Scheme

commonware_cryptography::certificate

Trait Scheme 

Source 
pub trait Scheme:
    Clone
    + Debug
    + Send
    + Sync
    + 'static {
    type Subject<'a, D: Digest>: Subject;
    type PublicKey: PublicKey;
    type Signature: Clone + Debug + PartialEq + Eq + Hash + Send + Sync + CodecFixed<Cfg = ()>;
    type Certificate: Clone + Debug + PartialEq + Eq + Hash + Send + Sync + Codec;

    // Required methods
    fn me(&self) -> Option<u32>;
    fn participants(&self) -> &Set<Self::PublicKey>;
    fn sign<D: Digest>(
        &self,
        namespace: &[u8],
        subject: Self::Subject<'_, D>,
    ) -> Option<Attestation<Self>>;
    fn verify_attestation<D: Digest>(
        &self,
        namespace: &[u8],
        subject: Self::Subject<'_, D>,
        attestation: &Attestation<Self>,
    ) -> bool;
    fn assemble<I>(&self, attestations: I) -> Option<Self::Certificate>
       where I: IntoIterator<Item = Attestation<Self>>;
    fn verify_certificate<R: Rng + CryptoRng, D: Digest>(
        &self,
        rng: &mut R,
        namespace: &[u8],
        subject: Self::Subject<'_, D>,
        certificate: &Self::Certificate,
    ) -> bool;
    fn is_attributable(&self) -> bool;
    fn certificate_codec_config(&self) -> <Self::Certificate as Read>::Cfg;
    fn certificate_codec_config_unbounded() -> <Self::Certificate as Read>::Cfg;

    // Provided methods
    fn verify_attestations<R, D, I>(
        &self,
        _rng: &mut R,
        namespace: &[u8],
        subject: Self::Subject<'_, D>,
        attestations: I,
    ) -> Verification<Self>
       where R: Rng + CryptoRng,
             D: Digest,
             I: IntoIterator<Item = Attestation<Self>> { ... }
    fn verify_certificates<'a, R, D, I>(
        &self,
        rng: &mut R,
        namespace: &[u8],
        certificates: I,
    ) -> bool
       where R: Rng + CryptoRng,
             D: Digest,
             I: Iterator<Item = (Self::Subject<'a, D>, &'a Self::Certificate)> { ... }
}
Expand description

Cryptographic surface for multi-party certificate schemes.

A Scheme produces attestations, validates them (individually or in batches), assembles certificates, and verifies recovered certificates. Implementations may override the provided defaults to take advantage of scheme-specific batching strategies.

Required Associated Types§

Source

type Subject<'a, D: Digest>: Subject

Subject type for signing and verification.

Source

type PublicKey: PublicKey

Public key type for participant identity used to order and index the participant set.

Source

type Signature: Clone + Debug + PartialEq + Eq + Hash + Send + Sync + CodecFixed<Cfg = ()>

Signature emitted by individual participants.

Source

type Certificate: Clone + Debug + PartialEq + Eq + Hash + Send + Sync + Codec

Certificate assembled from a set of attestations.

Required Methods§

Source

fn me(&self) -> Option<u32>

Returns the index of “self” in the participant set, if available. Returns None if the scheme is a verifier-only instance.

Source

fn participants(&self) -> &Set<Self::PublicKey>

Returns the ordered set of participant public identity keys managed by the scheme.

Source

fn sign<D: Digest>( &self, namespace: &[u8], subject: Self::Subject<'_, D>, ) -> Option<Attestation<Self>>

Signs a subject using the supplied namespace for domain separation. Returns None if the scheme cannot sign (e.g. it’s a verifier-only instance).

Source

fn verify_attestation<D: Digest>( &self, namespace: &[u8], subject: Self::Subject<'_, D>, attestation: &Attestation<Self>, ) -> bool

Verifies a single attestation against the participant material managed by the scheme.

Source

fn assemble<I>(&self, attestations: I) -> Option<Self::Certificate>
where I: IntoIterator<Item = Attestation<Self>>,

Assembles attestations into a certificate, returning None if the threshold is not met.

Callers must not include duplicate attestations from the same signer.

Source

fn verify_certificate<R: Rng + CryptoRng, D: Digest>( &self, rng: &mut R, namespace: &[u8], subject: Self::Subject<'_, D>, certificate: &Self::Certificate, ) -> bool

Verifies a certificate that was recovered or received from the network.

Source

fn is_attributable(&self) -> bool

Returns whether per-participant fault evidence can be safely exposed.

Schemes where individual signatures can be safely reported as fault evidence should return true.

Source

fn certificate_codec_config(&self) -> <Self::Certificate as Read>::Cfg

Encoding configuration for bounded-size certificate decoding used in network payloads.

Source

fn certificate_codec_config_unbounded() -> <Self::Certificate as Read>::Cfg

Encoding configuration that allows unbounded certificate decoding.

Only use this when decoding data from trusted local storage, it must not be exposed to adversarial inputs or network payloads.

Provided Methods§

Source

fn verify_attestations<R, D, I>( &self, _rng: &mut R, namespace: &[u8], subject: Self::Subject<'_, D>, attestations: I, ) -> Verification<Self>
where R: Rng + CryptoRng, D: Digest, I: IntoIterator<Item = Attestation<Self>>,

Batch-verifies attestations and separates valid attestations from signer indices that failed verification.

Callers must not include duplicate attestations from the same signer.

Source

fn verify_certificates<'a, R, D, I>( &self, rng: &mut R, namespace: &[u8], certificates: I, ) -> bool
where R: Rng + CryptoRng, D: Digest, I: Iterator<Item = (Self::Subject<'a, D>, &'a Self::Certificate)>,

Verifies a stream of certificates, returning false at the first failure.

Dyn Compatibility§

This trait is not dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.

Implementors§