magikitten

Struct Transcript

Source 
pub struct Transcript { /* private fields */ }
Expand description

Represents a transcript.

A transcript is, in essence, a way of making a public coin protocol non-interactive. The transcript can absorb messages, and then produce challenges based on the messages in response.

§Basic Flow

The basic flow of using a transcript involves initializing it, adding in messages, and then generating challenges:

let mut transcript = Transcript::new(b"my protocol");
transcript.message(b"message0", b"hello world!");
let c0 = transcript.challenge(b"challenge0").next_u64();
transcript.message(b"message1", b"hello again!");
let c1 = transcript.challenge(b"challenge1").next_u64();

Notice that you can mix adding messages and extracting challenges.

Implementations§

Source§

impl Transcript

Source

pub fn new(protocol: &'static [u8]) -> Self

Initialize a new transcript.

This also takes a string describing the protocol the transcript is being used for. This is used for domain separation.

Note that for most situations, constructions should simply accept a transcript as input, rather than creating it themselves. This allows a scheme to be used in various contexts, including in sequential composition with other schemes.

Source

pub fn message(&mut self, label: &'static [u8], data: &[u8])

Add a message to this transcript.

You can also add a label to distinguish this message from others.

The labels used for different objects in a transcript should, ideally, be unique. It’s ok if some labels are prefixes of others.

Source

pub fn challenge(&mut self, label: &'static [u8]) -> MeowRng

Generate a challenge given the transcript so far.

This challenge takes the form of an infinite stream of bytes, represented as an RNG.

Source

pub fn forked(&self, label: &'static [u8], data: &[u8]) -> Self

Create a forked version of this transcript.

This is often useful in the context of cryptographic protocols. You might want to verify multiple proofs generated at the some point in the transcript, but by different people. You can use this primitive to fork the transcript to check those proofs, with some domain separation identifying each person.

Forking without domain separation is intentionally not possible, to prevent potential misuse where the same randomness is generated in different contexts.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.