Struct schnorrkel::keys::PublicKey

source · 
pub struct PublicKey(/* private fields */);
Expand description

A Ristretto Schnorr public key.

Internally, these are represented as a RistrettoPoint, meaning an Edwards point with a static guarantee to be 2-torsion free.

At present, we decompress PublicKeys into this representation during deserialization, which improves error handling, but costs a compression during signing and verification.

Implementations§

source§

impl PublicKey

source

pub fn as_compressed(&self) -> &CompressedRistretto

Access the compressed Ristretto form

source

pub fn into_compressed(self) -> CompressedRistretto

Extract the compressed Ristretto form

source

pub fn as_point(&self) -> &RistrettoPoint

Access the point form

source

pub fn into_point(self) -> RistrettoPoint

Extract the point form

source

pub fn from_compressed( compressed: CompressedRistretto, ) -> SignatureResult<PublicKey>

Decompress into the PublicKey format that also retains the compressed form.

source

pub fn from_point(point: RistrettoPoint) -> PublicKey

Compress into the PublicKey format that also retains the uncompressed form.

source

pub fn to_bytes(&self) -> [u8; 32]

Convert this public key to a byte array.

§Example
use schnorrkel::{SecretKey, PublicKey, PUBLIC_KEY_LENGTH, SignatureError};

let public_key: PublicKey = SecretKey::generate().to_public();
let public_key_bytes = public_key.to_bytes();
let public_key_again: PublicKey = PublicKey::from_bytes(&public_key_bytes[..]).unwrap();
assert_eq!(public_key_bytes, public_key_again.to_bytes());
source

pub fn from_bytes(bytes: &[u8]) -> SignatureResult<PublicKey>

Construct a PublicKey from a slice of bytes.

§Example
use schnorrkel::{PublicKey, PUBLIC_KEY_LENGTH, SignatureError};

let public_key_bytes: [u8; PUBLIC_KEY_LENGTH] = [
    208, 120, 140, 129, 177, 179, 237, 159,
    252, 160, 028, 013, 206, 005, 211, 241,
    192, 218, 001, 097, 130, 241, 020, 169,
    119, 046, 246, 029, 079, 080, 077, 084];

let public_key = PublicKey::from_bytes(&public_key_bytes).unwrap();
assert_eq!(public_key.to_bytes(), public_key_bytes);
§Returns

A Result whose okay value is an EdDSA PublicKey or whose error value is an SignatureError describing the error that occurred.

source§

impl PublicKey

source

pub fn verify<T: SigningTranscript>( &self, t: T, signature: &Signature, ) -> SignatureResult<()>

Verify a signature by this public key on a transcript.

Requires a SigningTranscript, normally created from a SigningContext and a message, as well as the signature to be verified.

source

pub fn verify_simple( &self, ctx: &[u8], msg: &[u8], signature: &Signature, ) -> SignatureResult<()>

Verify a signature by this public key on a message.

source

pub fn verify_simple_preaudit_deprecated( &self, ctx: &'static [u8], msg: &[u8], sig: &[u8], ) -> SignatureResult<()>

A temporary verification routine for use in transitioning substrate testnets only.

source§

impl PublicKey

source

pub fn vrf_hash<T>(&self, t: T) -> RistrettoBoth
where T: VRFSigningTranscript,

Create a non-malleable VRF input point by hashing a transcript to a point.

source

pub fn vrf_attach_hash<T>( &self, output: VRFPreOut, t: T, ) -> SignatureResult<VRFInOut>
where T: VRFSigningTranscript,

Pair a non-malleable VRF output with the hash of the given transcript.

source§

impl PublicKey

source

pub fn vrfs_merge<B>(&self, ps: &[B], vartime: bool) -> VRFInOut
where B: Borrow<VRFInOut>,

Merge VRF input and output pairs from the same signer, using variable time arithmetic

You should use vartime=true when verifying VRF proofs batched by the singer. You could usually use vartime=true even when producing proofs, provided the set being signed is not secret.

