1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120

use std::fmt::{self, Debug};

#[cfg(any(test, feature = "test-impl"))]
use hex::FromHex;

use crate::{Challenge, Ciphersuite, Element, Error, Group, Signature};

/// A valid verifying key for Schnorr signatures over a FROST [`Ciphersuite::Group`].
#[derive(Copy, Clone, PartialEq)]
pub struct VerifyingKey<C>
where
    C: Ciphersuite,
{
    pub(crate) element: Element<C>,
}

impl<C> VerifyingKey<C>
where
    C: Ciphersuite,
{
    // pub(crate) fn from(scalar: &<<C::Group as Group>::Field as Field>::Scalar) -> Self {
    //     let element = <C::Group as Group>::generator() * *scalar;

    //     VerifyingKey { element }
    // }

    /// Create a new VerifyingKey from the given element.
    #[cfg(feature = "internals")]
    pub fn new(element: <C::Group as Group>::Element) -> Self {
        Self { element }
    }

    /// Return the underlying element.
    #[cfg(feature = "internals")]
    pub fn to_element(self) -> <C::Group as Group>::Element {
        self.element
    }

    /// Deserialize from bytes
    pub fn from_bytes(
        bytes: <C::Group as Group>::Serialization,
    ) -> Result<VerifyingKey<C>, Error<C>> {
        <C::Group>::deserialize(&bytes)
            .map(|element| VerifyingKey { element })
            .map_err(|e| e.into())
    }

    /// Serialize `VerifyingKey` to bytes
    pub fn to_bytes(&self) -> <C::Group as Group>::Serialization {
        <C::Group>::serialize(&self.element)
    }

    /// Verify a purported `signature` with a pre-hashed [`Challenge`] made by this verification
    /// key.
    pub(crate) fn verify_prehashed(
        &self,
        challenge: Challenge<C>,
        signature: &Signature<C>,
    ) -> Result<(), Error<C>> {
        // Verify check is h * ( - z * B + R  + c * A) == 0
        //                 h * ( z * B - c * A - R) == 0
        //
        // where h is the cofactor
        let zB = C::Group::generator() * signature.z;
        let cA = self.element * challenge.0;
        let check = (zB - cA - signature.R) * C::Group::cofactor();

        if check == C::Group::identity() {
            Ok(())
        } else {
            Err(Error::InvalidSignature)
        }
    }

    /// Verify a purported `signature` over `msg` made by this verification key.
    pub fn verify(&self, msg: &[u8], signature: &Signature<C>) -> Result<(), Error<C>> {
        C::verify_signature(msg, signature, self)
    }
}

impl<C> Debug for VerifyingKey<C>
where
    C: Ciphersuite,
{
    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
        f.debug_tuple("VerifyingKey")
            .field(&hex::encode(self.to_bytes()))
            .finish()
    }
}

#[cfg(any(test, feature = "test-impl"))]
impl<C> FromHex for VerifyingKey<C>
where
    C: Ciphersuite,
{
    type Error = &'static str;

    fn from_hex<T: AsRef<[u8]>>(hex: T) -> Result<Self, Self::Error> {
        let v: Vec<u8> = FromHex::from_hex(hex).map_err(|_| "invalid hex")?;
        match v.try_into() {
            Ok(bytes) => Self::from_bytes(bytes).map_err(|_| "malformed verifying key encoding"),
            Err(_) => Err("malformed verifying key encoding"),
        }
    }
}

// impl<C: Ciphersuite> From<VerifyingKey<C>> for <C::Group as Group>::ElementSerialization {
//     fn from(pk: VerifyingKey<C>) -> <C::Group as Group>::ElementSerialization {
//         pk.bytes.bytes
//     }
// }

// impl<C: Ciphersuite> TryFrom<<C::Group as Group>::ElementSerialization> for VerifyingKey<C> {
//     type Error = Error;

//     fn try_from(bytes: [u8; 32]) -> Result<Self, Self::Error> {
//         VerifyingKeyBytes::from(bytes).try_into()
//     }
// }