pub trait Ciphersuite:
Copy
+ Clone
+ PartialEq
+ Debug
+ 'static {
type Group: Group;
type HashOutput: AsRef<[u8]>;
type SignatureSerialization: AsRef<[u8]> + TryFrom<Vec<u8>>;
const ID: &'static str;
// Required methods
fn H1(m: &[u8]) -> <<Self::Group as Group>::Field as Field>::Scalar;
fn H2(m: &[u8]) -> <<Self::Group as Group>::Field as Field>::Scalar;
fn H3(m: &[u8]) -> <<Self::Group as Group>::Field as Field>::Scalar;
fn H4(m: &[u8]) -> Self::HashOutput;
fn H5(m: &[u8]) -> Self::HashOutput;
// Provided methods
fn HDKG(
_m: &[u8],
) -> Option<<<Self::Group as Group>::Field as Field>::Scalar> { ... }
fn HID(
_m: &[u8],
) -> Option<<<Self::Group as Group>::Field as Field>::Scalar> { ... }
fn verify_signature(
msg: &[u8],
signature: &Signature<Self>,
public_key: &VerifyingKey<Self>,
) -> Result<(), Error<Self>> { ... }
}Expand description
A FROST ciphersuite specifies the underlying prime-order group details and cryptographic hash function.
Required Associated Constants§
sourceconst ID: &'static str
const ID: &'static str
The ciphersuite ID string. It should be equal to the contextString in the spec. For new ciphersuites, this should be a string that identifies the ciphersuite; it’s recommended to use a similar format to the ciphersuites in the FROST spec, e.g. “FROST-RISTRETTO255-SHA512-v1”.
Required Associated Types§
sourcetype HashOutput: AsRef<[u8]>
type HashOutput: AsRef<[u8]>
A unique byte array of fixed length.
Required Methods§
sourcefn H1(m: &[u8]) -> <<Self::Group as Group>::Field as Field>::Scalar
fn H1(m: &[u8]) -> <<Self::Group as Group>::Field as Field>::Scalar
H1 for a FROST ciphersuite.
Maps arbitrary inputs to Self::Scalar elements of the prime-order group scalar field.
sourcefn H2(m: &[u8]) -> <<Self::Group as Group>::Field as Field>::Scalar
fn H2(m: &[u8]) -> <<Self::Group as Group>::Field as Field>::Scalar
H2 for a FROST ciphersuite.
Maps arbitrary inputs to Self::Scalar elements of the prime-order group scalar field.
sourcefn H3(m: &[u8]) -> <<Self::Group as Group>::Field as Field>::Scalar
fn H3(m: &[u8]) -> <<Self::Group as Group>::Field as Field>::Scalar
H3 for a FROST ciphersuite.
Maps arbitrary inputs to Self::Scalar elements of the prime-order group scalar field.
sourcefn H4(m: &[u8]) -> Self::HashOutput
fn H4(m: &[u8]) -> Self::HashOutput
H4 for a FROST ciphersuite.
Usually an an alias for the ciphersuite hash function H with domain separation applied.
sourcefn H5(m: &[u8]) -> Self::HashOutput
fn H5(m: &[u8]) -> Self::HashOutput
H5 for a FROST ciphersuite.
Usually an an alias for the ciphersuite hash function H with domain separation applied.
Provided Methods§
sourcefn HDKG(_m: &[u8]) -> Option<<<Self::Group as Group>::Field as Field>::Scalar>
fn HDKG(_m: &[u8]) -> Option<<<Self::Group as Group>::Field as Field>::Scalar>
Hash function for a FROST ciphersuite, used for the DKG.
The DKG it not part of the specification, thus this is optional. It can return None if DKG is not supported by the Ciphersuite. This is the default implementation.
Maps arbitrary inputs to non-zero Self::Scalar elements of the prime-order group scalar field.
sourcefn HID(_m: &[u8]) -> Option<<<Self::Group as Group>::Field as Field>::Scalar>
fn HID(_m: &[u8]) -> Option<<<Self::Group as Group>::Field as Field>::Scalar>
Hash function for a FROST ciphersuite, used for deriving identifiers from strings.
This feature is not part of the specification and is just a convenient way of creating identifiers. Therefore it can return None if this is not supported by the Ciphersuite. This is the default implementation.
Maps arbitrary inputs to non-zero Self::Scalar elements of the prime-order group scalar field.
sourcefn verify_signature(
msg: &[u8],
signature: &Signature<Self>,
public_key: &VerifyingKey<Self>,
) -> Result<(), Error<Self>>
fn verify_signature( msg: &[u8], signature: &Signature<Self>, public_key: &VerifyingKey<Self>, ) -> Result<(), Error<Self>>
Verify a signature for this ciphersuite. The default implementation uses the “cofactored”
equation (it multiplies by the cofactor returned by Group::cofactor()).
§Cryptographic Safety
You may override this to provide a tailored implementation, but if the ciphersuite defines it,
it must also multiply by the cofactor to comply with the RFC. Note that batch verification
(see crate::batch::Verifier) also uses the default implementation regardless whether a
tailored implementation was provided.
Dyn Compatibility§
This trait is not dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.