pub trait Verifier:
Clone
+ Debug
+ Send
+ Sync
+ 'static {
type Subject<'a, D: Digest>: Subject;
type PublicKey: PublicKey;
type Certificate: Clone + Debug + PartialEq + Eq + Hash + Send + Sync + Codec;
// Required methods
fn verify_certificate<R, D, M>(
&self,
rng: &mut R,
subject: Self::Subject<'_, D>,
certificate: &Self::Certificate,
strategy: &impl Strategy,
) -> bool
where R: CryptoRng,
D: Digest,
M: Faults;
fn is_batchable() -> bool;
fn certificate_codec_config(&self) -> <Self::Certificate as Read>::Cfg;
fn certificate_codec_config_unbounded() -> <Self::Certificate as Read>::Cfg;
// Provided methods
fn verify_certificates<'a, R, D, I, M>(
&self,
rng: &mut R,
certificates: I,
strategy: &impl Strategy,
) -> bool
where R: CryptoRng,
D: Digest,
I: Iterator<Item = (Self::Subject<'a, D>, &'a Self::Certificate)>,
M: Faults { ... }
fn verify_certificates_bisect<'a, R, D, M>(
&self,
rng: &mut R,
certificates: &[(Self::Subject<'a, D>, &'a Self::Certificate)],
strategy: &impl Strategy,
) -> Vec<bool>
where R: CryptoRng,
D: Digest,
Self::Subject<'a, D>: Copy,
Self::Certificate: 'a,
M: Faults { ... }
}Expand description
Cryptographic surface for recovered certificate verification.
A Verifier verifies recovered certificates, but does not expose participant
metadata or signing operations.
Required Associated Types§
Required Methods§
Sourcefn verify_certificate<R, D, M>(
&self,
rng: &mut R,
subject: Self::Subject<'_, D>,
certificate: &Self::Certificate,
strategy: &impl Strategy,
) -> bool
fn verify_certificate<R, D, M>( &self, rng: &mut R, subject: Self::Subject<'_, D>, certificate: &Self::Certificate, strategy: &impl Strategy, ) -> bool
Verifies a certificate that was recovered or received from the network.
Sourcefn is_batchable() -> bool
fn is_batchable() -> bool
Returns whether this scheme benefits from batch verification.
Schemes that benefit from batch verification (like ed25519, bls12381_multisig
and bls12381_threshold) should return true, allowing callers to optimize by
deferring verification until multiple signatures are available.
Schemes that don’t benefit from batch verification (like secp256r1) should
return false, indicating that eager per-signature verification is preferred.
Sourcefn certificate_codec_config(&self) -> <Self::Certificate as Read>::Cfg
fn certificate_codec_config(&self) -> <Self::Certificate as Read>::Cfg
Encoding configuration for bounded-size certificate decoding used in network payloads.
Sourcefn certificate_codec_config_unbounded() -> <Self::Certificate as Read>::Cfg
fn certificate_codec_config_unbounded() -> <Self::Certificate as Read>::Cfg
Encoding configuration that allows unbounded certificate decoding.
Only use this when decoding data from trusted local storage, it must not be exposed to adversarial inputs or network payloads.
Provided Methods§
Sourcefn verify_certificates<'a, R, D, I, M>(
&self,
rng: &mut R,
certificates: I,
strategy: &impl Strategy,
) -> bool
fn verify_certificates<'a, R, D, I, M>( &self, rng: &mut R, certificates: I, strategy: &impl Strategy, ) -> bool
Verifies a stream of certificates, returning false at the first failure.
Sourcefn verify_certificates_bisect<'a, R, D, M>(
&self,
rng: &mut R,
certificates: &[(Self::Subject<'a, D>, &'a Self::Certificate)],
strategy: &impl Strategy,
) -> Vec<bool>
fn verify_certificates_bisect<'a, R, D, M>( &self, rng: &mut R, certificates: &[(Self::Subject<'a, D>, &'a Self::Certificate)], strategy: &impl Strategy, ) -> Vec<bool>
Batch-verifies certificates and returns a per-item result.
For batchable schemes, attempts batch verification first and bisects on failure to efficiently identify invalid certificates. For non-batchable schemes, verifies each certificate individually.
Dyn Compatibility§
This trait is not dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety".