Trait schnorrkel::context::SigningTranscript
source · [−]pub trait SigningTranscript {
fn commit_bytes(&mut self, label: &'static [u8], bytes: &[u8]);
fn challenge_bytes(&mut self, label: &'static [u8], dest: &mut [u8]);
fn witness_bytes_rng<R>(
&self,
label: &'static [u8],
dest: &mut [u8],
nonce_seeds: &[&[u8]],
rng: R
)
where
R: RngCore + CryptoRng;
fn proto_name(&mut self, label: &'static [u8]) { ... }
fn commit_point(
&mut self,
label: &'static [u8],
compressed: &CompressedRistretto
) { ... }
fn challenge_scalar(&mut self, label: &'static [u8]) -> Scalar { ... }
fn witness_scalar(
&self,
label: &'static [u8],
nonce_seeds: &[&[u8]]
) -> Scalar { ... }
fn witness_bytes(
&self,
label: &'static [u8],
dest: &mut [u8],
nonce_seeds: &[&[u8]]
) { ... }
}
Expand description
Schnorr signing transcript
We envision signatures being on messages, but if a signature occurs inside a larger protocol then the signature scheme’s internal transcript may exist before or persist after signing.
In this trait, we provide an interface for Schnorr signature-like
constructions that is compatable with merlin::Transcript
, but
abstract enough to support conventional hash functions as well.
We warn however that conventional hash functions do not provide
strong enough domain seperation for usage via &mut
references.
We fold randomness into witness generation here too, which
gives every function that takes a SigningTranscript
a default
argument rng: impl Rng = thread_rng()
too.
We also abstract over owned and borrowed merlin::Transcript
s,
so that simple use cases do not suffer from our support for.
Required methods
fn commit_bytes(&mut self, label: &'static [u8], bytes: &[u8])
fn commit_bytes(&mut self, label: &'static [u8], bytes: &[u8])
Extend transcript with some bytes, shadowed by merlin::Transcript
.
fn challenge_bytes(&mut self, label: &'static [u8], dest: &mut [u8])
fn challenge_bytes(&mut self, label: &'static [u8], dest: &mut [u8])
Produce some challenge bytes, shadowed by merlin::Transcript
.
Provided methods
fn proto_name(&mut self, label: &'static [u8])
fn proto_name(&mut self, label: &'static [u8])
Extend transcript with a protocol name
fn commit_point(
&mut self,
label: &'static [u8],
compressed: &CompressedRistretto
)
fn commit_point(
&mut self,
label: &'static [u8],
compressed: &CompressedRistretto
)
Extend the transcript with a compressed Ristretto point
fn challenge_scalar(&mut self, label: &'static [u8]) -> Scalar
fn challenge_scalar(&mut self, label: &'static [u8]) -> Scalar
Produce the public challenge scalar e
.
Produce a secret witness scalar k
, aka nonce, from the protocol
transcript and any “nonce seeds” kept with the secret keys.
Implementations on Foreign Types
We delegates any mutable reference to its base type, like &mut Rng
or similar to BorrowMut<..>
do, but doing so here simplifies
alternative implementations.
We delegate SigningTranscript
methods to the corresponding
inherent methods of merlin::Transcript
and implement two
witness methods to avoid abrtasting the merlin::TranscriptRng
machenry.