Macro secp256kfun::derive_nonce

macro_rules! derive_nonce {
    (
        nonce_hash => $nonce_hash:expr,
        derivation => $derivation:expr,
        secret => $secret:expr,
        public => [$($public:expr),+]
    ) => { ... };
}

Macro to make nonce derivation clear and explicit.

Nonce derivation is a sensitive action where mistakes can have catastrophic consequences. This macro helps to make it clear to the reader what the secret thing that is being used to make the resulting nonce unpredictable and what public input data should be hashed to make sure no two nonce values are the same. For example, if you are implementing a signature scheme, then the message you are signing would go into public.

This macro compiles to a call to NonceHash::begin_derivation which has further examples.

Example

Derive a nonce using a secret scalar and additional randomness from thread_rng

use secp256kfun::{Scalar, derive_nonce, hash::{Derivation, NonceHash}};
let secret_scalar = Scalar::random(&mut rand::thread_rng());
let mut r = derive_nonce!(
    nonce_hash => NonceHash::from_tag(b"my-nonce-hash"),
    derivation => Derivation::rng(&mut rand::thread_rng()),
    secret => &secret_scalar,
    public => [b"public-inputs-to-the-algorithm".as_ref()]
);