[−][src]Module ecdsa_fun::nonce
Nonce Genration utilities
Nonce generation is one of the most difficult things to get right when
implementing discrete log based cryptosystems so this library provides a
built-in way of doing it with sane defaults. A nonce is random secret
Scalar chosen per static scalar that the prover/signer takes as secret
input to the algorithm. For it to be secure the distribution of the nonce
and the public inputs to the algorithm must be uniformly random. For a
signature scheme this means for every message the nonce must appear
uniformly random to an attacker that does not know the corresponding secret.
Even a slight bias can allow an attacker to extract the secret key if they
can observe enough signatures/proofs.
Implementations using secp256kfun should allow the caller to pass in a
NonceGen upon instantiating the scheme. When generating a nonce for a
secret scalar implementations should use the derive_nonce! macro.
Structs
| Deterministic | A deterministic nonce generator. |
| NonceChallengeBundle | A struct to keep tagging of a Fiat-Shamir challenge hash and a |
| Synthetic | A nonce generator that uses an RNG to mix in real randomness into the nonce generation. |
Traits
| NonceGen | A trait for hash based nonce gneration. |
| NonceRng | A helper trait over RNGs that handle internal mutablility. |
Functions
| from_global_rng | Creates a |