Struct schnorrkel::musig::MuSig
source · [−]pub struct MuSig<T: SigningTranscript + Clone, S> { /* private fields */ }
Expand description
Schnorr multi-signature (MuSig) container generic over its session types
Implementations
sourceimpl<T: SigningTranscript + Clone, S> MuSig<T, S>
impl<T: SigningTranscript + Clone, S> MuSig<T, S>
sourcepub fn public_keys(
&self,
require_reveal: bool
) -> impl Iterator<Item = &PublicKey>
pub fn public_keys(
&self,
require_reveal: bool
) -> impl Iterator<Item = &PublicKey>
Iterates over public keys.
If require_reveal=true
then we count only public key that revealed their R
values.
sourcepub fn public_key(&self) -> PublicKey
pub fn public_key(&self) -> PublicKey
Aggregate public key given currently revealed R
values
sourcepub fn expected_public_key(&self) -> PublicKey
pub fn expected_public_key(&self) -> PublicKey
Aggregate public key expected if all currently committed nodes fully participate
sourceimpl<T, S> MuSig<T, S> where
T: SigningTranscript + Clone,
S: TranscriptStages,
impl<T, S> MuSig<T, S> where
T: SigningTranscript + Clone,
S: TranscriptStages,
sourcepub fn transcript(&mut self) -> &mut T
pub fn transcript(&mut self) -> &mut T
We permit extending the transcript whenever you like, so
that say the message may be agreed upon in parallel to the
commitments. We advise against doing so however, as this
requires absolute faith in your random number generator,
usually rand::thread_rng()
.
sourceimpl<K, T> MuSig<T, CommitStage<K>> where
K: Borrow<Keypair>,
T: SigningTranscript + Clone,
impl<K, T> MuSig<T, CommitStage<K>> where
K: Borrow<Keypair>,
T: SigningTranscript + Clone,
sourcepub fn new(keypair: K, t: T) -> MuSig<T, CommitStage<K>>
pub fn new(keypair: K, t: T) -> MuSig<T, CommitStage<K>>
Initialize a multi-signature aka cosignature protocol run.
We encurage borrowing the Keypair
to minimize copies of
the private key, so we provide the Keypair::musig
method
for the K = &'k Keypair
case. You could use Rc
or Arc
with this MuSig::new
method, or even pass in an owned copy.
sourcepub fn our_commitment(&self) -> Commitment
pub fn our_commitment(&self) -> Commitment
Our commitment to our R
to send to all other cosigners
sourcepub fn add_their_commitment(
&mut self,
them: PublicKey,
theirs: Commitment
) -> SignatureResult<()>
pub fn add_their_commitment(
&mut self,
them: PublicKey,
theirs: Commitment
) -> SignatureResult<()>
Add a new cosigner’s public key and associated R
bypassing our commitmewnt phase.
sourcepub fn reveal_stage(self) -> MuSig<T, RevealStage<K>>
pub fn reveal_stage(self) -> MuSig<T, RevealStage<K>>
Commit to reveal phase transition.
sourceimpl<K, T> MuSig<T, RevealStage<K>> where
K: Borrow<Keypair>,
T: SigningTranscript + Clone,
impl<K, T> MuSig<T, RevealStage<K>> where
K: Borrow<Keypair>,
T: SigningTranscript + Clone,
sourcepub fn our_reveal(&self) -> &Reveal
pub fn our_reveal(&self) -> &Reveal
Reveal our R
contribution to send to all other cosigners
sourcepub fn add_their_reveal(
&mut self,
them: PublicKey,
theirs: Reveal
) -> SignatureResult<()>
pub fn add_their_reveal(
&mut self,
them: PublicKey,
theirs: Reveal
) -> SignatureResult<()>
Include a revealed R
value from a previously committed cosigner
sourcepub fn add_trusted(
&mut self,
them: PublicKey,
theirs: Reveal
) -> SignatureResult<()>
pub fn add_trusted(
&mut self,
them: PublicKey,
theirs: Reveal
) -> SignatureResult<()>
Add a new cosigner’s public key and associated R
bypassing our
commitmewnt phase.
We implemented defenses that reduce the risks posed by this method, but anyone who wishes provable security should heed the advice below:
Avoid using this due to the attack described in “On the Provable Security of Two-Round Multi-Signatures” by Manu Drijvers, Kasra Edalatnejad, Bryan Ford, and Gregory Neven https://eprint.iacr.org/2018/417 Avoid using this for public keys held by networked devices in particular.
There are however limited scenarios in which using this appears secure, primarily if the trusted device is (a) air gapped, (b) stateful, and (c) infrequently used, via some constrained channel like manually scanning QR code. Almost all hardware wallets designs fail (b), but non-hardware wallets fail (a), with the middle ground being only something like Pairty Signer. Also, any public keys controlled by an organization likely fail (c) too, making this only useful for individuals.
sourcepub fn cosign_stage(self) -> MuSig<T, CosignStage>
pub fn cosign_stage(self) -> MuSig<T, CosignStage>
Reveal to cosign phase transition.
sourceimpl<T: SigningTranscript + Clone> MuSig<T, CosignStage>
impl<T: SigningTranscript + Clone> MuSig<T, CosignStage>
sourcepub fn our_cosignature(&self) -> Cosignature
pub fn our_cosignature(&self) -> Cosignature
Reveals our signature contribution
sourcepub fn add_their_cosignature(
&mut self,
them: PublicKey,
theirs: Cosignature
) -> SignatureResult<()>
pub fn add_their_cosignature(
&mut self,
them: PublicKey,
theirs: Cosignature
) -> SignatureResult<()>
Include a cosignature from another cosigner
sourcepub fn cosigned(&self) -> impl Iterator<Item = &PublicKey>
pub fn cosigned(&self) -> impl Iterator<Item = &PublicKey>
Interate over the cosigners who successfully revaled and later cosigned.
sourcepub fn uncosigned(&self) -> impl Iterator<Item = &PublicKey>
pub fn uncosigned(&self) -> impl Iterator<Item = &PublicKey>
Interate over the possible cosigners who successfully committed and revaled, but actually cosigned.
sourceimpl<T: SigningTranscript + Clone> MuSig<T, CollectStage>
impl<T: SigningTranscript + Clone> MuSig<T, CollectStage>
sourcepub fn add(
&mut self,
them: PublicKey,
their_reveal: Reveal,
their_cosignature: Cosignature
) -> SignatureResult<()>
pub fn add(
&mut self,
them: PublicKey,
their_reveal: Reveal,
their_cosignature: Cosignature
) -> SignatureResult<()>
Adds revealed R
and cosignature into a cosignature collector
Auto Trait Implementations
impl<T, S> RefUnwindSafe for MuSig<T, S> where
S: RefUnwindSafe,
T: RefUnwindSafe,
impl<T, S> Send for MuSig<T, S> where
S: Send,
T: Send,
impl<T, S> Sync for MuSig<T, S> where
S: Sync,
T: Sync,
impl<T, S> Unpin for MuSig<T, S> where
S: Unpin,
T: Unpin,
impl<T, S> UnwindSafe for MuSig<T, S> where
S: UnwindSafe,
T: UnwindSafe,
Blanket Implementations
sourceimpl<T> BorrowMut<T> for T where
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
const: unstable · sourcepub fn borrow_mut(&mut self) -> &mut T
pub fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more