Struct miden_core::crypto::dsa::rpo_falcon512::Signature
source · pub struct Signature { /* private fields */ }
Expand description
An RPO Falcon512 signature over a message.
The signature is a pair of polynomials (s1, s2) in (Z_p[x]/(phi))^2, where:
- p := 12289
- phi := x^512 + 1
- s1 = c - s2 * h
- h is a polynomial representing the public key and c is a polynomial that is the hash-to-point of the message being signed.
The signature verifies if and only if:
- s1 = c - s2 * h
- |s1|^2 + |s2|^2 <= SIG_L2_BOUND
where |.| is the norm.
Signature also includes the extended public key which is serialized as:
- 1 byte representing the log2(512) i.e., 9.
- 896 bytes for the public key. This is decoded into the
h
polynomial above.
The actual signature is serialized as:
- A header byte specifying the algorithm used to encode the coefficients of the
s2
polynomial together with the degree of the irreducible polynomial phi. The general format of this byte is 0b0cc1nnnn where: a. cc is either 01 when the compressed encoding algorithm is used and 10 when the uncompressed algorithm is used. b. nnnn is log2(N) where N is the degree of the irreducible polynomial phi. The current implementation works always with cc equal to 0b01 and nnnn equal to 0b1001 and thus the header byte is always equal to 0b00111001. - 40 bytes for the nonce.
- 625 bytes encoding the
s2
polynomial above.
The total size of the signature (including the extended public key) is 1563 bytes.
Implementations§
source§impl Signature
impl Signature
sourcepub fn pub_key_poly(&self) -> Polynomial
pub fn pub_key_poly(&self) -> Polynomial
Returns the public key polynomial h.
sourcepub fn nonce(&self) -> [BaseElement; 8]
pub fn nonce(&self) -> [BaseElement; 8]
Returns the nonce component of the signature represented as field elements.
Nonce bytes are converted to field elements by taking consecutive 5 byte chunks of the nonce and interpreting them as field elements.
pub fn sig_poly(&self) -> Polynomial
sourcepub fn hash_to_point(&self, message: [BaseElement; 4]) -> Polynomial
pub fn hash_to_point(&self, message: [BaseElement; 4]) -> Polynomial
Returns a polynomial in Z_p[x]/(phi) representing the hash of the provided message.
sourcepub fn verify(
&self,
message: [BaseElement; 4],
pubkey_com: [BaseElement; 4]
) -> bool
pub fn verify( &self, message: [BaseElement; 4], pubkey_com: [BaseElement; 4] ) -> bool
Returns true if this signature is a valid signature for the specified message generated against key pair matching the specified public key commitment.
Trait Implementations§
source§impl Deserializable for Signature
impl Deserializable for Signature
source§fn read_from<R>(source: &mut R) -> Result<Signature, DeserializationError>where
R: ByteReader,
fn read_from<R>(source: &mut R) -> Result<Signature, DeserializationError>where R: ByteReader,
source
, attempts to deserialize these bytes
into Self
, and returns the result. Read moresource§fn read_from_bytes(bytes: &[u8]) -> Result<Self, DeserializationError>
fn read_from_bytes(bytes: &[u8]) -> Result<Self, DeserializationError>
source§fn read_batch_from<R>(
source: &mut R,
num_elements: usize
) -> Result<Vec<Self>, DeserializationError>where
R: ByteReader,
fn read_batch_from<R>( source: &mut R, num_elements: usize ) -> Result<Vec<Self>, DeserializationError>where R: ByteReader,
source
, attempts to deserialize these bytes
into a vector with the specified number of Self
elements, and returns the result. Read moresource§impl Serializable for Signature
impl Serializable for Signature
source§fn write_into<W>(&self, target: &mut W)where
W: ByteWriter,
fn write_into<W>(&self, target: &mut W)where W: ByteWriter,
self
into bytes and writes these bytes into the target
.