Struct blindsign::signature::UnblindedSigData[][src]

pub struct UnblindedSigData { /* fields omitted */ }

The data required for authenticating the unblinded signature,

  • 'e' is H(R || msg), the unblinded version of e' upon which the blind signature S' is created.

  • 'S' is the unblinded version of blind signature S'. S' is a blind signature on the blind messag||R hash value e', S is the unblinded

  • 'R' is the unblinded version of protocol initiation value R', which is the original Ristretto Point sent to the requester in response to protocol initiation.

All of these components are required to authenticate a blind signature created by the signer. The value S can be authenticated against the coupled R and e value when provided with the public ECC key that is associated with the private ECC key the blind signature S' was ostensibly created with on e'.

The actual message content is not included in this structure, though the input message can be validated against the signed e value of this struct as e = H(R || msg).

Methods

impl UnblindedSigData
[src]

Creates a new UnblindedSigData object, which consists of values e, S, and R.

Arguments

  • 'e' - H(msg||R), the unblinded variant of e'.
  • 's' - The unblinded signature (S' unblinded)
  • 'r' - The unblinded R' value received from the signer in step one of the protocol

Authenticates that the signature value S on e is valid with R and the provided public key (ie: that S' was created on e' with the private key associated with the provided public key, in the session that was initiated with the R' value).

Arguments

'pub_key' - The public key associated with the private key that ostensibly created the signature value S' on e', to authenticate that S is authentic on e (given R).

Returns

  • True to indicate that the values S is authentic on e and R with the provided pub_key, or in other words that the signature is valid.

  • False to indicate that the value S on e and R isn't authentic, or in other words that the signature is invalid.

Mathematics

  • SP == e*Qs + R
  • S = Unblinded signature value
  • P = ECC generator point
  • Qs = Public key of the signer
  • e = H(msg || R)
  • R = Unblinded version of the R' value from the signer

Notes

  • (SP == e*Qs + R) is not done in constant time, however neither half of this equation contains any secret information so this should be fine.

  • This method only verifies that the signature S on e is valid given R and pub_key, it does not verify that e is correlated to any given msg value.

The same as authenticate but with a constant time comparison.

The same as authenticate, but rather than using the internal e value compute the e value e = H(R||Msg) from the provided msg value. This function is useful if the actual value of the signed message is important.

Note

The internal e value is not used at all, and is not guaranteed to match H(R||msg) for the provided msg.

The same as const_authenticate, but rather than using the internal e value compute the e value e = H(R||Msg) from the provided msg value. This function is useful if the actual value of the signed message is important.

Note

The internal e value is not used at all, and is not guaranteed to match H(R||msg) for the provided msg.

Trait Implementations

impl Copy for UnblindedSigData
[src]

impl Clone for UnblindedSigData
[src]

Returns a copy of the value. Read more

Performs copy-assignment from source. Read more

impl Debug for UnblindedSigData
[src]

Formats the value using the given formatter. Read more

impl From<UnblindedSigData> for WiredUnblindedSigData
[src]

Performs the conversion.

Auto Trait Implementations