pub trait SigningTranscript {
    // Required methods
    fn commit_bytes(&mut self, label: &'static [u8], bytes: &[u8]);
    fn challenge_bytes(&mut self, label: &'static [u8], dest: &mut [u8]);
    fn witness_bytes_rng<R>(
        &self,
        label: &'static [u8],
        dest: &mut [u8],
        nonce_seeds: &[&[u8]],
        rng: R
    )
       where R: RngCore + CryptoRng;

    // Provided methods
    fn proto_name(&mut self, label: &'static [u8]) { ... }
    fn commit_point(
        &mut self,
        label: &'static [u8],
        compressed: &CompressedRistretto
    ) { ... }
    fn challenge_scalar(&mut self, label: &'static [u8]) -> Scalar { ... }
    fn witness_scalar(
        &self,
        label: &'static [u8],
        nonce_seeds: &[&[u8]]
    ) -> Scalar { ... }
    fn witness_bytes(
        &self,
        label: &'static [u8],
        dest: &mut [u8],
        nonce_seeds: &[&[u8]]
    ) { ... }
}
Expand description

Schnorr signing transcript

We envision signatures being on messages, but if a signature occurs inside a larger protocol then the signature scheme’s internal transcript may exist before or persist after signing.

In this trait, we provide an interface for Schnorr signature-like constructions that is compatable with merlin::Transcript, but abstract enough to support conventional hash functions as well.

We warn however that conventional hash functions do not provide strong enough domain seperation for usage via &mut references.

We fold randomness into witness generation here too, which gives every function that takes a SigningTranscript a default argument rng: impl Rng = thread_rng() too.

We also abstract over owned and borrowed merlin::Transcripts, so that simple use cases do not suffer from our support for.

Required Methods§

source

fn commit_bytes(&mut self, label: &'static [u8], bytes: &[u8])

Extend transcript with some bytes, shadowed by merlin::Transcript.

source

fn challenge_bytes(&mut self, label: &'static [u8], dest: &mut [u8])

Produce some challenge bytes, shadowed by merlin::Transcript.

source

fn witness_bytes_rng<R>( &self, label: &'static [u8], dest: &mut [u8], nonce_seeds: &[&[u8]], rng: R )where R: RngCore + CryptoRng,

Produce secret witness bytes from the protocol transcript and any “nonce seeds” kept with the secret keys.

Provided Methods§

source

fn proto_name(&mut self, label: &'static [u8])

Extend transcript with a protocol name

source

fn commit_point( &mut self, label: &'static [u8], compressed: &CompressedRistretto )

Extend the transcript with a compressed Ristretto point

source

fn challenge_scalar(&mut self, label: &'static [u8]) -> Scalar

Produce the public challenge scalar e.

source

fn witness_scalar(&self, label: &'static [u8], nonce_seeds: &[&[u8]]) -> Scalar

Produce a secret witness scalar k, aka nonce, from the protocol transcript and any “nonce seeds” kept with the secret keys.

source

fn witness_bytes( &self, label: &'static [u8], dest: &mut [u8], nonce_seeds: &[&[u8]] )

Produce secret witness bytes from the protocol transcript and any “nonce seeds” kept with the secret keys.

Implementations on Foreign Types§

source§

impl SigningTranscript for Transcript

We delegate SigningTranscript methods to the corresponding inherent methods of merlin::Transcript and implement two witness methods to avoid abrtasting the merlin::TranscriptRng machenry.

source§

fn commit_bytes(&mut self, label: &'static [u8], bytes: &[u8])

source§

fn challenge_bytes(&mut self, label: &'static [u8], dest: &mut [u8])

source§

fn witness_bytes_rng<R>( &self, label: &'static [u8], dest: &mut [u8], nonce_seeds: &[&[u8]], rng: R )where R: RngCore + CryptoRng,

source§

impl<T> SigningTranscript for &mut Twhere T: SigningTranscript + ?Sized,

We delegates any mutable reference to its base type, like &mut Rng or similar to BorrowMut<..> do, but doing so here simplifies alternative implementations.

source§

fn commit_bytes(&mut self, label: &'static [u8], bytes: &[u8])

source§

fn proto_name(&mut self, label: &'static [u8])

source§

fn commit_point( &mut self, label: &'static [u8], compressed: &CompressedRistretto )

source§

fn challenge_bytes(&mut self, label: &'static [u8], dest: &mut [u8])

source§

fn challenge_scalar(&mut self, label: &'static [u8]) -> Scalar

source§

fn witness_scalar(&self, label: &'static [u8], nonce_seeds: &[&[u8]]) -> Scalar

source§

fn witness_bytes( &self, label: &'static [u8], dest: &mut [u8], nonce_seeds: &[&[u8]] )

source§

fn witness_bytes_rng<R>( &self, label: &'static [u8], dest: &mut [u8], nonce_seeds: &[&[u8]], rng: R )where R: RngCore + CryptoRng,

Implementors§