[−][src]Struct schnorrkel::keys::PublicKey
A Ristretto Schnorr public key.
Internally, these are represented as a RistrettoPoint
, meaning
an Edwards point with a static guarantee to be 2-torsion free.
At present, we decompress PublicKey
s into this representation
during deserialization, which improves error handling, but costs
a compression during signing and verifiaction.
Methods
impl PublicKey
[src]
pub fn as_compressed(&self) -> &CompressedRistretto
[src]
Access the compressed Ristretto form
pub fn into_compressed(self) -> CompressedRistretto
[src]
Extract the compressed Ristretto form
pub fn as_point(&self) -> &RistrettoPoint
[src]
Access the point form
pub fn into_point(self) -> RistrettoPoint
[src]
Extract the point form
pub fn from_compressed(
compressed: CompressedRistretto
) -> SignatureResult<PublicKey>
[src]
compressed: CompressedRistretto
) -> SignatureResult<PublicKey>
Decompress into the PublicKey
format that also retains the
compressed form.
pub fn from_point(point: RistrettoPoint) -> PublicKey
[src]
Compress into the PublicKey
format that also retains the
uncompressed form.
pub fn to_bytes(&self) -> [u8; 32]
[src]
Convert this public key to a byte array.
pub fn from_bytes(bytes: &[u8]) -> SignatureResult<PublicKey>
[src]
Construct a PublicKey
from a slice of bytes.
Warning
The caller is responsible for ensuring that the bytes passed into this
method actually represent a curve25519_dalek::ristretto::CompressedRistretto
and that said compressed point is actually a point on the curve.
Example
use schnorrkel::PublicKey; use schnorrkel::PUBLIC_KEY_LENGTH; use schnorrkel::SignatureError; let public_key_bytes: [u8; PUBLIC_KEY_LENGTH] = [ 215, 90, 152, 1, 130, 177, 10, 183, 213, 75, 254, 211, 201, 100, 7, 58, 14, 225, 114, 243, 218, 166, 35, 37, 175, 2, 26, 104, 247, 7, 81, 26]; let public_key = PublicKey::from_bytes(&public_key_bytes)?;
Returns
A Result
whose okay value is an EdDSA PublicKey
or whose error value
is an SignatureError
describing the error that occurred.
impl PublicKey
[src]
pub fn verify<T: SigningTranscript>(&self, t: T, signature: &Signature) -> bool
[src]
Verify a signature by this public key on a transcript.
Requires a SigningTranscript
, normally created from a
SigningContext
and a message, as well as the signature
to be verified.
pub fn verify_simple(
&self,
ctx: &'static [u8],
msg: &[u8],
signature: &Signature
) -> bool
[src]
&self,
ctx: &'static [u8],
msg: &[u8],
signature: &Signature
) -> bool
Verify a signature by this public key on a message.
impl PublicKey
[src]
pub fn vrfs_merge<B>(&self, ps: &[B]) -> VRFInOut where
B: Borrow<VRFInOut>,
[src]
B: Borrow<VRFInOut>,
Merge VRF input and output pairs from the same signer, using constant time arithmetic.
There is sadly no constant time 128 bit multiplication in dalek, making this variant somewhat slower than necessary. It should only impact signers in niche scenarios however, so this slower variant should normally be unnecessary.
TODO: Add constant time 128 bit batched multiplication to dalek.
TODO: Is rand_chacha's gen::<u128>()
standardizable enough to
prefer it over merlin for the output?
pub fn vrfs_merge_vartime<B>(&self, ps: &[B]) -> VRFInOut where
B: Borrow<VRFInOut>,
[src]
B: Borrow<VRFInOut>,
Merge VRF input and output pairs from the same signer, using variable time arithmetic
You should use this variant when verifying VRF proofs batched by the singer. You could usually use this variant even when producing proofs, provided the set being signed is not secret.
impl PublicKey
[src]
pub fn dleq_verify<T>(
&self,
t: T,
p: &VRFInOut,
proof: &VRFProof
) -> SignatureResult<VRFProofBatchable> where
T: SigningTranscript,
[src]
&self,
t: T,
p: &VRFInOut,
proof: &VRFProof
) -> SignatureResult<VRFProofBatchable> where
T: SigningTranscript,
Verify DLEQ proof that points_out
consists of all points in
points_in
raised to the same private exponent as self
.
We also return an enlarged VRFProofBatchable
instead of true
so that verifiers can forward batchable proofs.
In principle, one might provide "blindly verifiable" VRFs that
avoid requiring self
here, but naively such constructions
risk the same flaws as DLEQ based blind signatures, and this
version exploits the slightly faster basepoint arithmetic.
pub fn vrf_verify<T: SigningTranscript>(
&self,
t: T,
out: &VRFOutput,
proof: &VRFProof
) -> SignatureResult<(VRFInOut, VRFProofBatchable)>
[src]
&self,
t: T,
out: &VRFOutput,
proof: &VRFProof
) -> SignatureResult<(VRFInOut, VRFProofBatchable)>
Verify VRF proof for one single input transcript and corresponding output.
pub fn vrfs_verify<T, I, O>(
&self,
transcripts: I,
outs: &[O],
proof: &VRFProof
) -> SignatureResult<(Box<[VRFInOut]>, VRFProofBatchable)> where
T: SigningTranscript,
I: IntoIterator<Item = T>,
O: Borrow<VRFOutput>,
[src]
&self,
transcripts: I,
outs: &[O],
proof: &VRFProof
) -> SignatureResult<(Box<[VRFInOut]>, VRFProofBatchable)> where
T: SigningTranscript,
I: IntoIterator<Item = T>,
O: Borrow<VRFOutput>,
Verify a common VRF short proof for several input transcripts and corresponding outputs.
