Trait Scheme 

pub trait Scheme:
    Clone
    + Debug
    + Send
    + Sync
    + 'static {
    type Subject<'a, D: Digest>: Subject;
    type PublicKey: PublicKey;
    type Signature: Clone + Debug + PartialEq + Eq + Hash + Send + Sync + CodecFixed<Cfg = ()>;
    type Certificate: Clone + Debug + PartialEq + Eq + Hash + Send + Sync + Codec;

    // Required methods
    fn me(&self) -> Option<Participant>;
    fn participants(&self) -> &Set<Self::PublicKey>;
    fn sign<D: Digest>(
        &self,
        subject: Self::Subject<'_, D>,
    ) -> Option<Attestation<Self>>;
    fn verify_attestation<R, D>(
        &self,
        rng: &mut R,
        subject: Self::Subject<'_, D>,
        attestation: &Attestation<Self>,
        strategy: &impl Strategy,
    ) -> bool
       where R: CryptoRngCore,
             D: Digest;
    fn assemble<I, M>(
        &self,
        attestations: I,
        strategy: &impl Strategy,
    ) -> Option<Self::Certificate>
       where I: IntoIterator<Item = Attestation<Self>>,
             I::IntoIter: Send,
             M: Faults;
    fn verify_certificate<R, D, M>(
        &self,
        rng: &mut R,
        subject: Self::Subject<'_, D>,
        certificate: &Self::Certificate,
        strategy: &impl Strategy,
    ) -> bool
       where R: CryptoRngCore,
             D: Digest,
             M: Faults;
    fn is_attributable() -> bool;
    fn is_batchable() -> bool;
    fn certificate_codec_config(&self) -> <Self::Certificate as Read>::Cfg;
    fn certificate_codec_config_unbounded() -> <Self::Certificate as Read>::Cfg;

    // Provided methods
    fn verify_attestations<R, D, I>(
        &self,
        rng: &mut R,
        subject: Self::Subject<'_, D>,
        attestations: I,
        strategy: &impl Strategy,
    ) -> Verification<Self>
       where R: CryptoRngCore,
             D: Digest,
             I: IntoIterator<Item = Attestation<Self>>,
             I::IntoIter: Send { ... }
    fn verify_certificates<'a, R, D, I, M>(
        &self,
        rng: &mut R,
        certificates: I,
        strategy: &impl Strategy,
    ) -> bool
       where R: CryptoRngCore,
             D: Digest,
             I: Iterator<Item = (Self::Subject<'a, D>, &'a Self::Certificate)>,
             M: Faults { ... }
}

Cryptographic surface for multi-party certificate schemes.

A Scheme produces attestations, validates them (individually or in batches), assembles certificates, and verifies recovered certificates. Implementations may override the provided defaults to take advantage of scheme-specific batching strategies.

Required Associated Types

type Subject<'a, D: Digest>: Subject

Subject type for signing and verification.

type PublicKey: PublicKey

Public key type for participant identity used to order and index the participant set.

type Signature: Clone + Debug + PartialEq + Eq + Hash + Send + Sync + CodecFixed<Cfg = ()>

Signature emitted by individual participants.

type Certificate: Clone + Debug + PartialEq + Eq + Hash + Send + Sync + Codec

Certificate assembled from a set of attestations.

Required Methods

fn me(&self) -> Option<Participant>

Returns the index of “self” in the participant set, if available. Returns None if the scheme is a verifier-only instance.

fn participants(&self) -> &Set<Self::PublicKey>

Returns the ordered set of participant public identity keys managed by the scheme.

fn sign<D: Digest>( &self, subject: Self::Subject<'_, D>, ) -> Option<Attestation<Self>>

Signs a subject. Returns None if the scheme cannot sign (e.g. it’s a verifier-only instance).

fn verify_attestation<R, D>( &self, rng: &mut R, subject: Self::Subject<'_, D>, attestation: &Attestation<Self>, strategy: &impl Strategy, ) -> bool

where R: CryptoRngCore, D: Digest,

Verifies a single attestation against the participant material managed by the scheme.

fn assemble<I, M>( &self, attestations: I, strategy: &impl Strategy, ) -> Option<Self::Certificate>

where I: IntoIterator<Item = Attestation<Self>>, I::IntoIter: Send, M: Faults,

Assembles attestations into a certificate, returning None if the threshold is not met.

Callers must not include duplicate attestations from the same signer. Passing duplicates is undefined behavior, implementations may panic or produce incorrect results.

fn verify_certificate<R, D, M>( &self, rng: &mut R, subject: Self::Subject<'_, D>, certificate: &Self::Certificate, strategy: &impl Strategy, ) -> bool

where R: CryptoRngCore, D: Digest, M: Faults,

Verifies a certificate that was recovered or received from the network.

fn is_attributable() -> bool

Returns whether per-participant fault evidence can be safely exposed.

Schemes where individual signatures can be safely reported as fault evidence should return true.

fn is_batchable() -> bool

Returns whether this scheme benefits from batch verification.

Schemes that benefit from batch verification (like ed25519, bls12381_multisig and bls12381_threshold) should return true, allowing callers to optimize by deferring verification until multiple signatures are available.

Schemes that don’t benefit from batch verification (like secp256r1) should return false, indicating that eager per-signature verification is preferred.

fn certificate_codec_config(&self) -> <Self::Certificate as Read>::Cfg

Encoding configuration for bounded-size certificate decoding used in network payloads.

fn certificate_codec_config_unbounded() -> <Self::Certificate as Read>::Cfg

Encoding configuration that allows unbounded certificate decoding.

Only use this when decoding data from trusted local storage, it must not be exposed to adversarial inputs or network payloads.

Provided Methods

fn verify_attestations<R, D, I>( &self, rng: &mut R, subject: Self::Subject<'_, D>, attestations: I, strategy: &impl Strategy, ) -> Verification<Self>

where R: CryptoRngCore, D: Digest, I: IntoIterator<Item = Attestation<Self>>, I::IntoIter: Send,

Batch-verifies attestations and separates valid attestations from signer indices that failed verification.

Callers must not include duplicate attestations from the same signer. Passing duplicates is undefined behavior, implementations may panic or produce incorrect results.

fn verify_certificates<'a, R, D, I, M>( &self, rng: &mut R, certificates: I, strategy: &impl Strategy, ) -> bool

where R: CryptoRngCore, D: Digest, I: Iterator<Item = (Self::Subject<'a, D>, &'a Self::Certificate)>, M: Faults,

Verifies a stream of certificates, returning false at the first failure.

Dyn Compatibility

This trait is not dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.

Implementors