pub trait TryIntoScalarSafe: Copy {
// Required method
fn try_into_scalar_safe(self) -> Result<Scalar>;
}Expand description
A safe conversion into a non-zero scalar field element, suitable for use as a share index.
This trait is the required bound for all share-index parameters (e.g.
SecretKeySet::secret_key_share and
PublicKeySet::public_key_share).
§Security
Share indices are mapped to scalar field elements via index + 1. If the resulting
scalar is zero — which happens when a signed index value such as -1i32 is used —
the evaluation point equals poly(0), i.e. the master secret key. This trait
enforces that the post-mapping scalar is non-zero, preventing that attack.
For all unsigned types (u64, usize, Scalar) the check is statically guaranteed
to succeed and the blanket implementation returns Ok without runtime overhead.
Required Methods§
Sourcefn try_into_scalar_safe(self) -> Result<Scalar>
fn try_into_scalar_safe(self) -> Result<Scalar>
Converts self to a scalar, returning Err(Error::IndexMapsToZero) if the
conversion would produce the zero scalar after the + 1 offset applied
by the share-index machinery.
The check is performed after adding 1, so the predicate is:
self.into_scalar() + 1 != Scalar::zero().
Dyn Compatibility§
This trait is not dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.
Implementors§
impl<T: IntoScalar> TryIntoScalarSafe for T
Blanket implementation for all types that already implement IntoScalar.
For unsigned types the + 1 offset can never produce zero (since the only way
to get zero is x + 1 ≡ 0 (mod p), i.e. x = p - 1, which is representable
only as a Scalar value, not as a u64/usize). We still perform the runtime
check so that callers who provide a raw Scalar equal to p - 1 are caught.