5feb6b29c7
* Impl DefaultIsZeros for every type that uses jubjub::Fr/Scalar This requires Copy and Clone along with Default. If we do not want to include those, we can impl Zeroize and Drop directly. * Hash signature message with HStar before deriving the binding factor To avoid a collision, we should hash our input message, our 'standard' hash is HStar, which uses a domain separator already, and is the same one that generates the binding factor. * Add a comment about why we hash the signature message before generating the binding factor * Add comments on how we Zeroize * Consume nonces with sign() We want to make sure that the nonces we use when signing are Drop'd (and thus Zeroize'd) when they go out of scope, so we must move participant_nonces into sign() |
||
---|---|---|
.github | ||
benches | ||
src | ||
tests | ||
.gitignore | ||
CHANGELOG.md | ||
Cargo.toml | ||
Dockerfile | ||
LICENCE | ||
LICENCE.MIT | ||
LICENSE.Apache-2.0 | ||
README.md | ||
cloudbuild.yaml | ||
codecov.yml |
README.md
A minimal RedJubjub implementation for use in Zebra.
Two parameterizations of RedJubjub are used in Zcash, one for
BindingSig
and one for SpendAuthSig
. This library distinguishes
these in the type system, using the sealed SigType
trait as a
type-level enum.
In addition to the Signature
, SigningKey
, VerificationKey
types,
the library also provides VerificationKeyBytes
, a refinement of a
[u8; 32]
indicating that bytes represent an encoding of a RedJubjub
verification key. This allows the VerificationKey
type to cache
verification checks related to the verification key encoding.
Examples
Creating a BindingSig
, serializing and deserializing it, and
verifying the signature:
# use std::convert::TryFrom;
use rand::thread_rng;
use redjubjub::*;
let msg = b"Hello!";
// Generate a secret key and sign the message
let sk = SigningKey::<Binding>::new(thread_rng());
let sig = sk.sign(thread_rng(), msg);
// Types can be converted to raw byte arrays using From/Into
let sig_bytes: [u8; 64] = sig.into();
let pk_bytes: [u8; 32] = VerificationKey::from(&sk).into();
// Deserialize and verify the signature.
let sig: Signature<Binding> = sig_bytes.into();
assert!(
VerificationKey::try_from(pk_bytes)
.and_then(|pk| pk.verify(msg, &sig))
.is_ok()
);
docs
cargo doc --features "nightly" --open