Struct schnorrkel::keys::SecretKey

source ·
pub struct SecretKey { /* private fields */ }
Expand description

A secret key for use with Ristretto Schnorr signatures.

Internally, these consist of a scalar mod l along with a seed for nonce generation. In this way, we ensure all scalar arithmetic works smoothly in operations like threshold or multi-signatures, or hierarchical deterministic key derivations.

We keep our secret key serializaion “almost” compatable with EdDSA “expanded” secret key serializaion by multiplying the scalar by the cofactor 8, as integers, and dividing on deserializaion. We do not however attempt to keep the scalar’s high bit set, especially not during hierarchical deterministic key derivations, so some Ed25519 libraries might compute the public key incorrectly from our secret key.

Implementations§

source§

impl SecretKey

source

pub fn to_bytes(&self) -> [u8; 64]

Convert this SecretKey into an array of 64 bytes with.

Returns an array of 64 bytes, with the first 32 bytes being the secret scalar represented canonically, and the last 32 bytes being the seed for nonces.

§Examples
use schnorrkel::{MiniSecretKey, SecretKey};

let mini_secret_key: MiniSecretKey = MiniSecretKey::generate();
let secret_key: SecretKey = mini_secret_key.expand(MiniSecretKey::UNIFORM_MODE);
let secret_key_bytes: [u8; 64] = secret_key.to_bytes();
let bytes: [u8; 64] = secret_key.to_bytes();
let secret_key_again: SecretKey = SecretKey::from_bytes(&bytes[..]).unwrap();
assert_eq!(&bytes[..], & secret_key_again.to_bytes()[..]);
source

pub fn from_bytes(bytes: &[u8]) -> SignatureResult<SecretKey>

Construct an SecretKey from a slice of bytes.

§Examples
use schnorrkel::{MiniSecretKey, SecretKey, ExpansionMode, SignatureError};

let mini_secret_key: MiniSecretKey = MiniSecretKey::generate();
let secret_key: SecretKey = mini_secret_key.expand(MiniSecretKey::ED25519_MODE);
let bytes: [u8; 64] = secret_key.to_bytes();
let secret_key_again: SecretKey = SecretKey::from_bytes(&bytes[..]).unwrap();
assert_eq!(secret_key_again, secret_key);
source

pub fn to_ed25519_bytes(&self) -> [u8; 64]

Convert this SecretKey into an array of 64 bytes, corresponding to an Ed25519 expanded secret key.

Returns an array of 64 bytes, with the first 32 bytes being the secret scalar shifted ed25519 style, and the last 32 bytes being the seed for nonces.

source

pub fn from_ed25519_bytes(bytes: &[u8]) -> SignatureResult<SecretKey>

Construct an SecretKey from a slice of bytes, corresponding to an Ed25519 expanded secret key.

§Example
use schnorrkel::{SecretKey, SECRET_KEY_LENGTH};
use hex_literal::hex;

let secret = hex!("28b0ae221c6bb06856b287f60d7ea0d98552ea5a16db16956849aa371db3eb51fd190cce74df356432b410bd64682309d6dedb27c76845daf388557cbac3ca34");
let public = hex!("46ebddef8cd9bb167dc30878d7113b7e168e6f0646beffd77d69d39bad76b47a");
let secret_key = SecretKey::from_ed25519_bytes(&secret[..]).unwrap();
assert_eq!(secret_key.to_public().to_bytes(), public);
source

pub fn generate_with<R>(csprng: R) -> SecretKey
where R: CryptoRng + RngCore,

Generate an “unbiased” SecretKey directly from a user suplied csprng uniformly, bypassing the MiniSecretKey layer.

source

pub fn generate() -> SecretKey

Generate an “unbiased” SecretKey directly, bypassing the MiniSecretKey layer.

source

pub fn to_public(&self) -> PublicKey

Derive the PublicKey corresponding to this SecretKey.

source

pub fn to_keypair(self) -> Keypair

Derive the PublicKey corresponding to this SecretKey.

source§

impl SecretKey

source

pub fn sign<T: SigningTranscript>( &self, t: T, public_key: &PublicKey, ) -> Signature

Sign a transcript with this SecretKey.

Requires a SigningTranscript, normally created from a SigningContext and a message, as well as the public key corresponding to self. Returns a Schnorr signature.

