[−][src]Struct schnorr_fun::Schnorr
An instance of a BIP-340 style Schnorr signature scheme.
Each instance is defined by its:
G
: Public generator (usuallyG
)challenge_hash
: The hash function instance that is used to produce the Fiat-Shamir challenge.nonce_gen
: TheNonceGen
used to hash the signing inputs (and perhaps additional randomness) to produce the secret nonce.
Implementations
impl<H: Digest<OutputSize = U32> + Tagged> Schnorr<H, (), BasePoint>
[src]
pub fn verify_only(msgkind: MessageKind) -> Self
[src]
Create a new instance that doesn't
Creates a Schnorr
instance to verifying signatures of a particular MessageKind
.
The instance will use the standard value of G
.
Examples
use schnorr_fun::{MessageKind, Schnorr}; // An instance that can verify Bitcoin Taproot transactions let taproot_schnorr = Schnorr::<sha2::Sha256>::verify_only(MessageKind::Prehashed); // An instance for verifying transactions in your application let myapp_schnorr = Schnorr::<sha2::Sha256>::verify_only(MessageKind::Plain { tag: "myapp" });
impl<CH, NG> Schnorr<CH, NG, BasePoint> where
CH: Digest<OutputSize = U32> + Tagged,
NG: AddTag,
[src]
CH: Digest<OutputSize = U32> + Tagged,
NG: AddTag,
pub fn new(nonce_gen: NG, msgkind: MessageKind) -> Self
[src]
Creates a instance capable of signing and verifying.
Examples
use rand::rngs::ThreadRng; use schnorr_fun::{ nonce::{Deterministic, GlobalRng, Synthetic}, MessageKind, Schnorr, }; use sha2::Sha256; // Use synthetic nonces (preferred) let nonce_gen = Synthetic::<Sha256, GlobalRng<ThreadRng>>::default(); // Use deterministic nonces. let nonce_gen = Deterministic::<Sha256>::default(); // Sign pre-hashed messges as in BIP-341. let schnorr = Schnorr::<Sha256, _>::new(nonce_gen.clone(), MessageKind::Prehashed); // Sign ordinary messages in your own application. let schnorr = Schnorr::<Sha256, _>::new(nonce_gen, MessageKind::Plain { tag: "my-app" });
impl<NG, CH, GT> Schnorr<CH, NG, GT> where
CH: Digest<OutputSize = U32> + Clone,
NG: NonceGen,
[src]
CH: Digest<OutputSize = U32> + Clone,
NG: NonceGen,
pub fn sign(
&self,
keypair: &KeyPair,
message: Slice<'_, impl Secrecy>
) -> Signature
[src]
&self,
keypair: &KeyPair,
message: Slice<'_, impl Secrecy>
) -> Signature
Sign a message using a secret key and a particular nonce derivation scheme.
Examples
use schnorr_fun::{ fun::{marker::*, Scalar}, MessageKind, }; let keypair = schnorr.new_keypair(Scalar::random(&mut rand::thread_rng())); let message = b"Chancellor on brink of second bailout for banks" .as_ref() .mark::<Public>(); let signature = schnorr.sign(&keypair, message); assert!(schnorr.verify(&keypair.verification_key(), message, &signature));
pub fn nonce_gen(&self) -> &NG
[src]
Returns the NonceGen
instance being used to genreate nonces.
impl<NG, CH: Digest<OutputSize = U32> + Clone, GT> Schnorr<CH, NG, GT>
[src]
pub fn G(&self) -> &Point<GT>
[src]
Returns the generator point being used for the scheme.
pub fn challenge_hash(&self) -> CH
[src]
Returns the challenge hash being used to sign/verify signatures
pub fn new_keypair(&self, sk: Scalar) -> KeyPair
[src]
Converts a non-zero scalar to a key-pair by interpreting it as a secret key.
The secret key in the resulting key is not guaranteed to be the same
as the input. For half the input values the result will be the
negation of it. This happens because the corresponding Point
may not
have an y-coordinate that is even (see EvenY
)
pub fn challenge<S: Secrecy>(
&self,
R: &XOnly,
X: &XOnly,
m: Slice<'_, S>
) -> Scalar<S, Zero>
[src]
&self,
R: &XOnly,
X: &XOnly,
m: Slice<'_, S>
) -> Scalar<S, Zero>
Produces the Fiat-Shamir challenge for a Schnorr signature in the form specified by BIP-340.
Concretely computes the hash H(R || X || m)
.
Example
Here's how you could use this to roll your own signatures.
use schnorr_fun::{ fun::{marker::*, s, Scalar, XOnly}, Schnorr, Signature, }; let message = b"we rolled our own sign!".as_ref().mark::<Public>(); let keypair = schnorr.new_keypair(Scalar::random(&mut rand::thread_rng())); let mut r = Scalar::random(&mut rand::thread_rng()); let R = XOnly::from_scalar_mul(schnorr.G(), &mut r); let challenge = schnorr.challenge(&R, keypair.public_key(), message); let s = s!(r + challenge * { keypair.secret_key() }); let signature = Signature { R, s }; assert!(schnorr.verify(&keypair.verification_key(), message, &signature));
#[must_use]pub fn verify(
&self,
public_key: &Point<EvenY, impl Secrecy>,
message: Slice<'_, impl Secrecy>,
signature: &Signature<impl Secrecy>
) -> bool
[src]
&self,
public_key: &Point<EvenY, impl Secrecy>,
message: Slice<'_, impl Secrecy>,
signature: &Signature<impl Secrecy>
) -> bool
Verifies a signature on a message under a given public key. Note that a full
Point<EvenY,..>
is passed in rather than a XOnly
because it's more efficient
for repeated verification (where as XOnly
is more efficient for repeated
signing).