impl PublicKey
[src]
pub fn accept_ecqv_cert<T>(
&self,
t: T,
seed_secret_key: &SecretKey,
cert_secret: ECQVCertSecret
) -> SignatureResult<(ECQVCertPublic, SecretKey)> where
T: SigningTranscript,
[src]
&self,
t: T,
seed_secret_key: &SecretKey,
cert_secret: ECQVCertSecret
) -> SignatureResult<(ECQVCertPublic, SecretKey)> where
T: SigningTranscript,
Accept an ECQV implicit certificate
We request an ECQV implicit certificate by first creating an
ephemeral Keypair
and sending the public portion to the issuer
as seed_public_key
. An issuer issues the certificat by replying
with the ECQVCertSecret
created by issue_ecqv_cert
.
Aside from the issuer PublicKey
supplied as self
, you provide
(1) a digest h
that incorporates both the context and the
certificate requester's identity,
(2) the seed_secret_key
corresponding to the seed_public_key
they sent to the issuer by the certificate recipient in their
certificate request, and
(3) the ECQVCertSecret
send by the issuer to the certificate
requester.
We return both your certificate's new SecretKey
as well as
an ECQVCertPublic
from which third parties may derive
corresponding public key from h
and the issuer's public key.
impl PublicKey
[src]
pub fn open_ecqv_cert<T>(
&self,
t: T,
cert_public: &ECQVCertPublic
) -> SignatureResult<PublicKey> where
T: SigningTranscript,
[src]
&self,
t: T,
cert_public: &ECQVCertPublic
) -> SignatureResult<PublicKey> where
T: SigningTranscript,
Trait Implementations
impl Derivation for PublicKey
[src]
fn derived_key<T>(&self, t: T, cc: ChainCode) -> (PublicKey, ChainCode) where
T: SigningTranscript + Clone,
[src]
T: SigningTranscript + Clone,
fn derived_key_simple<B: AsRef<[u8]>>(
&self,
cc: ChainCode,
i: B
) -> (Self, ChainCode)
[src]
&self,
cc: ChainCode,
i: B
) -> (Self, ChainCode)
Derive key with subkey identified by a byte array and a chain code. We do not include a context here becuase the chain code could serve this purpose. We support only Shake256 here for simplicity, and the reasons discussed in lib.rs
, and https://github.com/rust-lang/rust/issues/36887 Read more
impl Copy for PublicKey
[src]
impl Debug for PublicKey
[src]
impl PartialEq<PublicKey> for PublicKey
[src]
impl Eq for PublicKey
[src]
impl Ord for PublicKey
[src]
fn cmp(&self, other: &PublicKey) -> Ordering
[src]
fn max(self, other: Self) -> Self
1.21.0[src]
Compares and returns the maximum of two values. Read more
fn min(self, other: Self) -> Self
1.21.0[src]
Compares and returns the minimum of two values. Read more
fn clamp(self, min: Self, max: Self) -> Self
[src]
clamp
)Returns max if self is greater than max, and min if self is less than min. Otherwise this will return self. Panics if min > max. Read more
impl PartialOrd<PublicKey> for PublicKey
[src]
fn partial_cmp(&self, other: &PublicKey) -> Option<Ordering>
[src]
fn lt(&self, other: &PublicKey) -> bool
[src]
fn le(&self, other: &PublicKey) -> bool
[src]
fn gt(&self, other: &PublicKey) -> bool
[src]
fn ge(&self, other: &PublicKey) -> bool
[src]
impl From<SecretKey> for PublicKey
[src]
impl Hash for PublicKey
[src]
fn hash<__H: Hasher>(&self, state: &mut __H)
[src]
fn hash_slice<H>(data: &[Self], state: &mut H) where
H: Hasher,
1.3.0[src]
H: Hasher,
Feeds a slice of this type into the given [Hasher
]. Read more
impl Clone for PublicKey
[src]
fn clone(&self) -> PublicKey
[src]
fn clone_from(&mut self, source: &Self)
1.0.0[src]
Performs copy-assignment from source
. Read more
impl Default for PublicKey
[src]
impl AsRef<[u8]> for PublicKey
[src]
Auto Trait Implementations
Blanket Implementations
impl<T> From for T
[src]
impl<T, U> TryFrom for T where
U: Into<T>,
[src]
U: Into<T>,
type Error = Infallible
The type returned in the event of a conversion error.
fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>
[src]
impl<T, U> TryInto for T where
U: TryFrom<T>,
[src]
U: TryFrom<T>,
type Error = <U as TryFrom<T>>::Error
The type returned in the event of a conversion error.
fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>
[src]
impl<T, U> Into for T where
U: From<T>,
[src]
U: From<T>,
impl<T> Borrow for T where
T: ?Sized,
[src]
T: ?Sized,
impl<T> BorrowMut for T where
T: ?Sized,
[src]
T: ?Sized,
fn borrow_mut(&mut self) -> &mut T
[src]
impl<T> Any for T where
T: 'static + ?Sized,
[src]
T: 'static + ?Sized,
impl<T> ToOwned for T where
T: Clone,
[src]
T: Clone,
impl<T> Same for T
type Output = T
Should always be Self
impl<T> Clear for T where
T: InitializableFromZeroed + ?Sized,
[src]
T: InitializableFromZeroed + ?Sized,
impl<T> InitializableFromZeroed for T where
T: Default,
[src]
T: Default,