pub struct PublicKey(_);
Expand description

A Ristretto Schnorr public key.

Internally, these are represented as a RistrettoPoint, meaning an Edwards point with a static guarantee to be 2-torsion free.

At present, we decompress PublicKeys into this representation during deserialization, which improves error handling, but costs a compression during signing and verifiaction.

Implementations

Access the compressed Ristretto form

Extract the compressed Ristretto form

Access the point form

Extract the point form

Decompress into the PublicKey format that also retains the compressed form.

Compress into the PublicKey format that also retains the uncompressed form.

Convert this public key to a byte array.

Example
use schnorrkel::{SecretKey, PublicKey, PUBLIC_KEY_LENGTH, SignatureError};

let public_key: PublicKey = SecretKey::generate().to_public();
let public_key_bytes = public_key.to_bytes();
let public_key_again: PublicKey = PublicKey::from_bytes(&public_key_bytes[..]).unwrap();
assert_eq!(public_key_bytes, public_key_again.to_bytes());

Construct a PublicKey from a slice of bytes.

Example
use schnorrkel::{PublicKey, PUBLIC_KEY_LENGTH, SignatureError};

let public_key_bytes: [u8; PUBLIC_KEY_LENGTH] = [
    208, 120, 140, 129, 177, 179, 237, 159,
    252, 160, 028, 013, 206, 005, 211, 241,
    192, 218, 001, 097, 130, 241, 020, 169,
    119, 046, 246, 029, 079, 080, 077, 084];

let public_key = PublicKey::from_bytes(&public_key_bytes).unwrap();
assert_eq!(public_key.to_bytes(), public_key_bytes);
Returns

A Result whose okay value is an EdDSA PublicKey or whose error value is an SignatureError describing the error that occurred.

Verify a signature by this public key on a transcript.

Requires a SigningTranscript, normally created from a SigningContext and a message, as well as the signature to be verified.

Verify a signature by this public key on a message.

A temporary verification routine for use in transitioning substrate testnets only.

Create a non-malleable VRF input point by hashing a transcript to a point.

Pair a non-malleable VRF output with the hash of the given transcript.

Merge VRF input and output pairs from the same signer, using variable time arithmetic

You should use vartime=true when verifying VRF proofs batched by the singer. You could usually use vartime=true even when producing proofs, provided the set being signed is not secret.

There is sadly no constant time 128 bit multiplication in dalek, making vartime=false somewhat slower than necessary. It should only impact signers in niche scenarios however, so the slower variant should normally be unnecessary.

Panics if given an empty points list.

TODO: Add constant time 128 bit batched multiplication to dalek. TODO: Is rand_chacha’s gen::<u128>() standardizable enough to prefer it over merlin for the output?

Verify DLEQ proof that p.output = s * p.input where self s times the basepoint.

We return an enlarged VRFProofBatchable instead of just true, so that verifiers can forward batchable proofs.

In principle, one might provide “blindly verifiable” VRFs that avoid requiring self here, but naively such constructions risk the same flaws as DLEQ based blind signatures, and this version exploits the slightly faster basepoint arithmetic.

Verify VRF proof for one single input transcript and corresponding output.

Verify VRF proof for one single input transcript and corresponding output.

Verify a common VRF short proof for several input transcripts and corresponding outputs.

Verify a common VRF short proof for several input transcripts and corresponding outputs.

Accept an ECQV implicit certificate

We request an ECQV implicit certificate by first creating an ephemeral Keypair and sending the public portion to the issuer as seed_public_key. An issuer issues the certificat by replying with the ECQVCertSecret created by issue_ecqv_cert.

Aside from the issuer PublicKey supplied as self, you provide (1) a SigningTranscript called t that incorporates both the context and the certificate requester’s identity, (2) the seed_secret_key corresponding to the seed_public_key they sent to the issuer by the certificate recipient in their certificate request, and (3) the ECQVCertSecret send by the issuer to the certificate requester. We return both your certificate’s new SecretKey as well as an ECQVCertPublic from which third parties may derive corresponding public key from h and the issuer’s public key.

Trait Implementations

Performs the conversion.

Returns a copy of the value. Read more

Performs copy-assignment from source. Read more

Formats the value using the given formatter. Read more

Returns the “default value” for a type. Read more

Derive key with subkey identified by a byte array presented via a SigningTranscript, and a chain code. Read more

Derive key with subkey identified by a byte array and a chain code. We do not include a context here becuase the chain code could serve this purpose. Read more

Derive key with subkey identified by a byte array and a chain code, and with external ranodmnesses. Read more

Deserialize this value from the given Serde deserializer. Read more

Performs the conversion.

Feeds this value into the given Hasher. Read more

Feeds a slice of this type into the given Hasher. Read more

This method returns an Ordering between self and other. Read more

Compares and returns the maximum of two values. Read more

Compares and returns the minimum of two values. Read more

Restrict a value to a certain interval. Read more

This method tests for self and other values to be equal, and is used by ==. Read more

This method tests for !=.

This method returns an ordering between self and other values if one exists. Read more

This method tests less than (for self and other) and is used by the < operator. Read more

This method tests less than or equal to (for self and other) and is used by the <= operator. Read more

This method tests greater than (for self and other) and is used by the > operator. Read more

This method tests greater than or equal to (for self and other) and is used by the >= operator. Read more

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations

Blanket Implementations

Gets the TypeId of self. Read more

Immutably borrows from an owned value. Read more

Mutably borrows from an owned value. Read more

Returns the argument unchanged.

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Get a reference to the inner from the outer.

Get a mutable reference to the inner from the outer.

Should always be Self

Encode the hex strict representing self into the result. Lower case letters are used (e.g. f9b4ca) Read more

Encode the hex strict representing self into the result. Upper case letters are used (e.g. F9B4CA) Read more

The resulting type after obtaining ownership.

Creates owned data from borrowed data, usually by cloning. Read more

🔬 This is a nightly-only experimental API. (toowned_clone_into)

Uses borrowed data to replace owned data, usually by cloning. Read more

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

The counterpart to unchecked_from.