scheme’s internal transcript may exist before or persist after signing.
In this trait, we provide an interface for Schnorr signature-like
constructions that is compatable with merlin::Transcript, but
abstract enough to support conventional hash functions as well.
We warn however that conventional hash functions do not provide
strong enough domain seperation for usage via &mut references.
We fold randomness into witness generation here too, which
gives every function that takes a SigningTranscript a default
argument rng: impl Rng = thread_rng() too.
We also abstract over owned and borrowed merlin::Transcripts,
so that simple use cases do not suffer from our support for.
Required methods
fn commit_bytes(&mut self, label: &'static [u8], bytes: &[u8])
fn commit_bytes(&mut self, label: &'static [u8], bytes: &[u8])
Extend transcript with some bytes, shadowed by merlin::Transcript.
fn challenge_bytes(&mut self, label: &'static [u8], dest: &mut [u8])
fn challenge_bytes(&mut self, label: &'static [u8], dest: &mut [u8])
Produce some challenge bytes, shadowed by merlin::Transcript.
Provided methods
fn proto_name(&mut self, label: &'static [u8])
fn proto_name(&mut self, label: &'static [u8])
Extend transcript with a protocol name
fn commit_point(
&mut self,
label: &'static [u8],
compressed: &CompressedRistretto
)
fn commit_point(
&mut self,
label: &'static [u8],
compressed: &CompressedRistretto
)
Extend the transcript with a compressed Ristretto point
fn challenge_scalar(&mut self, label: &'static [u8]) -> Scalar
fn challenge_scalar(&mut self, label: &'static [u8]) -> Scalar
Produce the public challenge scalar e.
Produce a secret witness scalar k, aka nonce, from the protocol
transcript and any “nonce seeds” kept with the secret keys.
Implementations on Foreign Types
sourceimpl<T> SigningTranscript for &mut T where
T: SigningTranscript + ?Sized,
impl<T> SigningTranscript for &mut T where
T: SigningTranscript + ?Sized,
We delegates any mutable reference to its base type, like &mut Rng
or similar to BorrowMut<..> do, but doing so here simplifies
alternative implementations.
fn commit_bytes(&mut self, label: &'static [u8], bytes: &[u8])
fn proto_name(&mut self, label: &'static [u8])
fn commit_point(
&mut self,
label: &'static [u8],
compressed: &CompressedRistretto
)
fn challenge_bytes(&mut self, label: &'static [u8], dest: &mut [u8])
fn challenge_scalar(&mut self, label: &'static [u8]) -> Scalar
fn witness_scalar(&self, label: &'static [u8], nonce_seeds: &[&[u8]]) -> Scalar
fn witness_bytes(
&self,
label: &'static [u8],
dest: &mut [u8],
nonce_seeds: &[&[u8]]
)
fn witness_bytes_rng<R>(
&self,
label: &'static [u8],
dest: &mut [u8],
nonce_seeds: &[&[u8]],
rng: R
) where
R: RngCore + CryptoRng,
sourceimpl SigningTranscript for Transcript
impl SigningTranscript for Transcript
We delegate SigningTranscript methods to the corresponding
inherent methods of merlin::Transcript and implement two
witness methods to avoid abrtasting the merlin::TranscriptRng
machenry.