Crate schnorr_rs

Source
Expand description

§Schnorr Protocols

This repository contains the rust implementation of various Schnorr protocols by Dr. Claus-Peter Schnorr:

  • Schnorr Identification Protocol
  • Schnorr Signature Scheme
  • A variant of Schnorr Signature Scheme (elliptic curve cryptograhy based)

It is a light-weight library that implements the protocol in simpliest way where minimal number of APIs are used, though the protocols are highly interactive. While there are some limitations for you to consider before using it:

  • Uses num-bigint.
  • when using ECC-based protocol, the library picks the curve p256 (a.k.a secp256r1, prime256v1) to use.

Note: this repository has not been thoroughly audited. Please take your own risk if you use it in production environment.

§Schnorr Signature Scheme

// Specify the common parameters from Integer field elements. (Not provided by this crate)
let scheme = schnorr_rs::signature_scheme::<sha2::Sha256>("1623299", "811649", "1109409").unwrap();

let rng = &mut rand::thread_rng();

let (key, public_key) = scheme.generate_key(rng);
let message = "hello world".as_bytes();
let signature = scheme.sign(rng, &key, &public_key, message);
assert!(scheme.verify(&public_key, message, &signature));

For the ECC-based scheme, use method schnorr_rs::signature_scheme_p256 to instantiate the scheme.

§Schnorr Identification Protocol

The protocol involves user, issuer and verifier, who share the same parameters defined in the struct Identification.

In following example, i is the identify in type BigUInt.

// Specify the common parameters from Integer field elements. (Not provided by this crate)
let protocol = schnorr_rs::identification_protocol("1623299", "811649", "1109409").unwrap();

let rng = &mut rand::thread_rng();

// Specify the signature scheme used in the protocol. It is not a must to use the scheme provided
// by this crate, as long as the signer and verifier implements the trait `signature::RandomizedDigestSigner`
// and `signature::DigestVerifier` respectively.
let signature_scheme = schnorr_rs::signature_scheme::<sha2::Sha256>("1623299", "811649", "1109409").unwrap();
let (signing_key, public_key) = signature_scheme.generate_key(rng);
let signer = schnorr_rs::Signer {
    scheme: &signature_scheme,
    key: &signing_key,
    pub_key: &public_key,
};
let verifier = schnorr_rs::Verifier {
    scheme: &signature_scheme,
    key: &public_key,
};

// An identity represented by BigUint.
let i = num_bigint::BigUint::from(123u32);

// User interacts with issuer to get a certificate
let (iss_secret, iss_params) = protocol.issue_params(rng, i.clone());
let cert = protocol.issue_certificate(rng, &signer, iss_params);

// User presents the certificate to the verifier
let (ver_secret, ver_req) = protocol.verification_request(rng, cert);

// Verifier challenges the user's knowledge of the secret
let challenge = protocol
    .verification_challenge(rng, &verifier, ver_req.clone())
    .unwrap();

// User responds to the challenge
let ver_res = protocol.verification_response(challenge.clone(), iss_secret, ver_secret);

// Verifier verifies the response
assert!(protocol.verification(ver_req, challenge, ver_res));

For the ECC-based protocol, use method schnorr_rs::identification_protocol_p256 to instantiate the protocol.

Re-exports§

pub use group::Group;
pub use group::SchnorrGroup;
pub use group::SchnorrP256Group;
pub use public_key::PublicKey;
pub use signature::Signature;
pub use signature_scheme::SignatureScheme;
pub use signing_key::SigningKey;
pub use signer::Signer;
pub use verifier::Verifier;
pub use identification::Identification;

Modules§

group
This module contains the definition of the Group trait and the SchnorrGroup struct.
identification
Implementation of Schnorr Identification Protocol.
public_key
signature
signature_scheme
Implementation of Schnorr Signature Scheme
signer
signing_key
verifier

Functions§

identification_protocol
Instantiate a Schnorr Identification Protocol from string representation of p, q, and a:
identification_protocol_p256
Instantiate a Schnorr Identification Protocol based on elliptic curve p256. The generator point is provided by crate p256.
signature_scheme
Instantiate a Schnorr Signature Protocol from string representation of p, q, and a:
signature_scheme_p256
Instantiate a Schnorr Signature Protocol based on elliptic curve p256. The generator point is provided by crate p256.