There is sadly no constant time 128 bit multiplication in dalek, making vartime=false somewhat slower than necessary. It should only impact signers in niche scenarios however, so the slower variant should normally be unnecessary.

Panics if given an empty points list.

TODO: Add constant time 128 bit batched multiplication to dalek. TODO: Is rand_chacha’s gen::<u128>() standardizable enough to prefer it over merlin for the output?

source§

impl PublicKey

source

pub fn dleq_verify<T>( &self, t: T, p: &VRFInOut, proof: &VRFProof, kusama: bool, ) -> SignatureResult<VRFProofBatchable>
where T: SigningTranscript,

Verify DLEQ proof that p.output = s * p.input where self s times the basepoint.

We return an enlarged VRFProofBatchable instead of just true, so that verifiers can forward batchable proofs.

In principle, one might provide “blindly verifiable” VRFs that avoid requiring self here, but naively such constructions risk the same flaws as DLEQ based blind signatures, and this version exploits the slightly faster basepoint arithmetic.

source

pub fn vrf_verify<T: VRFSigningTranscript>( &self, t: T, out: &VRFPreOut, proof: &VRFProof, ) -> SignatureResult<(VRFInOut, VRFProofBatchable)>

Verify VRF proof for one single input transcript and corresponding output.

source

pub fn vrf_verify_extra<T, E>( &self, t: T, out: &VRFPreOut, proof: &VRFProof, extra: E, ) -> SignatureResult<(VRFInOut, VRFProofBatchable)>
where T: VRFSigningTranscript, E: SigningTranscript,

Verify VRF proof for one single input transcript and corresponding output.

source

pub fn vrfs_verify<T, I, O>( &self, transcripts: I, outs: &[O], proof: &VRFProof, ) -> SignatureResult<(Box<[VRFInOut]>, VRFProofBatchable)>
where T: VRFSigningTranscript, I: IntoIterator<Item = T>, O: Borrow<VRFPreOut>,

Verify a common VRF short proof for several input transcripts and corresponding outputs.

source

pub fn vrfs_verify_extra<T, E, I, O>( &self, transcripts: I, outs: &[O], proof: &VRFProof, extra: E, ) -> SignatureResult<(Box<[VRFInOut]>, VRFProofBatchable)>
where T: VRFSigningTranscript, E: SigningTranscript, I: IntoIterator<Item = T>, O: Borrow<VRFPreOut>,

Verify a common VRF short proof for several input transcripts and corresponding outputs.

source§

impl PublicKey

source

pub fn accept_adaptor_cert<T>( &self, t: T, seed_secret_key: &SecretKey, cert_secret: AdaptorCertSecret, ) -> SignatureResult<(AdaptorCertPublic, SecretKey)>
where T: SigningTranscript,

Accept an Adaptor implicit certificate

We request an Adaptor implicit certificate by first creating an ephemeral Keypair and sending the public portion to the issuer as seed_public_key. An issuer issues the certificate by replying with the AdaptorCertSecret created by issue_adaptor_cert.

Aside from the issuer PublicKey supplied as self, you provide (1) a SigningTranscript called t that incorporates both the context and the certificate requester’s identity, (2) the seed_secret_key corresponding to the seed_public_key they sent to the issuer by the certificate recipient in their certificate request, and (3) the AdaptorCertSecret send by the issuer to the certificate requester. We return both your certificate’s new SecretKey as well as an AdaptorCertPublic from which third parties may derive corresponding public key from h and the issuer’s public key.

source§

impl PublicKey

source

pub fn open_adaptor_cert<T>( &self, t: T, cert_public: &AdaptorCertPublic, ) -> SignatureResult<PublicKey>
where T: SigningTranscript,

Extract the certified pulic key from an adaptor certificate

We’ve no confirmation that this public key was certified until we use it in some authenticated setting, like an AEAD or another signature.

