Trait schnorrkel::context::SigningTranscript
source · pub trait SigningTranscript {
// Required methods
fn commit_bytes(&mut self, label: &'static [u8], bytes: &[u8]);
fn challenge_bytes(&mut self, label: &'static [u8], dest: &mut [u8]);
fn witness_bytes_rng<R>(
&self,
label: &'static [u8],
dest: &mut [u8],
nonce_seeds: &[&[u8]],
rng: R
)
where R: RngCore + CryptoRng;
// Provided methods
fn proto_name(&mut self, label: &'static [u8]) { ... }
fn commit_point(
&mut self,
label: &'static [u8],
compressed: &CompressedRistretto
) { ... }
fn challenge_scalar(&mut self, label: &'static [u8]) -> Scalar { ... }
fn witness_scalar(
&self,
label: &'static [u8],
nonce_seeds: &[&[u8]]
) -> Scalar { ... }
fn witness_bytes(
&self,
label: &'static [u8],
dest: &mut [u8],
nonce_seeds: &[&[u8]]
) { ... }
}
Expand description
Schnorr signing transcript
We envision signatures being on messages, but if a signature occurs inside a larger protocol then the signature scheme’s internal transcript may exist before or persist after signing.
In this trait, we provide an interface for Schnorr signature-like
constructions that is compatable with merlin::Transcript
, but
abstract enough to support conventional hash functions as well.
We warn however that conventional hash functions do not provide
strong enough domain seperation for usage via &mut
references.
We fold randomness into witness generation here too, which
gives every function that takes a SigningTranscript
a default
argument rng: impl Rng = thread_rng()
too.
We also abstract over owned and borrowed merlin::Transcript
s,
so that simple use cases do not suffer from our support for.
Required Methods§
sourcefn commit_bytes(&mut self, label: &'static [u8], bytes: &[u8])
fn commit_bytes(&mut self, label: &'static [u8], bytes: &[u8])
Extend transcript with some bytes, shadowed by merlin::Transcript
.
sourcefn challenge_bytes(&mut self, label: &'static [u8], dest: &mut [u8])
fn challenge_bytes(&mut self, label: &'static [u8], dest: &mut [u8])
Produce some challenge bytes, shadowed by merlin::Transcript
.
Provided Methods§
sourcefn proto_name(&mut self, label: &'static [u8])
fn proto_name(&mut self, label: &'static [u8])
Extend transcript with a protocol name
sourcefn commit_point(
&mut self,
label: &'static [u8],
compressed: &CompressedRistretto
)
fn commit_point( &mut self, label: &'static [u8], compressed: &CompressedRistretto )
Extend the transcript with a compressed Ristretto point
sourcefn challenge_scalar(&mut self, label: &'static [u8]) -> Scalar
fn challenge_scalar(&mut self, label: &'static [u8]) -> Scalar
Produce the public challenge scalar e
.
sourcefn witness_scalar(&self, label: &'static [u8], nonce_seeds: &[&[u8]]) -> Scalar
fn witness_scalar(&self, label: &'static [u8], nonce_seeds: &[&[u8]]) -> Scalar
Produce a secret witness scalar k
, aka nonce, from the protocol
transcript and any “nonce seeds” kept with the secret keys.
sourcefn witness_bytes(
&self,
label: &'static [u8],
dest: &mut [u8],
nonce_seeds: &[&[u8]]
)
fn witness_bytes( &self, label: &'static [u8], dest: &mut [u8], nonce_seeds: &[&[u8]] )
Produce secret witness bytes from the protocol transcript and any “nonce seeds” kept with the secret keys.
Implementations on Foreign Types§
source§impl SigningTranscript for Transcript
impl SigningTranscript for Transcript
We delegate SigningTranscript
methods to the corresponding
inherent methods of merlin::Transcript
and implement two
witness methods to avoid abrtasting the merlin::TranscriptRng
machenry.
source§impl<T> SigningTranscript for &mut Twhere
T: SigningTranscript + ?Sized,
impl<T> SigningTranscript for &mut Twhere T: SigningTranscript + ?Sized,
We delegates any mutable reference to its base type, like &mut Rng
or similar to BorrowMut<..>
do, but doing so here simplifies
alternative implementations.