For an example see the Synopsis
pub fn anticipate_signature(
&self,
X: &Point<EvenY, impl Secrecy>,
R: &Point<EvenY, impl Secrecy>,
m: Slice<'_, impl Secrecy>
) -> Point<Jacobian, Public, Zero>
[src]
&self,
X: &Point<EvenY, impl Secrecy>,
R: &Point<EvenY, impl Secrecy>,
m: Slice<'_, impl Secrecy>
) -> Point<Jacobian, Public, Zero>
Anticipates a Schnorr signature given the nonce R
that will be used ahead of time.
Deterministically returns the group element that corresponds to the scalar value of the
signature. i.e R + c * X
Trait Implementations
impl<CH, NG, GT> Adaptor for Schnorr<CH, NG, GT> where
CH: Digest<OutputSize = U32> + Clone,
[src]
CH: Digest<OutputSize = U32> + Clone,
fn encryption_key_for(&self, decryption_key: &Scalar) -> Point
[src]
#[must_use]fn verify_encrypted_signature(
&self,
verification_key: &Point<EvenY, impl Secrecy>,
encryption_key: &Point<impl Normalized, impl Secrecy>,
message: Slice<'_, impl Secrecy>,
encrypted_signature: &EncryptedSignature<impl Secrecy>
) -> bool
[src]
&self,
verification_key: &Point<EvenY, impl Secrecy>,
encryption_key: &Point<impl Normalized, impl Secrecy>,
message: Slice<'_, impl Secrecy>,
encrypted_signature: &EncryptedSignature<impl Secrecy>
) -> bool
fn decrypt_signature(
&self,
decryption_key: Scalar<impl Secrecy>,
encrypted_signature: EncryptedSignature<impl Secrecy>
) -> Signature
[src]
&self,
decryption_key: Scalar<impl Secrecy>,
encrypted_signature: EncryptedSignature<impl Secrecy>
) -> Signature
fn recover_decryption_key(
&self,
encryption_key: &Point<impl Normalized, impl Secrecy>,
encrypted_signature: &EncryptedSignature<impl Secrecy>,
signature: &Signature<impl Secrecy>
) -> Option<Scalar>
[src]
&self,
encryption_key: &Point<impl Normalized, impl Secrecy>,
encrypted_signature: &EncryptedSignature<impl Secrecy>,
signature: &Signature<impl Secrecy>
) -> Option<Scalar>
impl<CH: Clone, NG: Clone, GT: Clone> Clone for Schnorr<CH, NG, GT>
[src]
impl<NG, CH, GT> EncryptedSign for Schnorr<CH, NG, GT> where
CH: Digest<OutputSize = U32> + Clone,
NG: NonceGen,
[src]
CH: Digest<OutputSize = U32> + Clone,
NG: NonceGen,
fn encrypted_sign(
&self,
signing_key: &KeyPair,
encryption_key: &Point<impl Normalized, impl Secrecy>,
message: Slice<'_, impl Secrecy>
) -> EncryptedSignature
[src]
&self,
signing_key: &KeyPair,
encryption_key: &Point<impl Normalized, impl Secrecy>,
message: Slice<'_, impl Secrecy>
) -> EncryptedSignature
Auto Trait Implementations
impl<CH, NG, GT> RefUnwindSafe for Schnorr<CH, NG, GT> where
CH: RefUnwindSafe,
GT: RefUnwindSafe,
NG: RefUnwindSafe,
CH: RefUnwindSafe,
GT: RefUnwindSafe,
NG: RefUnwindSafe,
impl<CH, NG, GT> Send for Schnorr<CH, NG, GT> where
CH: Send,
GT: Send,
NG: Send,
CH: Send,
GT: Send,
NG: Send,
impl<CH, NG, GT> Sync for Schnorr<CH, NG, GT> where
CH: Sync,
GT: Sync,
NG: Sync,
CH: Sync,
GT: Sync,
NG: Sync,
impl<CH, NG, GT> Unpin for Schnorr<CH, NG, GT> where
CH: Unpin,
GT: Unpin,
NG: Unpin,
CH: Unpin,
GT: Unpin,
NG: Unpin,
impl<CH, NG, GT> UnwindSafe for Schnorr<CH, NG, GT> where
CH: UnwindSafe,
GT: UnwindSafe,
NG: UnwindSafe,
CH: UnwindSafe,
GT: UnwindSafe,
NG: UnwindSafe,
Blanket Implementations
impl<T> Any for T where
T: 'static + ?Sized,
[src]
T: 'static + ?Sized,
impl<T> Borrow<T> for T where
T: ?Sized,
[src]
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]
T: ?Sized,
fn borrow_mut(&mut self) -> &mut T
[src]
impl<T> From<T> for T
[src]
impl<T, U> Into<U> for T where
U: From<T>,
[src]
U: From<T>,
impl<T> Mark for T
[src]
#[must_use]fn mark<M>(self) -> <M as ChangeMark<T>>::Out where
M: ChangeMark<T>,
[src]
M: ChangeMark<T>,
impl<T> Same<T> for T
type Output = T
Should always be Self
impl<T> ToOwned for T where
T: Clone,
[src]
T: Clone,
type Owned = T
The resulting type after obtaining ownership.
fn to_owned(&self) -> T
[src]
fn clone_into(&self, target: &mut T)
[src]
impl<T, U> TryFrom<U> for T where
U: Into<T>,
[src]
U: Into<T>,
type Error = Infallible
The type returned in the event of a conversion error.
fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>
[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>,
[src]
U: TryFrom<T>,