pub struct WinternitzPrivkey<const N: usize> { /* private fields */ }Expand description
Private Winternitz key: N message scalars and 2 checksum scalars, each 32
bytes. Zeroized on drop.
Security: Winternitz is a one-time signature scheme. Signing two
different messages with the same privkey scalars allows an attacker to
forge signatures on a third message. Prefer
crate::WinternitzKeypair::sign_and_increment which guarantees the
keypair advances after every signature. Calling Self::sign directly
places the burden of one-time-use enforcement on the caller.
Implementations§
Source§impl<const N: usize> WinternitzPrivkey<N>
impl<const N: usize> WinternitzPrivkey<N>
Sourcepub fn as_bytes(&self) -> &[u8]
pub fn as_bytes(&self) -> &[u8]
Return the privkey’s (N + 2) * 32 raw bytes (message scalars then
checksum scalars), with no copy.
Sourcepub fn sign(self, message: &[&[u8]]) -> WinternitzSignature<N>
pub fn sign(self, message: &[&[u8]]) -> WinternitzSignature<N>
Sign a message. Consumes self so the same privkey can’t be reused
directly. Note that re-deriving from a WinternitzKeypair at the same
position produces an identical privkey — for replay-safe signing prefer
crate::WinternitzKeypair::sign_and_increment.
The message is supplied as a slice of byte slices (matching
solana_sha256_hasher::hashv), so callers can mix domain-separation
tags or context bytes with the payload.
Sourcepub fn sign_prehashed(self, hash: &[u8; N]) -> WinternitzSignature<N>
pub fn sign_prehashed(self, hash: &[u8; N]) -> WinternitzSignature<N>
Sign a pre-hashed message. Consumes self; same caveat as Self::sign.
Sourcepub fn hash(message: &[&[u8]]) -> [u8; N]
pub fn hash(message: &[&[u8]]) -> [u8; N]
Hash a message into the N-byte Winternitz digest used by signing.
Equivalent to truncating SHA-256 of the concatenated message slices
to N bytes.
Sourcepub fn to_pubkey(&self) -> WinternitzPubkey<N>
pub fn to_pubkey(&self) -> WinternitzPubkey<N>
Derive the corresponding WinternitzPubkey by chaining each scalar
255 times under SHA-256.