Trait schnorrkel::context::SigningTranscript
source · [−]pub trait SigningTranscript {
fn commit_bytes(&mut self, label: &'static [u8], bytes: &[u8]);
fn challenge_bytes(&mut self, label: &'static [u8], dest: &mut [u8]);
fn witness_bytes_rng<R>(
&self,
label: &'static [u8],
dest: &mut [u8],
nonce_seeds: &[&[u8]],
rng: R
)
where
R: RngCore + CryptoRng;
fn proto_name(&mut self, label: &'static [u8]) { ... }
fn commit_point(
&mut self,
label: &'static [u8],
compressed: &CompressedRistretto
) { ... }
fn challenge_scalar(&mut self, label: &'static [u8]) -> Scalar { ... }
fn witness_scalar(
&self,
label: &'static [u8],
nonce_seeds: &[&[u8]]
) -> Scalar { ... }
fn witness_bytes(
&self,
label: &'static [u8],
dest: &mut [u8],
nonce_seeds: &[&[u8]]
) { ... }
}Expand description
Schnorr signing transcript
We envision signatures being on messages, but if a signature occurs inside a larger protocol then the signature scheme’s internal transcript may exist before or persist after signing.
In this trait, we provide an interface for Schnorr signature-like
constructions that is compatable with merlin::Transcript, but
abstract enough to support conventional hash functions as well.
We warn however that conventional hash functions do not provide
strong enough domain seperation for usage via &mut references.
We fold randomness into witness generation here too, which
gives every function that takes a SigningTranscript a default
argument rng: impl Rng = thread_rng() too.
We also abstract over owned and borrowed merlin::Transcripts,
so that simple use cases do not suffer from our support for.
Required methods
fn commit_bytes(&mut self, label: &'static [u8], bytes: &[u8])
fn commit_bytes(&mut self, label: &'static [u8], bytes: &[u8])
Extend transcript with some bytes, shadowed by merlin::Transcript.
fn challenge_bytes(&mut self, label: &'static [u8], dest: &mut [u8])
fn challenge_bytes(&mut self, label: &'static [u8], dest: &mut [u8])
Produce some challenge bytes, shadowed by merlin::Transcript.
Provided methods
fn proto_name(&mut self, label: &'static [u8])
fn proto_name(&mut self, label: &'static [u8])
Extend transcript with a protocol name
fn commit_point(
&mut self,
label: &'static [u8],
compressed: &CompressedRistretto
)
fn commit_point(
&mut self,
label: &'static [u8],
compressed: &CompressedRistretto
)
Extend the transcript with a compressed Ristretto point
fn challenge_scalar(&mut self, label: &'static [u8]) -> Scalar
fn challenge_scalar(&mut self, label: &'static [u8]) -> Scalar
Produce the public challenge scalar e.
Produce a secret witness scalar k, aka nonce, from the protocol
transcript and any “nonce seeds” kept with the secret keys.
Implementations on Foreign Types
We delegates any mutable reference to its base type, like &mut Rng
or similar to BorrowMut<..> do, but doing so here simplifies
alternative implementations.
We delegate SigningTranscript methods to the corresponding
inherent methods of merlin::Transcript and implement two
witness methods to avoid abrtasting the merlin::TranscriptRng
machenry.