derive_proxy_keys

proxy_signatures

Function derive_proxy_keys 

Source 
pub fn derive_proxy_keys(
    b_keys: &KeyPair,
    a_pub: &Point,
    token: &DelegationToken,
) -> Result<ProxyKeys>
Expand description

Derive proxy signing keys from a delegation token

§Arguments

  • b_keys - Proxy’s key pair
  • a_pub - Original signer’s public key
  • token - Valid delegation token bound to this proxy

§Returns

A ProxyKeys struct with named sk and pk fields for better type safety

§Errors

Returns InvalidDelegation if token verification fails, ProxyKeyMismatch if the proxy’s public key doesn’t match the bound key, or if derived keys don’t match expected values

Examples found in repository?
examples/demo.rs (line 34)
6fn main() -> Result<()> {
7    println!("=== Ristretto255 Proxy Signatures Demo ===\n");
8
9    // 1) Key generation
10    println!("1. Generating keys...");
11    let a = KeyPair::new()?; // Original signer
12    let b = KeyPair::new()?; // Proxy signer
13    println!(
14        "   A's public key: {}",
15        Hex::encode_to_string(a.pk).unwrap()
16    );
17    println!(
18        "   B's public key: {}",
19        Hex::encode_to_string(b.pk).unwrap()
20    );
21
22    // 2) Delegation with warrant
23    println!("\n2. Creating delegation...");
24    let warrant = b"Proxy: B may sign for A for service XYZ until 2026-12-31";
25    let token = DelegationToken::create(&a, &b.pk, warrant)?;
26    if !token.verify(&a.pk)? {
27        return Err(proxy_signatures::ProxySignatureError::InvalidDelegation);
28    }
29    println!("   Warrant: {}", std::str::from_utf8(warrant)?);
30    println!("   Delegation token created and verified");
31
32    // 3) Proxy key derivation
33    println!("\n3. Deriving proxy keys...");
34    let keys = proxy_signatures::derive_proxy_keys(&b, &a.pk, &token)?;
35    let ctx = ProxyPublicContext {
36        warrant: warrant.to_vec(),
37        rw: token.rw,
38        yp: keys.pk,
39    };
40    println!(
41        "   Proxy public key YP: {}",
42        Hex::encode_to_string(keys.pk).unwrap()
43    );
44
45    // 4) Proxy signs
46    println!("\n4. Creating proxy signature...");
47    let msg = b"Pay 10 units to Carol";
48    let sig = proxy_signatures::proxy_sign(&keys.sk, msg)?;
49    println!("   Message: {}", std::str::from_utf8(msg)?);
50    println!("   Signature created");
51
52    // 5) Verify proxy signature
53    println!("\n5. Verifying proxy signature...");
54    let valid = proxy_signatures::proxy_verify(&a.pk, &b.pk, msg, &sig, &ctx)?;
55    println!("   Proxy signature valid? {}", valid);
56
57    // 6) Test with wrong message
58    println!("\n6. Testing with wrong message...");
59    let wrong_msg = b"Pay 100 units to Carol";
60    let invalid = proxy_signatures::proxy_verify(&a.pk, &b.pk, wrong_msg, &sig, &ctx)?;
61    println!(
62        "   Wrong message signature valid? {} (should be false)",
63        invalid
64    );
65
66    // 7) Demonstrate revocation by tampering with warrant
67    println!("\n7. Testing revocation (modified warrant)...");
68    let revoked_ctx = ProxyPublicContext {
69        warrant: b"REVOKED: Original warrant no longer valid".to_vec(),
70        rw: ctx.rw,
71        yp: ctx.yp,
72    };
73    let revoked = proxy_signatures::proxy_verify(&a.pk, &b.pk, msg, &sig, &revoked_ctx)?;
74    println!(
75        "   Signature with revoked warrant valid? {} (should be false)",
76        revoked
77    );
78
79    println!("\n✅ All operations completed successfully!");
80
81    Ok(())
82}