Struct schnorrkel::keys::SecretKey

pub struct SecretKey { /* fields omitted */ }

A seceret key for use with Ristretto Schnorr signatures.

Internally, these consist of a scalar mod l along with a seed for nonce generation. In this way, we ensure all scalar arithmatic works smoothly in operations like threshold or multi-signatures, or hierarchical deterministic key derivations.

We keep our secret key serializaion "almost" compatable with EdDSA "expanded" secret key serializaion by multiplying the scalar by the cofactor 8, as integers, and dividing on deserializaion. We do not however attempt to keep the scalar's high bit set, especially not during hierarchical deterministic key derivations, so some Ed25519 libraries might compute the public key incorrectly from our secret key.

Methods

impl SecretKey

pub fn to_bytes(&self) -> [u8; 64]

Convert this SecretKey into an array of 64 bytes with.

Returns an array of 64 bytes, with the first 32 bytes being the secret scalar represented cannonically, and the last 32 bytes being the seed for nonces.

Examples

use rand::{Rng, rngs::OsRng};
use sha2::Sha512;
use schnorrkel::{MiniSecretKey, SecretKey};

let mut csprng: OsRng = OsRng::new().unwrap();
let mini_secret_key: MiniSecretKey = MiniSecretKey::generate(&mut csprng);
let secret_key: SecretKey = SecretKey::from(&mini_secret_key);
let secret_key_bytes: [u8; 64] = secret_key.to_bytes();

assert!(&secret_key_bytes[..] != &[0u8; 64][..]);

pub fn from_bytes(bytes: &[u8]) -> SignatureResult<SecretKey>

Construct an SecretKey from a slice of bytes.

Examples

use schnorrkel::{MiniSecretKey, SecretKey, SignatureError};
use rand::{Rng, rngs::OsRng};
let mut csprng: OsRng = OsRng::new().unwrap();
let mini_secret_key: MiniSecretKey = MiniSecretKey::generate(&mut csprng);
let secret_key: SecretKey = SecretKey::from(&mini_secret_key);
let bytes: [u8; 64] = secret_key.to_bytes();
let secret_key_again = SecretKey::from_bytes(&bytes) ?;

pub fn to_ed25519_bytes(&self) -> [u8; 64]

Convert this SecretKey into an array of 64 bytes, corresponding to an Ed25519 expanded secreyt key.

Returns an array of 64 bytes, with the first 32 bytes being the secret scalar shifted ed25519 style, and the last 32 bytes being the seed for nonces.

pub fn to_ed25519_expanded_secret_key(&self) -> ExpandedSecretKey

Convert this SecretKey into an Ed25519 expanded secreyt key.

pub fn from_ed25519_bytes(bytes: &[u8]) -> SignatureResult<SecretKey>

Construct an SecretKey from a slice of bytes, corresponding to an Ed25519 expanded secret key.

pub fn generate<R>(csprng: R) -> SecretKey where
    R: CryptoRng + Rng, 

Generate an "unbiased" SecretKey directly, bypassing the MiniSecretKey Ed25519 compatability layer.

As we generate a SecretKey directly bypassing MiniSecretKey, so our secret keys do not satisfy the high bit "clamping" impoised on Ed25519 keys.

pub fn to_public(&self) -> PublicKey

Derive the PublicKey corresponding to this SecretKey.

pub fn to_keypair(self) -> Keypair

Derive the PublicKey corresponding to this SecretKey.

impl SecretKey

pub fn sign<T: SigningTranscript>(
    &self,
    t: T,
    public_key: &PublicKey
) -> Signature

Sign a transcript with this SecretKey.

Requires a SigningTranscript, normally created from a SigningContext and a message, as well as the public key correspodning to self. Returns a Schnorr signature.

We employ a randomized nonce here, but also incorporate the transcript like in a derandomized scheme, but only after first extending the transcript by the public key. As a result, there should be no attacks even if both the random number generator fails and the function gets called with the wrong public key.

pub fn sign_simple(
    &self,
    ctx: &'static [u8],
    msg: &[u8],
    public_key: &PublicKey
) -> Signature

Sign a message with this SecretKey.

impl SecretKey

pub fn vrf_create_from_point(&self, input: RistrettoBoth) -> VRFInOut

Evaluate the VRF-like multiplication on an uncompressed point, probably not useful in this form.

pub fn vrf_create_from_compressed_point(
    &self,
    input: &VRFOutput
) -> SignatureResult<VRFInOut>

Evaluate the VRF-like multiplication on a compressed point, useful for proving key exchanges, OPRFs, or sequential VRFs.

impl SecretKey

pub fn hard_derive_mini_secret_key<B: AsRef<[u8]>>(
    &self,
    cc: Option<ChainCode>,
    i: B
) -> (MiniSecretKey, ChainCode)

Vaguely BIP32-like "hard" derivation of a MiniSecretKey from a SecretKey

We do not envision any "good reasons" why these "hard" derivations should ever be used after the soft Derivation trait. We similarly do not believe hard derivations make any sense for ChainCodes or ExtendedKeys types. Yet, some existing BIP32 workflows might do these things, due to BIP32's de facto stnadardization and poor design. In consequence, we provide this method to do "hard" derivations in a way that should work with all BIP32 workflows and any permissible mutations of SecretKey. This means only that we hash the SecretKey's scalar, but not its nonce becuase the secret key remains valid if the nonce is changed.

Trait Implementations

impl Derivation for SecretKey

fn derived_key<T>(&self, t: T, cc: ChainCode) -> (SecretKey, ChainCode) where
    T: SigningTranscript + Clone, 

Derive key with subkey identified by a byte array presented as a hash, and a chain code.

fn derived_key_simple<B: AsRef<[u8]>>(
    &self,
    cc: ChainCode,
    i: B
) -> (Self, ChainCode)

Derive key with subkey identified by a byte array and a chain code. We do not include a context here becuase the chain code could serve this purpose. We support only Shake256 here for simplicity, and the reasons discussed in lib.rs, and https://github.com/rust-lang/rust/issues/36887

impl PartialEq<SecretKey> for SecretKey

fn eq(&self, other: &Self) -> bool

This method tests for self and other values to be equal, and is used by ==.

#[must_use] fn ne(&self, other: &Rhs) -> bool

This method tests for !=.

impl Eq for SecretKey

impl Drop for SecretKey

Overwrite secret key material with null bytes when it goes out of scope.

fn drop(&mut self)

Executes the destructor for this type.

impl Debug for SecretKey

fn fmt(&self, f: &mut Formatter) -> Result

Formats the value using the given formatter.

impl<'_> From<&'_ MiniSecretKey> for SecretKey

fn from(msk: &MiniSecretKey) -> SecretKey

Construct an SecretKey from a MiniSecretKey.

Examples

use rand::{Rng, rngs::OsRng};
use sha2::Sha512;
use schnorrkel::{MiniSecretKey, SecretKey};

let mut csprng: OsRng = OsRng::new().unwrap();
let mini_secret_key: MiniSecretKey = MiniSecretKey::generate(&mut csprng);
let secret_key: SecretKey = SecretKey::from(&mini_secret_key);

impl From<SecretKey> for PublicKey

fn from(source: SecretKey) -> PublicKey

Performs the conversion.

impl From<SecretKey> for Keypair

fn from(secret: SecretKey) -> Keypair

Performs the conversion.

impl Clone for SecretKey

fn clone(&self) -> SecretKey

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Default for SecretKey

fn default() -> SecretKey

Returns the "default value" for a type.

impl ConstantTimeEq for SecretKey

fn ct_eq(&self, other: &Self) -> Choice

Determine if two items are equal.