Struct schnorrkel::musig::MuSig[][src]

pub struct MuSig<T: SigningTranscript + Clone, S> { /* fields omitted */ }

Schnorr multi-signature (MuSig) container generic over its session types

Implementations

impl<T: SigningTranscript + Clone, S> MuSig<T, S>[src]

pub fn public_keys(
    &self,
    require_reveal: bool
) -> impl Iterator<Item = &PublicKey>[src]

Iterates over public keys.

If require_reveal=true then we count only public key that revealed their R values.

pub fn public_key(&self) -> PublicKey[src]

Aggregate public key given currently revealed R values

pub fn expected_public_key(&self) -> PublicKey[src]

Aggregate public key expected if all currently committed nodes fully participate

impl<T, S> MuSig<T, S> where
    T: SigningTranscript + Clone,
    S: TranscriptStages[src]

pub fn transcript(&mut self) -> &mut T[src]

We permit extending the transcript whenever you like, so that say the message may be agreed upon in parallel to the commitments. We advise against doing so however, as this requires absolute faith in your random number generator, usually rand::thread_rng().

impl<K, T> MuSig<T, CommitStage<K>> where
    K: Borrow<Keypair>,
    T: SigningTranscript + Clone[src]

pub fn new(keypair: K, t: T) -> MuSig<T, CommitStage<K>>[src]

Initialize a multi-signature aka cosignature protocol run.

We encurage borrowing the Keypair to minimize copies of the private key, so we provide the Keypair::musig method for the K = &'k Keypair case. You could use Rc or Arc with this MuSig::new method, or even pass in an owned copy.

pub fn our_commitment(&self) -> Commitment[src]

Our commitment to our R to send to all other cosigners

pub fn add_their_commitment(
    &mut self,
    them: PublicKey,
    theirs: Commitment
) -> SignatureResult<()>[src]

Add a new cosigner’s public key and associated R bypassing our commitmewnt phase.

pub fn reveal_stage(self) -> MuSig<T, RevealStage<K>>[src]

Commit to reveal phase transition.

impl<K, T> MuSig<T, RevealStage<K>> where
    K: Borrow<Keypair>,
    T: SigningTranscript + Clone[src]

pub fn our_reveal(&self) -> &Reveal[src]

Reveal our R contribution to send to all other cosigners

pub fn add_their_reveal(
    &mut self,
    them: PublicKey,
    theirs: Reveal
) -> SignatureResult<()>[src]

Include a revealed R value from a previously committed cosigner

pub fn add_trusted(
    &mut self,
    them: PublicKey,
    theirs: Reveal
) -> SignatureResult<()>[src]

Add a new cosigner’s public key and associated R bypassing our commitmewnt phase.

We implemented defenses that reduce the risks posed by this method, but anyone who wishes provable security should heed the advice below:

Avoid using this due to the attack described in “On the Provable Security of Two-Round Multi-Signatures” by Manu Drijvers, Kasra Edalatnejad, Bryan Ford, and Gregory Neven https://eprint.iacr.org/2018/417 Avoid using this for public keys held by networked devices in particular.

There are however limited scenarios in which using this appears secure, primarily if the trusted device is (a) air gapped, (b) stateful, and (c) infrequently used, via some constrained channel like manually scanning QR code. Almost all hardware wallets designs fail (b), but non-hardware wallets fail (a), with the middle ground being only something like Pairty Signer. Also, any public keys controlled by an organization likely fail (c) too, making this only useful for individuals.

pub fn cosign_stage(self) -> MuSig<T, CosignStage>[src]

Reveal to cosign phase transition.

impl<T: SigningTranscript + Clone> MuSig<T, CosignStage>[src]

pub fn our_cosignature(&self) -> Cosignature[src]

Reveals our signature contribution

pub fn add_their_cosignature(
    &mut self,
    them: PublicKey,
    theirs: Cosignature
) -> SignatureResult<()>[src]

Include a cosignature from another cosigner

pub fn cosigned(&self) -> impl Iterator<Item = &PublicKey>[src]

Interate over the cosigners who successfully revaled and later cosigned.

pub fn uncosigned(&self) -> impl Iterator<Item = &PublicKey>[src]

Interate over the possible cosigners who successfully committed and revaled, but actually cosigned.

pub fn sign(&self) -> Option<Signature>[src]

Actually computes the cosignature

impl<T: SigningTranscript + Clone> MuSig<T, CollectStage>[src]

pub fn add(
    &mut self,
    them: PublicKey,
    their_reveal: Reveal,
    their_cosignature: Cosignature
) -> SignatureResult<()>[src]

Adds revealed R and cosignature into a cosignature collector

pub fn signature(self) -> Signature[src]

Actually computes the collected cosignature.

Auto Trait Implementations

impl<T, S> RefUnwindSafe for MuSig<T, S> where
    S: RefUnwindSafe,
    T: RefUnwindSafe

impl<T, S> Send for MuSig<T, S> where
    S: Send,
    T: Send

impl<T, S> Sync for MuSig<T, S> where
    S: Sync,
    T: Sync

impl<T, S> Unpin for MuSig<T, S> where
    S: Unpin,
    T: Unpin

impl<T, S> UnwindSafe for MuSig<T, S> where
    S: UnwindSafe,
    T: UnwindSafe

Blanket Implementations

impl<T> Any for T where
    T: 'static + ?Sized[src]

impl<T> Borrow<T> for T where
    T: ?Sized[src]

impl<T> BorrowMut<T> for T where
    T: ?Sized[src]

impl<T> From<T> for T[src]

impl<T, U> Into<U> for T where
    U: From<T>, [src]

impl<T> Same<T> for T[src]

type Output = T

Should always be Self

impl<T, U> TryFrom<U> for T where
    U: Into<T>, [src]

type Error = Infallible

The type returned in the event of a conversion error.

impl<T, U> TryInto<U> for T where
    U: TryFrom<T>, [src]

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

impl<V, T> VZip<V> for T where
    V: MultiLane<T>, [src]