Struct Verifier

Source

pub struct Verifier { /* private fields */ }

Expand description

A batch verification context.

Implementations§

Source §

impl Verifier

Source

pub fn new() -> Verifier

Construct a new batch verifier.

Source

pub fn queue<I: Into<Item>>(&mut self, item: I)

Queue an Item for verification.

Source

pub fn verify<R: RngCore + CryptoRng>(self, rng: R) -> Result<(), Error>

Perform batch verification, returning Ok(()) if all signatures were valid and Err otherwise.

The batch verification equation is:

h_G * -[sum(z_i * s_i)]P_G + sum([z_i]R_i + [z_i * c_i]VK_i) = 0_G

which we split out into:

h_G * -[sum(z_i * s_i)]P_G + sum([z_i]R_i) + sum([z_i * c_i]VK_i) = 0_G

so that we can use multiscalar multiplication speedups.

where for each signature i,

VK_i is the verification key;
R_i is the signature’s R value;
s_i is the signature’s s value;
c_i is the hash of the message and other data;
z_i is a random 128-bit Scalar;
h_G is the cofactor of the group;
P_G is the generator of the subgroup;

Since decaf377-rdsa uses a different generator for each signature domain, we have a separate scalar accumulator for each domain, but we can still amortize computation nicely in one multiscalar multiplication:

h_G * ( [-sum(z_i * s_i): i_type == SpendAuth]P_SpendAuth + [-sum(z_i * s_i): i_type == Binding]P_Binding + sum([z_i]R_i) + sum([z_i * c_i]VK_i) ) = 0_G

As follows elliptic curve scalar multiplication convention, scalar variables are lowercase and group point variables are uppercase. This does not exactly match the RedDSA notation in the Zcash protocol specification §B.1.

Trait Implementations§

Source §

impl Default for Verifier

Source §

fn default() -> Verifier

Returns the “default value” for a type. Read more

Auto Trait Implementations§

§

impl UnwindSafe for Verifier

Blanket Implementations§

Source §

impl<T> Any for T
where T: 'static + ?Sized,

Source §

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

Source §

impl<T> Borrow<T> for T
where T: ?Sized,

Source §

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

Source §

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source §

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

Source §

impl<T> From<T> for T

Source §

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T> Instrument for T

§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided [Span], returning an Instrumented wrapper. Read more

§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

Source §

impl<T, U> Into for T
where U: From<T>,

Source §

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source §

impl<T> IntoEither for T

Source §

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more

Source §

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more

§