Trait Implementations§

source§

impl AsRef<[u8]> for PublicKey

source§

fn as_ref(&self) -> &[u8]

Converts this type into a shared reference of the (usually inferred) input type.
source§

impl Clone for PublicKey

source§

fn clone(&self) -> PublicKey

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl ConstantTimeEq for PublicKey

source§

fn ct_eq(&self, other: &PublicKey) -> Choice

Determine if two items are equal. Read more
source§

fn ct_ne(&self, other: &Self) -> Choice

Determine if two items are NOT equal. Read more
source§

impl Debug for PublicKey

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl Default for PublicKey

source§

fn default() -> PublicKey

Returns the “default value” for a type. Read more
source§

impl Derivation for PublicKey

source§

fn derived_key<T>(&self, t: T, cc: ChainCode) -> (PublicKey, ChainCode)
where T: SigningTranscript,

Derive key with subkey identified by a byte array presented via a SigningTranscript, and a chain code.
source§

fn derived_key_simple<B: AsRef<[u8]>>( &self, cc: ChainCode, i: B, ) -> (Self, ChainCode)

Derive key with subkey identified by a byte array and a chain code. We do not include a context here because the chain code could serve this purpose.
source§

fn derived_key_simple_rng<B, R>( &self, cc: ChainCode, i: B, rng: R, ) -> (Self, ChainCode)
where B: AsRef<[u8]>, R: RngCore + CryptoRng,

Derive key with subkey identified by a byte array and a chain code, and with external randomnesses.
source§

impl From<SecretKey> for PublicKey

source§

fn from(source: SecretKey) -> PublicKey

Converts to this type from the input type.
source§

impl Hash for PublicKey

source§

fn hash<__H: Hasher>(&self, state: &mut __H)

Feeds this value into the given Hasher. Read more
1.3.0 · source§

fn hash_slice<H>(data: &[Self], state: &mut H)
where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher. Read more
source§

impl Ord for PublicKey

source§

fn cmp(&self, other: &PublicKey) -> Ordering

This method returns an Ordering between self and other. Read more
1.21.0 · source§

fn max(self, other: Self) -> Self
where Self: Sized,

Compares and returns the maximum of two values. Read more
1.21.0 · source§

fn min(self, other: Self) -> Self
where Self: Sized,

Compares and returns the minimum of two values. Read more
1.50.0 · source§

fn clamp(self, min: Self, max: Self) -> Self
where Self: Sized + PartialOrd,

Restrict a value to a certain interval. Read more
source§

impl PartialEq for PublicKey

source§

fn eq(&self, other: &PublicKey) -> bool

This method tests for self and other values to be equal, and is used by ==.
1.0.0 · source§

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
source§

impl PartialOrd for PublicKey

source§

fn partial_cmp(&self, other: &PublicKey) -> Option<Ordering>

This method returns an ordering between self and other values if one exists. Read more
1.0.0 · source§

fn lt(&self, other: &Rhs) -> bool

This method tests less than (for self and other) and is used by the < operator. Read more
1.0.0 · source§

fn le(&self, other: &Rhs) -> bool

This method tests less than or equal to (for self and other) and is used by the <= operator. Read more
1.0.0 · source§

fn gt(&self, other: &Rhs) -> bool

This method tests greater than (for self and other) and is used by the > operator. Read more
1.0.0 · source§

fn ge(&self, other: &Rhs) -> bool

This method tests greater than or equal to (for self and other) and is used by the >= operator. Read more
source§

impl Copy for PublicKey

source§

impl Eq for PublicKey

source§

impl StructuralPartialEq for PublicKey

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> CloneToUninit for T
where T: Copy,

source§

unsafe fn clone_to_uninit(&self, dst: *mut T)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
source§

impl<T> CloneToUninit for T
where T: Clone,

source§

default unsafe fn clone_to_uninit(&self, dst: *mut T)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> Same for T

§

type Output = T

Should always be Self
source§

impl<T> ToOwned for T
where T: Clone,

§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

source§

fn vzip(self) -> V