Macro secp256kfun::derive_nonce
source · [−]macro_rules! derive_nonce {
(
nonce_gen => $nonce_gen:expr,
secret => $secret:expr,
public => [$($public:expr),+]
) => { ... };
}
Expand description
Macro to make nonce derivation clear and explicit.
Nonce derivation is a sensitive action where mistakes can have catastrophic
consequences. This macro helps to make it clear for which secret the nonce
is being produced and what public input are being used to make sure no two
nonce values are the same (even when using generating the nonce
deterministically). For example, if you are implementing a signature scheme,
then the message you are signing would go into public
and the secret
signign key would go into secret
.
This macro compiles to a call to NonceGen::begin_derivation
.
Examples
Derive a nonce deterministically. This example shouldn’t be taken
literally. What you actually pass here to secret
and public
is dependent
on the cryptographic scheme and is crucial to get right.
use secp256kfun::{Scalar, derive_nonce, nonce::AddTag, nonce::{NonceGen,Deterministic}};
use sha2::Sha256;
let secret_scalar = Scalar::random(&mut rand::thread_rng());
let nonce_gen = Deterministic::<Sha256>::default().add_tag("my-protocol");
let r = derive_nonce!(
nonce_gen => nonce_gen,
secret => &secret_scalar,
public => [b"public-inputs-to-the-algorithm".as_ref()]
);