Trait ciphersuite::Ciphersuite

source ·

pub trait Ciphersuite: 'static + Send + Sync + Clone + Copy + PartialEq + Eq + Debug + Zeroize {
    type F: PrimeField + PrimeFieldBits + Zeroize;
    type G: Group<Scalar = Self::F> + GroupOps + PrimeGroup + Zeroize + ConstantTimeEq;
    type H: Send + Clone + BlockSizeUser + Digest + HashMarker + SecureDigest;

    const ID: &'static [u8];

    // Required methods
    fn generator() -> Self::G;
    fn hash_to_F(dst: &[u8], msg: &[u8]) -> Self::F;

    // Provided methods
    fn random_nonzero_F<R: RngCore + CryptoRng>(rng: &mut R) -> Self::F { ... }
    fn read_F<R: Read>(reader: &mut R) -> Result<Self::F> { ... }
    fn read_G<R: Read>(reader: &mut R) -> Result<Self::G> { ... }
}

Expand description

Unified trait defining a ciphersuite around an elliptic curve.

Required Associated Types§

source

type F: PrimeField + PrimeFieldBits + Zeroize

Scalar field element type.

source

type G: Group<Scalar = Self::F> + GroupOps + PrimeGroup + Zeroize + ConstantTimeEq

Group element type.

source

type H: Send + Clone + BlockSizeUser + Digest + HashMarker + SecureDigest

Hash algorithm used with this curve.

Required Associated Constants§

source

const ID: &'static [u8]

ID for this curve.

Required Methods§

source

fn generator() -> Self::G

Generator for the group.

source

fn hash_to_F(dst: &[u8], msg: &[u8]) -> Self::F

Hash the provided domain-separation tag and message to a scalar. Ciphersuites MAY naively prefix the tag to the message, enabling transpotion between the two. Accordingly, this function should NOT be used in any scheme where one tag is a valid substring of another UNLESS the specific Ciphersuite is verified to handle the DST securely.

Verifying specific ciphersuites have secure tag handling is not recommended, due to it breaking the intended modularity of ciphersuites. Instead, component-specific tags with further purpose tags are recommended (“Schnorr-nonce”, “Schnorr-chal”).