Module schnorr_fun::adaptor [−][src]
Algorithms for Schnorr “adaptor signature” signature encryption.
Adaptor signatures are a kind of signature encryption. Just as you would expect this means you can’t get the signature from the encrypted signature unless you know the decryption key. As you might not necessarily expect, this encryption is one-time in that anyone who knows the encrypted signature can recover the decryption key from the decrypted signature.
This weird leaking of the decryption key is incredibly useful has numerous applications in Bitcoin and cryptography more generally.
Synopsis
use rand::rngs::ThreadRng; use schnorr_fun::{ adaptor::{Adaptor, EncryptedSign}, fun::{marker::*, nonce, Scalar}, MessageKind, Schnorr, }; use sha2::Sha256; let nonce_gen = nonce::Synthetic::<Sha256, nonce::GlobalRng<ThreadRng>>::default(); let schnorr = Schnorr::<Sha256, _>::new(nonce_gen, MessageKind::Plain { tag: "my-app" }); let signing_keypair = schnorr.new_keypair(Scalar::random(&mut rand::thread_rng())); let verification_key = signing_keypair.verification_key(); let decryption_key = Scalar::random(&mut rand::thread_rng()); let encryption_key = schnorr.encryption_key_for(&decryption_key); let message = b"send 1 BTC to Bob".as_ref().mark::<Public>(); // Alice knows: signing_keypair, encryption_key // Bob knows: decryption_key, verification_key // Alice creates an encrypted signature and sends it to Bob let encrypted_signature = schnorr.encrypted_sign(&signing_keypair, &encryption_key, message); // Bob verifies it and decrypts it assert!(schnorr.verify_encrypted_signature( &verification_key, &encryption_key, message, &encrypted_signature )); let signature = schnorr.decrypt_signature(decryption_key, encrypted_signature.clone()); // Bob then broadcasts the signature to the public. // Once Alice sees it she can recover Bob's secret decryption key match schnorr.recover_decryption_key(&encryption_key, &encrypted_signature, &signature) { Some(decryption_key) => println!("Alice got the decryption key {}", decryption_key), None => eprintln!("signature is not the decryption of our original encrypted signature"), }
Structs
| EncryptedSignature | A one-time encrypted Schnorr signature or “adaptor signature”. |
Traits
| Adaptor | Extension trait adding the algorithms for the adaptor signature scheme to instances of |
| EncryptedSign | Extension trait for |