[−][src]Macro secp256kfun::derive_nonce
Macro to make nonce derivation clear and explicit.
Nonce derivation is a sensitive action where mistakes can have catastrophic
consequences. This macro helps to make it clear to the reader what the
secret thing that is being used to make the resulting nonce unpredictable
and what public input data should be hashed to make sure no two nonce values
are the same. For example, if you are implementing a signature scheme, then
the message you are signing would go into public
.
This macro compiles to a call to NonceHash::begin_derivation
which has further examples.
Example
Derive a nonce using a secret scalar and additional randomness from thread_rng
use secp256kfun::{Scalar, derive_nonce, hash::{Derivation, NonceHash}}; let secret_scalar = Scalar::random(&mut rand::thread_rng()); let mut r = derive_nonce!( nonce_hash => NonceHash::from_tag(b"my-nonce-hash"), derivation => Derivation::rng(&mut rand::thread_rng()), secret => &secret_scalar, public => [b"public-inputs-to-the-algorithm".as_ref()] );