pub struct IOPattern<H = DefaultHash, U = u8>where
U: Unit,
H: DuplexHash<U>,{ /* private fields */ }
Expand description
The IO Pattern of an interactive protocol.
An IO pattern is a string that specifies the protocol in a simple, non-ambiguous, human-readable format. A typical example is the following:
domain-separator A32generator A32public-key R A32commitment S32challenge A32response
The domain-separator is a user-specified string uniquely identifying the end-user application (to avoid cross-protocol attacks).
The letter A
indicates the absorption of a public input (an ABSORB
), while the letter S
indicates the squeezing (a SQUEEZE
) of a challenge.
The letter R
indicates a ratcheting operation: ratcheting means invoking the hash function even on an incomplete block.
It provides forward secrecy and allows it to start from a clean rate.
After the operation type, is the number of elements in base 10 that are being absorbed/squeezed.
Then, follows the label associated with the element being absorbed/squeezed. This often comes from the underlying description of the protocol. The label cannot start with a digit or contain the NULL byte.
§Guarantees
The struct IOPattern
guarantees the creation of a valid IO Pattern string, whose lengths are coherent with the types described in the protocol. No information about the types themselves is stored in an IO Pattern.
This means that Arthur
or Merlin
instances can generate successfully a protocol transcript respecting the length constraint but not the types. See issue #6 for a discussion on the topic.
Implementations§
source§impl<H: DuplexHash<U>, U: Unit> IOPattern<H, U>
impl<H: DuplexHash<U>, U: Unit> IOPattern<H, U>
sourcepub fn to_arthur(&self) -> Arthur<H, U, DefaultRng>
pub fn to_arthur(&self) -> Arthur<H, U, DefaultRng>
Create an crate::Arthur
instance from the IO Pattern.
sourcepub fn to_merlin<'a>(&self, transcript: &'a [u8]) -> Merlin<'a, H, U>
pub fn to_merlin<'a>(&self, transcript: &'a [u8]) -> Merlin<'a, H, U>
Create a crate::Merlin
instance from the IO Pattern and the protocol transcript (bytes).