Module schnorr_fun::nonce
source · Expand description
Nonce Genration utilities
Nonce generation is one of the most difficult things to get right when
implementing discrete log based cryptosystems so this library provides a
built-in way of doing it with sane defaults. A nonce is random secret
Scalar
chosen per static scalar that the prover/signer takes as secret
input to the algorithm. For it to be secure the distribution of the nonce
and the public inputs to the algorithm must be uniformly random. For a
signature scheme this means for every message the nonce must appear
uniformly random to an attacker that does not know the corresponding secret.
Even a slight bias can allow an attacker to extract the secret key if they
can observe enough signatures/proofs.
Implementations using secp256kfun should allow the caller to pass in a
NonceGen
upon instantiating the scheme. When generating a nonce for a
secret scalar implementations should use the derive_nonce!
macro.
Structs§
- A deterministic nonce generator.
- A nonce generator that uses an RNG to mix in real randomness into the nonce generation.
Traits§
- A trait for hash based nonce gneration.
- A helper trait over RNGs that handle internal mutablility.