We employ a randomized nonce here, but also incorporate the transcript like in a derandomized scheme, but only after first extending the transcript by the public key. As a result, there should be no attacks even if both the random number generator fails and the function gets called with the wrong public key.

source

pub fn sign_doublecheck<T>( &self, t: T, public_key: &PublicKey, ) -> SignatureResult<Signature>

Sign a message with this SecretKey, but doublecheck the result.

source

pub fn sign_simple( &self, ctx: &[u8], msg: &[u8], public_key: &PublicKey, ) -> Signature

Sign a message with this SecretKey.

source

pub fn sign_simple_doublecheck( &self, ctx: &[u8], msg: &[u8], public_key: &PublicKey, ) -> SignatureResult<Signature>

Sign a message with this SecretKey, but doublecheck the result.

source§

impl SecretKey

source

pub fn vrf_create_from_point(&self, input: RistrettoBoth) -> VRFInOut

Evaluate the VRF-like multiplication on an uncompressed point, probably not useful in this form.

source

pub fn vrf_create_from_compressed_point( &self, input: &VRFPreOut, ) -> SignatureResult<VRFInOut>

Evaluate the VRF-like multiplication on a compressed point, useful for proving key exchanges, OPRFs, or sequential VRFs.

We caution that such protocols could provide signing oracles and note that vrf_create_from_point cannot check for problematic inputs like attach_input_hash does.

source§

impl SecretKey

source

pub fn hard_derive_mini_secret_key<B: AsRef<[u8]>>( &self, cc: Option<ChainCode>, i: B, ) -> (MiniSecretKey, ChainCode)

Vaguely BIP32-like “hard” derivation of a MiniSecretKey from a SecretKey

We do not envision any “good reasons” why these “hard” derivations should ever be used after the soft Derivation trait. We similarly do not believe hard derivations make any sense for ChainCodes or ExtendedKeys types. Yet, some existing BIP32 workflows might do these things, due to BIP32’s de facto standardization and poor design. In consequence, we provide this method to do “hard” derivations in a way that should work with all BIP32 workflows and any permissible mutations of SecretKey. This means only that we hash the SecretKey’s scalar, but not its nonce because the secret key remains valid if the nonce is changed.

Trait Implementations§

source§

impl Clone for SecretKey

source§

fn clone(&self) -> SecretKey

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl ConstantTimeEq for SecretKey

source§

fn ct_eq(&self, other: &Self) -> Choice

Determine if two items are equal. Read more
source§

fn ct_ne(&self, other: &Self) -> Choice

Determine if two items are NOT equal. Read more
source§

impl Debug for SecretKey

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl Derivation for SecretKey

source§

fn derived_key<T>(&self, t: T, cc: ChainCode) -> (SecretKey, ChainCode)

Derive key with subkey identified by a byte array presented via a SigningTranscript, and a chain code.
source§

fn derived_key_simple<B: AsRef<[u8]>>( &self, cc: ChainCode, i: B, ) -> (Self, ChainCode)

Derive key with subkey identified by a byte array and a chain code. We do not include a context here because the chain code could serve this purpose.
source§

fn derived_key_simple_rng<B, R>( &self, cc: ChainCode, i: B, rng: R, ) -> (Self, ChainCode)
where B: AsRef<[u8]>, R: RngCore + CryptoRng,

Derive key with subkey identified by a byte array and a chain code, and with external randomnesses.
source§

impl From<SecretKey> for Keypair

source§

fn from(secret: SecretKey) -> Keypair

Converts to this type from the input type.
source§

impl From<SecretKey> for PublicKey

source§

fn from(source: SecretKey) -> PublicKey

Converts to this type from the input type.
source§

impl PartialEq for SecretKey

source§

fn eq(&self, other: &Self) -> bool

This method tests for self and other values to be equal, and is used by ==.
1.0.0 · source§

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
source§

impl Zeroize for SecretKey

source§

fn zeroize(&mut self)

Zero out this object from memory using Rust intrinsics which ensure the zeroization operation is not “optimized away” by the compiler.
source§

impl Eq for SecretKey

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> CloneToUninit for T
where T: Clone,

source§

default unsafe fn clone_to_uninit(&self, dst: *mut T)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> Same for T

§

type Output = T

Should always be Self
source§

impl<T> ToOwned for T
where T: Clone,

§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

source§

fn vzip(self) -> V