Struct PublicKeySet 

pub struct PublicKeySet { /* private fields */ }

A public key and an associated set of public key shares.

Implementations

impl PublicKeySet

pub fn threshold(&self) -> usize

Returns the threshold t: any set of t + 1 signature shares can be combined into a full signature.

pub fn public_key(&self) -> PublicKey

Returns the public key.

pub fn public_key_share<T: TryIntoScalarSafe>( &self, i: T, ) -> Result<PublicKeyShare>

Returns the i-th public key share.

Errors

Returns Error::IndexMapsToZero if i maps to the zero scalar after the internal index + 1 offset (e.g. -1i32). This prevents a caller from accidentally retrieving the master public key through an out-of-range signed index.

pub fn combine_signatures<'a, T, I>(&self, shares: I) -> Result<Signature>

where I: IntoIterator<Item = (T, &'a SignatureShare)>, T: TryIntoScalarSafe,

Combines the shares into a signature that can be verified with the main public key.

The validity of the shares is not checked: If one of them is invalid, the resulting signature also is. Only returns an error if there is a duplicate index or too few shares.

Validity of signature shares should be checked beforehand, or validity of the result afterwards.

Errors

• Error::NotEnoughShares: Fewer than threshold + 1 shares were provided
• Error::DuplicateEntry: Two shares have the same index

Example

let sk_set = SecretKeySet::random(3, &mut rand::thread_rng());
let sk_shares: Vec<_> = (0..6usize)
    .map(|i| sk_set.secret_key_share(i).expect("valid index"))
    .collect();
let pk_set = sk_set.public_keys();
let msg = "Happy birthday! If this is signed, at least four people remembered!";

// Create four signature shares for the message.
let sig_shares: BTreeMap<_, _> = (0..4).map(|i| (i, sk_shares[i].sign(msg))).collect();

// Validate the signature shares.
for (i, sig_share) in &sig_shares {
    assert!(pk_set.public_key_share(*i).expect("valid index").verify(sig_share, msg));
}

// Combine them to produce the main signature.
let sig = pk_set.combine_signatures(&sig_shares).expect("not enough shares");

// Validate the main signature. If the shares were valid, this can't fail.
assert!(pk_set.public_key().verify(&sig, msg));

Security

Signature share validity is not checked by this method. A single invalid or maliciously crafted share silently produces an invalid combined signature. In adversarial settings, callers must verify each share against its corresponding PublicKeyShare before combining:

for (i, sig_share) in &sig_shares {
    assert!(pk_set.public_key_share(*i).expect("valid index").verify(sig_share, msg));
}

Validity of the result can also be checked afterwards by verifying the combined signature against PublicKeySet::public_key.

pub fn decrypt<'a, T, I>(&self, shares: I, ct: &Ciphertext) -> Result<Vec<u8>>

where I: IntoIterator<Item = (T, &'a DecryptionShare)>, T: TryIntoScalarSafe,

Combines the shares to decrypt the ciphertext.

The ciphertext is verified before interpolation. Decryption share validity is not checked; use decrypt_with_verification if you need per-share verification in adversarial settings.

Errors

• Error::InvalidCiphertext: The ciphertext failed integrity verification
• Error::NotEnoughShares: Fewer than threshold + 1 shares were provided
• Error::DuplicateEntry: Two shares have the same index

Example

use std::collections::BTreeMap;
use threshold_pairing::SecretKeySet;

let mut rng = rand::thread_rng();
let sk_set = SecretKeySet::random(2, &mut rng);
let pk_set = sk_set.public_keys();

let message = b"secret message";
let ciphertext = pk_set.public_key().encrypt(message);

// Collect 3 decryption shares
let shares: BTreeMap<_, _> = (0..3usize)
    .map(|i| {
        let share = sk_set.secret_key_share(i).unwrap()
            .decrypt_share(&ciphertext).unwrap();
        (i, share)
    })
    .collect();

let decrypted = pk_set.decrypt(&shares, &ciphertext).expect("valid shares");
assert_eq!(message.to_vec(), decrypted);

pub fn decrypt_with_verification<'a, T, I>( &self, shares: I, ct: &Ciphertext, ) -> Result<Vec<u8>>

where I: IntoIterator<Item = (T, &'a DecryptionShare, &'a PublicKeyShare)>, T: TryIntoScalarSafe,

Combines the shares to decrypt the ciphertext, verifying each decryption share against its corresponding public key share before interpolation.

This is the recommended method in adversarial settings where individual participants may submit invalid or malicious decryption shares.

Errors

• Error::InvalidCiphertext: The ciphertext failed integrity verification
• Error::NotEnoughShares: Fewer than threshold + 1 shares were provided
• Error::DuplicateEntry: Two shares have the same index
• Error::InvalidShare: A decryption share failed verification against its public key share

Example

use std::collections::BTreeMap;
use threshold_pairing::SecretKeySet;

let mut rng = rand::thread_rng();
let sk_set = SecretKeySet::random(2, &mut rng);
let pk_set = sk_set.public_keys();

let message = b"secret message";
let ciphertext = pk_set.public_key().encrypt(message);

// Collect 3 decryption shares together with their public key shares
let shares: BTreeMap<_, _> = (0..3usize)
    .map(|i| {
        let sk_share = sk_set.secret_key_share(i).unwrap();
        let pk_share = pk_set.public_key_share(i).unwrap();
        let dec_share = sk_share.decrypt_share(&ciphertext).unwrap();
        (i, (dec_share, pk_share))
    })
    .collect();

let decrypted = pk_set
    .decrypt_with_verification(
        shares.iter().map(|(i, (d, p))| (*i, d, p)),
        &ciphertext,
    )
    .expect("valid shares");
assert_eq!(message.to_vec(), decrypted);

Trait Implementations

impl Clone for PublicKeySet

fn clone(&self) -> PublicKeySet

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for PublicKeySet

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for PublicKeySet

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl From<Commitment> for PublicKeySet

fn from(commit: Commitment) -> PublicKeySet

Converts to this type from the input type.

impl Hash for PublicKeySet

fn hash<H: Hasher>(&self, state: &mut H)

Feeds this value into the given Hasher.

fn hash_slice<H>(data: &[Self], state: &mut H)

where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher.

impl Ord for PublicKeySet

fn cmp(&self, other: &PublicKeySet) -> Ordering

This method returns an Ordering between self and other.

fn max(self, other: Self) -> Self

where Self: Sized,

Compares and returns the maximum of two values.

fn min(self, other: Self) -> Self

where Self: Sized,

Compares and returns the minimum of two values.

fn clamp(self, min: Self, max: Self) -> Self

where Self: Sized,

Restrict a value to a certain interval.

impl PartialEq for PublicKeySet

fn eq(&self, other: &PublicKeySet) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl PartialOrd for PublicKeySet

fn partial_cmp(&self, other: &PublicKeySet) -> Option<Ordering>

This method returns an ordering between self and other values if one exists.

fn lt(&self, other: &Rhs) -> bool

Tests less than (for self and other) and is used by the < operator.

fn le(&self, other: &Rhs) -> bool

Tests less than or equal to (for self and other) and is used by the <= operator.

fn gt(&self, other: &Rhs) -> bool

Tests greater than (for self and other) and is used by the > operator.

fn ge(&self, other: &Rhs) -> bool

Tests greater than or equal to (for self and other) and is used by the >= operator.

impl Serialize for PublicKeySet

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.

impl Eq for PublicKeySet

impl StructuralPartialEq for PublicKeySet