Struct Ristretto 

pub struct Ristretto;

Available on crate feature ristretto only.

Ciphersuite for Ristretto.

hash_to_F is implemented with a naive concatenation of the dst and data, allowing transposition between the two. This means dst: b"abc", data: b"def", will produce the same scalar as dst: "abcdef", data: b"". Please use carefully, not letting dsts be substrings of each other.

Trait Implementations

impl Ciphersuite for Ristretto

const ID: &'static [u8] = b"ristretto"

ID for this curve.

type F = Scalar

Scalar field element type.

type G = RistrettoPoint

Group element type.

type H = CoreWrapper<CtVariableCoreWrapper<Sha512VarCore, UInt<UInt<UInt<UInt<UInt<UInt<UInt<UTerm, B1>, B0>, B0>, B0>, B0>, B0>, B0>, OidSha512>>

Hash algorithm used with this curve.

fn generator() -> <Ristretto as Ciphersuite>::G

Generator for the group.

fn hash_to_F(dst: &[u8], data: &[u8]) -> <Ristretto as Ciphersuite>::F

Hash the provided domain-separation tag and message to a scalar. Ciphersuites MAY naively prefix the tag to the message, enabling transpotion between the two. Accordingly, this function should NOT be used in any scheme where one tag is a valid substring of another UNLESS the specific Ciphersuite is verified to handle the DST securely.

fn random_nonzero_F<R>(rng: &mut R) -> Self::F

where R: RngCore + CryptoRng,

Generate a random non-zero scalar.

fn read_F<R>(reader: &mut R) -> Result<Self::F, Error>

where R: Read,

Read a canonical scalar from something implementing std::io::Read.

fn read_G<R>(reader: &mut R) -> Result<Self::G, Error>

where R: Read,

Read a canonical point from something implementing std::io::Read.

impl Clone for Ristretto

fn clone(&self) -> Ristretto

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Curve for Ristretto

Available on crate features ristretto or ed25519 only.

const CONTEXT: &'static [u8] = b"FROST-RISTRETTO255-SHA512-v1"

Context string for this curve.

fn hash(dst: &[u8], data: &[u8]) -> Output<Self::H>

Hash the given dst and data to a byte vector. Used to instantiate H4 and H5.

fn hash_to_F(dst: &[u8], msg: &[u8]) -> Self::F

Field element from hash. Used during key gen and by other crates under Serai as a general utility. Used to instantiate H1 and H3.

fn hash_msg(msg: &[u8]) -> Output<Self::H>

Hash the message for the binding factor. H4 from the IETF draft.

fn hash_commitments(commitments: &[u8]) -> Output<Self::H>

Hash the commitments for the binding factor. H5 from the IETF draft.

fn hash_binding_factor(binding: &[u8]) -> Self::F

Hash the commitments and message to calculate the binding factor. H1 from the IETF draft.

fn random_nonce<R: RngCore + CryptoRng>( secret: &Zeroizing<Self::F>, rng: &mut R, ) -> Zeroizing<Self::F>

Securely generate a random nonce. H3 from the IETF draft.

fn read_G<R: Read>(reader: &mut R) -> Result<Self::G>

Read a point from a reader, rejecting identity.

impl Debug for Ristretto

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.

impl Hram<Ristretto> for IetfRistrettoHram

Available on crate features ristretto or ed25519 only.

fn hram( R: &<Ristretto as Ciphersuite>::G, A: &<Ristretto as Ciphersuite>::G, m: &[u8], ) -> Scalar

HRAm function to generate a challenge. H2 from the IETF draft, despite having a different argument set (not being pre-formatted).

impl PartialEq for Ristretto

fn eq(&self, other: &Ristretto) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Zeroize for Ristretto

fn zeroize(&mut self)

Zero out this object from memory using Rust intrinsics which ensure the zeroization operation is not “optimized away” by the compiler.

impl Copy for Ristretto

impl Eq for Ristretto

impl StructuralPartialEq for Ristretto