Macro secp256kfun::derive_nonce

macro_rules! derive_nonce {
    (
        nonce_gen => $nonce_gen:expr,
        secret => $secret:expr,
        public => [$($public:expr),+]$(,)?
    ) => { ... };
}

Macro to make nonce derivation clear and explicit.

Nonce derivation is a sensitive action where mistakes can have catastrophic consequences. This macro helps to make it clear for which secret the nonce is being produced and what public input are being used to make sure no two nonce values are the same (even when using generating the nonce deterministically). For example, if you are implementing a signature scheme, then the message you are signing would go into public and the secret signign key would go into secret.

This macro compiles to a call to NonceGen::begin_derivation.

Examples

Derive a nonce deterministically. This example shouldn’t be taken literally. What you actually pass here to secret and public is dependent on the cryptographic scheme and is crucial to get right.

use secp256kfun::{Scalar, derive_nonce, Tag, nonce};
use sha2::Sha256;
let secret_scalar = Scalar::random(&mut rand::thread_rng());
let nonce_gen = nonce::Deterministic::<Sha256>::default().tag(b"my-protocol");
let r = derive_nonce!(
    nonce_gen => nonce_gen,
    secret => &secret_scalar,
    public => [b"public-inputs-to-the-algorithm".as_ref()]
);