Struct schnorr_fun::Schnorr

impl<H: Digest<OutputSize = U32> + Tag + Default> Schnorr<H, NoNonces>

pub fn verify_only() -> Self

Create a new instance that can only verify signatures.

§Example

use schnorr_fun::Schnorr;
use sha2::Sha256;

let schnorr = Schnorr::<Sha256>::verify_only();

impl<CH, NG> Schnorr<CH, NG>

pub fn nonce_gen(&self) -> &NG

Returns the NonceGen instance being used to genreate nonces.

impl<CH, NG> Schnorr<CH, NG>
where CH: Tag + Default, NG: Tag,

pub fn new(nonce_gen: NG) -> Self

Creates a instance capable of signing and verifying.

§Examples

use rand::rngs::ThreadRng;
use schnorr_fun::{
    nonce::{Deterministic, GlobalRng, Synthetic},
    Schnorr,
};
use sha2::Sha256;
// Use synthetic nonces (preferred)
let nonce_gen = Synthetic::<Sha256, GlobalRng<ThreadRng>>::default();
// Use deterministic nonces.
let nonce_gen = Deterministic::<Sha256>::default();
let schnorr = Schnorr::<Sha256, _>::new(nonce_gen.clone());
// then go and sign/verify messages!

impl<CH, NG> Schnorr<CH, NG>
where CH: Digest<OutputSize = U32> + Clone, NG: NonceGen,

pub fn sign( &self, keypair: &KeyPair<EvenY>, message: Message<'_, impl Secrecy> ) -> Signature

Sign a message using a secret key and a particular nonce derivation scheme.

§Examples

let keypair = schnorr.new_keypair(Scalar::random(&mut rand::thread_rng()));
let message = Message::<Public>::plain(
    "times-of-london",
    b"Chancellor on brink of second bailout for banks",
);
let signature = schnorr.sign(&keypair, message);
assert!(schnorr.verify(&keypair.public_key(), message, &signature));

impl<NG, CH: Digest<OutputSize = U32> + Clone> Schnorr<CH, NG>

pub fn challenge_hash(&self) -> CH

Returns the challenge hash being used to sign/verify signatures

pub fn new_keypair(&self, sk: Scalar) -> KeyPair<EvenY>

Convieninece method for creating a new signing KeyPair<EvenY>

pub fn challenge<S: Secrecy>( &self, R: &Point<EvenY, impl Secrecy>, X: &Point<EvenY, impl Secrecy>, m: Message<'_, S> ) -> Scalar<S, Zero>

Produces the Fiat-Shamir challenge for a Schnorr signature in the form specified by BIP-340.

Concretely computes the hash H(R || X || m). The Secrecy of the message is inherited by the returned scalar.

§Example

Here’s how you could use this to roll your own signatures.

use schnorr_fun::{
    fun::{marker::*, s, Point, Scalar, G},
    Message, Schnorr, Signature,
};
let message = Message::<Public>::plain("my-app", b"we rolled our own schnorr!");
let keypair = schnorr.new_keypair(Scalar::random(&mut rand::thread_rng()));
let mut r = Scalar::random(&mut rand::thread_rng());
let R = Point::even_y_from_scalar_mul(G, &mut r);
let challenge = schnorr.challenge(&R, &keypair.public_key(), message);
let s = s!(r + challenge * { keypair.secret_key() });
let signature = Signature { R, s };
assert!(schnorr.verify(&keypair.public_key(), message, &signature));

pub fn verify( &self, public_key: &Point<EvenY, impl Secrecy>, message: Message<'_, impl Secrecy>, signature: &Signature<impl Secrecy> ) -> bool

Verifies a signature on a message under a given public key.

