Struct miden_core::crypto::dsa::rpo_falcon512::Signature

pub struct Signature { /* private fields */ }

An RPO Falcon512 signature over a message.

The signature is a pair of polynomials (s1, s2) in (Z_p[x]/(phi))^2, where:

• p := 12289
• phi := x^512 + 1
• s1 = c - s2 * h
• h is a polynomial representing the public key and c is a polynomial that is the hash-to-point of the message being signed.

The signature verifies if and only if:

1. s1 = c - s2 * h
2. |s1|^2 + |s2|^2 <= SIG_L2_BOUND

where |.| is the norm.

Signature also includes the extended public key which is serialized as:

1. 1 byte representing the log2(512) i.e., 9.
2. 896 bytes for the public key. This is decoded into the h polynomial above.

The actual signature is serialized as:

1. A header byte specifying the algorithm used to encode the coefficients of the s2 polynomial together with the degree of the irreducible polynomial phi. The general format of this byte is 0b0cc1nnnn where: a. cc is either 01 when the compressed encoding algorithm is used and 10 when the uncompressed algorithm is used. b. nnnn is log2(N) where N is the degree of the irreducible polynomial phi. The current implementation works always with cc equal to 0b01 and nnnn equal to 0b1001 and thus the header byte is always equal to 0b00111001.
2. 40 bytes for the nonce.
3. 625 bytes encoding the s2 polynomial above.

The total size of the signature (including the extended public key) is 1563 bytes.

Implementations

impl Signature

pub fn pub_key_poly(&self) -> Polynomial

Returns the public key polynomial h.

pub fn nonce(&self) -> [BaseElement; 8]

Returns the nonce component of the signature represented as field elements.

Nonce bytes are converted to field elements by taking consecutive 5 byte chunks of the nonce and interpreting them as field elements.

pub fn sig_poly(&self) -> Polynomial

pub fn hash_to_point(&self, message: [BaseElement; 4]) -> Polynomial

Returns a polynomial in Z_p[x]/(phi) representing the hash of the provided message.

pub fn verify( &self, message: [BaseElement; 4], pubkey_com: [BaseElement; 4] ) -> bool

Returns true if this signature is a valid signature for the specified message generated against key pair matching the specified public key commitment.

Trait Implementations

impl Deserializable for Signature

fn read_from<R>(source: &mut R) -> Result<Signature, DeserializationError>where R: ByteReader,

Reads a sequence of bytes from the provided source, attempts to deserialize these bytes into Self, and returns the result.

fn read_from_bytes(bytes: &[u8]) -> Result<Self, DeserializationError>

Attempts to deserialize the provided bytes into Self and returns the result.

fn read_batch_from<R>( source: &mut R, num_elements: usize ) -> Result<Vec<Self>, DeserializationError>where R: ByteReader,

Reads a sequence of bytes from the provided source, attempts to deserialize these bytes into a vector with the specified number of Self elements, and returns the result.

impl Serializable for Signature

fn write_into<W>(&self, target: &mut W)where W: ByteWriter,

Serializes self into bytes and writes these bytes into the target.

fn to_bytes(&self) -> Vec<u8>

Serializes self into a vector of bytes.

fn write_batch_into<W>(source: &[Self], target: &mut W)where W: ByteWriter,

Serializes all elements of the source and writes these bytes into the target.

fn get_size_hint(&self) -> usize

Returns an estimate of how many bytes are needed to represent self.