Crate schnorrkel[−][src]
Schnorr signature variants using Ristretto point compression.
Example
Creating a signature on a message is simple.
First, we need to generate a Keypair, which includes both public and
secret halves of an asymmetric key. To do so, we need a cryptographically
secure pseudorandom number generator (CSPRNG).
use rand::{Rng, rngs::OsRng}; use schnorrkel::{Keypair,Signature}; let keypair: Keypair = Keypair::generate_with(OsRng);
We can now use this keypair to sign a message:
let context = signing_context(b"this signature does this thing"); let message: &[u8] = "This is a test of the tsunami alert system.".as_bytes(); let signature: Signature = keypair.sign(context.bytes(message));
As well as to verify that this is, indeed, a valid signature on
that message:
assert!(keypair.verify(context.bytes(message), &signature).is_ok());
Anyone else, given the public half of the keypair can also easily
verify this signature:
use schnorrkel::PublicKey; let public_key: PublicKey = keypair.public; assert!(public_key.verify(context.bytes(message), &signature).is_ok());
Serialisation
PublicKeys, MiniSecretKeys, Keypairs, and Signatures can be serialised
into byte-arrays by calling .to_bytes(). It’s perfectly acceptible and
safe to transfer and/or store those bytes. (Of course, never transfer your
secret key to anyone else, since they will only need the public key to
verify your signatures!)
use schnorrkel::{PUBLIC_KEY_LENGTH, SECRET_KEY_LENGTH, KEYPAIR_LENGTH, SIGNATURE_LENGTH}; let public_key_bytes: [u8; PUBLIC_KEY_LENGTH] = public_key.to_bytes(); let secret_key_bytes: [u8; SECRET_KEY_LENGTH] = keypair.secret.to_bytes(); let keypair_bytes: [u8; KEYPAIR_LENGTH] = keypair.to_bytes(); let signature_bytes: [u8; SIGNATURE_LENGTH] = signature.to_bytes();
And similarly, decoded from bytes with ::from_bytes():
let public_key: PublicKey = PublicKey::from_bytes(&public_key_bytes)?; let secret_key: SecretKey = SecretKey::from_bytes(&secret_key_bytes)?; let keypair: Keypair = Keypair::from_bytes(&keypair_bytes)?; let signature: Signature = Signature::from_bytes(&signature_bytes)?;
Using Serde
If you prefer the bytes to be wrapped in another serialisation format, all
types additionally come with built-in serde support by
building schnorrkell via:
$ cargo build --features="serde"
They can be then serialised into any of the wire formats which serde supports. For example, using bincode:
use bincode::{serialize}; let encoded_public_key: Vec<u8> = serialize(&public_key).unwrap(); let encoded_signature: Vec<u8> = serialize(&signature).unwrap();
After sending the encoded_public_key and encoded_signature, the
recipient may deserialise them and verify:
use bincode::{deserialize}; let message: &[u8] = "This is a test of the tsunami alert system.".as_bytes(); let decoded_public_key: PublicKey = deserialize(&encoded_public_key).unwrap(); let decoded_signature: Signature = deserialize(&encoded_signature).unwrap(); assert!( public_key.verify(context.bytes(message), &signature).is_ok() );
Re-exports
pub use crate::keys::*; |
pub use crate::context::signing_context; |
pub use crate::sign::Signature; |
pub use crate::sign::SIGNATURE_LENGTH; |
pub use crate::errors::SignatureError; |
pub use crate::errors::SignatureResult; |
Modules
| cert | Elliptic curve Qu-Vanstone implicit certificate scheme (ECQV) for Ristretto |
| context | Schnorr signature contexts and configuration, adaptable to most Schnorr signature schemes. |
| derive | Implementation of “hierarchical deterministic key derivation” (HDKD) for Schnorr signatures on Ristretto |
| errors | Errors which may occur when parsing keys and/or signatures to or from wire formats. |
| keys | Schnorr signatures on the 2-torsion free subgroup of ed25519, as provided by the Ristretto point compression. |
| musig | Implementation for Ristretto Schnorr signatures of “Simple Schnorr Multi-Signatures with Applications to Bitcoin” by Gregory Maxwell, Andrew Poelstra, Yannick Seurin, and Pieter Wuille https://eprint.iacr.org/2018/068 |
| points | Ristretto point tooling |
| sign | Schnorr signature creation and verification, including batch verification. |
| vrf | Implementation of a Verifiable Random Function (VRF) using Ristretto points and Schnorr DLEQ proofs. |
Functions
| verify_batch | Verify a batch of |
| verify_batch_deterministic | Verify a batch of |
| verify_batch_rng | Verify a batch of |