[−][src]Module ecdsa_fun::nonce
Nonce Genration utilities
Nonce generation is one of the most difficult things to get right when
implementing discrete log based cryptosystems so this library provides a
built-in way of doing it with sane defaults. A nonce is random secret
Scalar
chosen per static scalar that the prover/signer takes as secret
input to the algorithm. For it to be secure the distribution of the nonce
and the public inputs to the algorithm must be uniformly random. For a
signature scheme this means for every message the nonce must appear
uniformly random to an attacker that does not know the corresponding secret.
Even a slight bias can allow an attacker to extract the secret key if they
can observe enough signatures/proofs.
Implementations using secp256kfun should allow the caller to pass in a
NonceGen
upon instantiating the scheme. When generating a nonce for a
secret scalar implementations should use the derive_nonce!
macro.
Structs
Deterministic | A deterministic nonce generator. |
GlobalRng | A zero sized type that wraps an instance of an RNG that implementes
|
NonceChallengeBundle | A struct to keep tagging of a Fiat-Shamir challenge hash and a |
Synthetic | A nonce generator that uses an RNG to mix in real randomness into the nonce generation. |
Traits
NonceGen | A trait for hash based nonce gneration. |
NonceRng | A helper trait over RNGs that handle internal mutablility. |