Module secp256kfun::nonce [−][src]
Expand description
Nonce Genration utilities
Nonce generation is one of the most difficult things to get right when
implementing discrete log based cryptosystems so this library provides a
built-in way of doing it with sane defaults. A nonce is random secret
Scalar
chosen per static scalar that the prover/signer takes as secret
input to the algorithm. For it to be secure the distribution of the nonce
and the public inputs to the algorithm must be uniformly random. For a
signature scheme this means for every message the nonce must appear
uniformly random to an attacker that does not know the corresponding secret.
Even a slight bias can allow an attacker to extract the secret key if they
can observe enough signatures/proofs.
Implementations using secp256kfun should allow the caller to pass in a
NonceGen
upon instantiating the scheme. When generating a nonce for a
secret scalar implementations should use the derive_nonce!
macro.
Structs
A deterministic nonce generator.
A zero sized type that wraps an RNG that implementes
Default
e.g. ThreadRng
. GlobalRng
implements
NonceRng
and care has been taken to ensure it is Sync
.
A nonce generator that uses an RNG to mix in real randomness into the nonce generation.