Skip to main content

Verifier

Trait Verifier 

Source
pub trait Verifier:
    Clone
    + Debug
    + Send
    + Sync
    + 'static {
    type Subject<'a, D: Digest>: Subject;
    type PublicKey: PublicKey;
    type Certificate: Clone + Debug + PartialEq + Eq + Hash + Send + Sync + Codec;

    // Required methods
    fn verify_certificate<R, D, M>(
        &self,
        rng: &mut R,
        subject: Self::Subject<'_, D>,
        certificate: &Self::Certificate,
        strategy: &impl Strategy,
    ) -> bool
       where R: CryptoRng,
             D: Digest,
             M: Faults;
    fn is_batchable() -> bool;
    fn certificate_codec_config(&self) -> <Self::Certificate as Read>::Cfg;
    fn certificate_codec_config_unbounded() -> <Self::Certificate as Read>::Cfg;

    // Provided methods
    fn verify_certificates<'a, R, D, I, M>(
        &self,
        rng: &mut R,
        certificates: I,
        strategy: &impl Strategy,
    ) -> bool
       where R: CryptoRng,
             D: Digest,
             I: Iterator<Item = (Self::Subject<'a, D>, &'a Self::Certificate)>,
             M: Faults { ... }
    fn verify_certificates_bisect<'a, R, D, M>(
        &self,
        rng: &mut R,
        certificates: &[(Self::Subject<'a, D>, &'a Self::Certificate)],
        strategy: &impl Strategy,
    ) -> Vec<bool>
       where R: CryptoRng,
             D: Digest,
             Self::Subject<'a, D>: Copy,
             Self::Certificate: 'a,
             M: Faults { ... }
}
Expand description

Cryptographic surface for recovered certificate verification.

A Verifier verifies recovered certificates, but does not expose participant metadata or signing operations.

Required Associated Types§

Source

type Subject<'a, D: Digest>: Subject

Subject type for certificate verification.

Source

type PublicKey: PublicKey

Public key type for participant identity used to order and index the participant set.

Source

type Certificate: Clone + Debug + PartialEq + Eq + Hash + Send + Sync + Codec

Certificate assembled from a set of attestations.

Required Methods§

Source

fn verify_certificate<R, D, M>( &self, rng: &mut R, subject: Self::Subject<'_, D>, certificate: &Self::Certificate, strategy: &impl Strategy, ) -> bool
where R: CryptoRng, D: Digest, M: Faults,

Verifies a certificate that was recovered or received from the network.

Source

fn is_batchable() -> bool

Returns whether this scheme benefits from batch verification.

Schemes that benefit from batch verification (like ed25519, bls12381_multisig and bls12381_threshold) should return true, allowing callers to optimize by deferring verification until multiple signatures are available.

Schemes that don’t benefit from batch verification (like secp256r1) should return false, indicating that eager per-signature verification is preferred.

Source

fn certificate_codec_config(&self) -> <Self::Certificate as Read>::Cfg

Encoding configuration for bounded-size certificate decoding used in network payloads.

Source

fn certificate_codec_config_unbounded() -> <Self::Certificate as Read>::Cfg

Encoding configuration that allows unbounded certificate decoding.

Only use this when decoding data from trusted local storage, it must not be exposed to adversarial inputs or network payloads.

Provided Methods§

Source

fn verify_certificates<'a, R, D, I, M>( &self, rng: &mut R, certificates: I, strategy: &impl Strategy, ) -> bool
where R: CryptoRng, D: Digest, I: Iterator<Item = (Self::Subject<'a, D>, &'a Self::Certificate)>, M: Faults,

Verifies a stream of certificates, returning false at the first failure.

Source

fn verify_certificates_bisect<'a, R, D, M>( &self, rng: &mut R, certificates: &[(Self::Subject<'a, D>, &'a Self::Certificate)], strategy: &impl Strategy, ) -> Vec<bool>
where R: CryptoRng, D: Digest, Self::Subject<'a, D>: Copy, Self::Certificate: 'a, M: Faults,

Batch-verifies certificates and returns a per-item result.

For batchable schemes, attempts batch verification first and bisects on failure to efficiently identify invalid certificates. For non-batchable schemes, verifies each certificate individually.

Dyn Compatibility§

This trait is not dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety".

Implementors§