Module schnorr_fun::nonce

source ·
Expand description

Nonce Genration utilities

Nonce generation is one of the most difficult things to get right when implementing discrete log based cryptosystems so this library provides a built-in way of doing it with sane defaults. A nonce is random secret Scalar chosen per static scalar that the prover/signer takes as secret input to the algorithm. For it to be secure the distribution of the nonce and the public inputs to the algorithm must be uniformly random. For a signature scheme this means for every message the nonce must appear uniformly random to an attacker that does not know the corresponding secret. Even a slight bias can allow an attacker to extract the secret key if they can observe enough signatures/proofs.

Implementations using secp256kfun should allow the caller to pass in a NonceGen upon instantiating the scheme. When generating a nonce for a secret scalar implementations should use the derive_nonce! macro.

Structs§

  • Deterministic
    A deterministic nonce generator.
  • GlobalRng
    A zero sized type that wraps an RNG that implementes Default e.g. ThreadRng. GlobalRng implements NonceRng and care has been taken to ensure it is Sync.
  • NoNonces
    Convenience type that is Tag but is not a NonceGen.
  • Synthetic
    A nonce generator that uses an RNG to mix in real randomness into the nonce generation.

Traits§

  • NonceGen
    A trait for hash based nonce gneration.
  • NonceRng
    A helper trait over RNGs that handle internal mutablility.