§Example

use schnorr_fun::{
    fun::{marker::*, nonce, Scalar, hex, Point},
    Message, Schnorr, Signature
};
use sha2::Sha256;
use core::str::FromStr;

let schnorr = Schnorr::<Sha256>::verify_only();
let public_key = Point::<EvenY, Public>::from_str("d69c3509bb99e412e68b0fe8544e72837dfa30746d8be2aa65975f29d22dc7b9").unwrap();
let signature = Signature::<Public>::from_str("00000000000000000000003b78ce563f89a0ed9414f5aa28ad0d96d6795f9c6376afb1548af603b3eb45c9f8207dee1060cb71c04e80f593060b07d28308d7f4").unwrap();
let message = hex::decode("4df3c3f68fcc83b27e9d42c90431a72499f17875c81a599b566c9889b9696703").unwrap();
assert!(schnorr.verify(&public_key, Message::<Secret>::raw(&message), &signature));

// We could also say the message is secret if we want to use a constant time algorithm to verify the signature.
assert!(schnorr.verify(&public_key, Message::<Secret>::raw(&message), &signature));

pub fn anticipate_signature( &self, X: &Point<EvenY, impl Secrecy>, R: &Point<EvenY, impl Secrecy>, m: Message<'_, impl Secrecy> ) -> Point<NonNormal, Public, Zero>

Anticipates a Schnorr signature given the nonce R that will be used ahead of time. Deterministically returns the group element that corresponds to the scalar value of the signature. i.e R + c * X

Trait Implementations§

impl<CH, NG> Adaptor for Schnorr<CH, NG>
where CH: Digest<OutputSize = U32> + Clone,

fn encryption_key_for(&self, decryption_key: &Scalar) -> Point

Derives the public encryption key corresponding to a secret decryption key. Read more

fn verify_encrypted_signature( &self, verification_key: &Point<EvenY, impl Secrecy>, encryption_key: &Point<impl PointType, impl Secrecy>, message: Message<'_, impl Secrecy>, encrypted_signature: &EncryptedSignature<impl Secrecy> ) -> bool

Verifies an encrypted signature is valid i.e. if it is decrypted it will yield a signature on message under verification_key. Read more

fn decrypt_signature( &self, decryption_key: Scalar<impl Secrecy>, encrypted_signature: EncryptedSignature<impl Secrecy> ) -> Signature

Decrypts an encrypted signature yielding the signature. Read more

fn recover_decryption_key( &self, encryption_key: &Point<impl PointType, impl Secrecy>, encrypted_signature: &EncryptedSignature<impl Secrecy>, signature: &Signature<impl Secrecy> ) -> Option<Scalar>

Recovers the decryption key given an encrypted signature and the signature that was decrypted from it. Read more

impl<CH: Clone, NG: Clone> Clone for Schnorr<CH, NG>

fn clone(&self) -> Schnorr<CH, NG>

Returns a copy of the value. Read more

1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

impl<CH, NG> Default for Schnorr<CH, NG>
where CH: Default + Tag, NG: Default + Tag,

fn default() -> Self

Returns a Schnorr instance tagged in the default way according to BIP340.

§Examples

use schnorr_fun::{nonce::Deterministic, Schnorr};
use sha2::Sha256;

let schnorr = Schnorr::<Sha256, Deterministic<Sha256>>::default();

impl<NG, CH> EncryptedSign for Schnorr<CH, NG>
where CH: Digest<OutputSize = U32> + Clone, NG: NonceGen,

fn encrypted_sign( &self, signing_key: &KeyPair<EvenY>, encryption_key: &Point<Normal, impl Secrecy>, message: Message<'_, impl Secrecy> ) -> EncryptedSignature

Create a signature on a message encrypted under encryption_key. Read more

Auto Trait Implementations§

impl<CH, NG> RefUnwindSafe for Schnorr<CH, NG>
where CH: RefUnwindSafe, NG: RefUnwindSafe,

impl<CH, NG> UnwindSafe for Schnorr<CH, NG>
where CH: UnwindSafe, NG: UnwindSafe,

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T, U> Into for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> Same for T

type Output = T

Should always be Self

impl<T> ToOwned for T
where T: Clone,

type Owned = T

The resulting type after obtaining ownership.

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more

impl<T, U> TryFrom for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom>::Error>

Performs the conversion.

impl<T, U> TryInto for T
where U: TryFrom<T>,

type Error = >::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, >::Error>

Performs the conversion.

impl<V, T> VZip<V> for T
where V: MultiLane<T>,