2022-05-16 13:53:17 -07:00
|
|
|
//! Schnorr signature signing keys
|
|
|
|
|
|
|
|
use rand_core::{CryptoRng, RngCore};
|
|
|
|
|
2022-11-02 10:52:38 -07:00
|
|
|
use crate::{random_nonzero, Ciphersuite, Error, Field, Group, Scalar, Signature, VerifyingKey};
|
2022-05-16 13:53:17 -07:00
|
|
|
|
|
|
|
/// A signing key for a Schnorr signature on a FROST [`Ciphersuite::Group`].
|
|
|
|
#[derive(Copy, Clone)]
|
|
|
|
pub struct SigningKey<C>
|
|
|
|
where
|
|
|
|
C: Ciphersuite,
|
|
|
|
{
|
2022-10-25 22:08:06 -07:00
|
|
|
pub(crate) scalar: Scalar<C>,
|
2022-05-16 13:53:17 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
impl<C> SigningKey<C>
|
|
|
|
where
|
|
|
|
C: Ciphersuite,
|
|
|
|
{
|
|
|
|
/// Generate a new signing key.
|
2023-05-19 02:54:52 -07:00
|
|
|
pub fn new<R: RngCore + CryptoRng>(rng: &mut R) -> SigningKey<C> {
|
|
|
|
let scalar = random_nonzero::<C, R>(rng);
|
2022-05-16 13:53:17 -07:00
|
|
|
|
|
|
|
SigningKey { scalar }
|
|
|
|
}
|
|
|
|
|
|
|
|
/// Deserialize from bytes
|
|
|
|
pub fn from_bytes(
|
|
|
|
bytes: <<C::Group as Group>::Field as Field>::Serialization,
|
2022-12-12 14:04:10 -08:00
|
|
|
) -> Result<SigningKey<C>, Error<C>> {
|
2022-05-16 13:53:17 -07:00
|
|
|
<<C::Group as Group>::Field as Field>::deserialize(&bytes)
|
|
|
|
.map(|scalar| SigningKey { scalar })
|
2022-12-12 14:04:10 -08:00
|
|
|
.map_err(|e| e.into())
|
2022-05-16 13:53:17 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
/// Serialize `SigningKey` to bytes
|
|
|
|
pub fn to_bytes(&self) -> <<C::Group as Group>::Field as Field>::Serialization {
|
|
|
|
<<C::Group as Group>::Field as Field>::serialize(&self.scalar)
|
|
|
|
}
|
|
|
|
|
|
|
|
/// Create a signature `msg` using this `SigningKey`.
|
|
|
|
pub fn sign<R: RngCore + CryptoRng>(&self, mut rng: R, msg: &[u8]) -> Signature<C> {
|
2022-11-02 10:52:38 -07:00
|
|
|
let k = random_nonzero::<C, R>(&mut rng);
|
2022-05-16 13:53:17 -07:00
|
|
|
|
2022-10-25 22:08:06 -07:00
|
|
|
let R = <C::Group>::generator() * k;
|
2022-05-16 13:53:17 -07:00
|
|
|
|
|
|
|
// Generate Schnorr challenge
|
|
|
|
let c = crate::challenge::<C>(&R, &VerifyingKey::<C>::from(*self).element, msg);
|
|
|
|
|
|
|
|
let z = k + (c.0 * self.scalar);
|
|
|
|
|
|
|
|
Signature { R, z }
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
impl<C> From<&SigningKey<C>> for VerifyingKey<C>
|
|
|
|
where
|
|
|
|
C: Ciphersuite,
|
|
|
|
{
|
|
|
|
fn from(signing_key: &SigningKey<C>) -> Self {
|
|
|
|
VerifyingKey {
|
|
|
|
element: C::Group::generator() * signing_key.scalar,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
impl<C> From<SigningKey<C>> for VerifyingKey<C>
|
|
|
|
where
|
|
|
|
C: Ciphersuite,
|
|
|
|
{
|
|
|
|
fn from(signing_key: SigningKey<C>) -> Self {
|
|
|
|
VerifyingKey::<C>::from(&signing_key)
|
|
|
|
}
|
|
|
|
}
|