miden_crypto::dsa::rpo_falcon512

Struct Signature

source 
pub struct Signature { /* private fields */ }
Expand description

An RPO Falcon512 signature over a message.

The signature is a pair of polynomials (s1, s2) in (Z_p[x]/(phi))^2 a nonce r, and a public key polynomial h where:

  • p := 12289
  • phi := x^512 + 1

The signature verifies against a public key pk if and only if:

  1. s1 = c - s2 * h
  2. |s1|^2 + |s2|^2 <= SIG_L2_BOUND

where |.| is the norm and:

  • c = HashToPoint(r || message)
  • pk = Rpo256::hash(h)

Here h is a polynomial representing the public key and pk is its digest using the Rpo256 hash function. c is a polynomial that is the hash-to-point of the message being signed.

The polynomial h is serialized as:

  1. 1 byte representing the log2(512) i.e., 9.
  2. 896 bytes for the public key itself.

The signature is serialized as:

  1. A header byte specifying the algorithm used to encode the coefficients of the s2 polynomial together with the degree of the irreducible polynomial phi. For RPO Falcon512, the header byte is set to 10111001 which differentiates it from the standardized instantiation of the Falcon signature.
  2. 40 bytes for the nonce.
  3. 625 bytes encoding the s2 polynomial above.

The total size of the signature (including the extended public key) is 1563 bytes.

Implementations§

source§

impl Signature

source

pub fn new(nonce: Nonce, h: PubKeyPoly, s2: SignaturePoly) -> Signature

source

pub fn pk_poly(&self) -> &PubKeyPoly

Returns the public key polynomial h.

source

pub fn sig_poly(&self) -> &Polynomial<FalconFelt>

source

pub fn nonce(&self) -> &Nonce

Returns the nonce component of the signature.

source

pub fn verify(&self, message: Word, pubkey_com: Word) -> bool

Returns true if this signature is a valid signature for the specified message generated against the secret key matching the specified public key commitment.

Trait Implementations§

source§

impl Clone for Signature

source§

fn clone(&self) -> Signature

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl Debug for Signature

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl Deserializable for Signature

source§

fn read_from<R: ByteReader>( source: &mut R, ) -> Result<Self, DeserializationError>

Reads a sequence of bytes from the provided source, attempts to deserialize these bytes into Self, and returns the result. Read more
source§

fn read_from_bytes(bytes: &[u8]) -> Result<Self, DeserializationError>

Attempts to deserialize the provided bytes into Self and returns the result. Read more
source§

impl PartialEq for Signature

source§

fn eq(&self, other: &Signature) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
source§

impl Serializable for Signature

source§

fn write_into<W: ByteWriter>(&self, target: &mut W)

Serializes self into bytes and writes these bytes into the target.
source§

fn to_bytes(&self) -> Vec<u8>

Serializes self into a vector of bytes.
source§

fn get_size_hint(&self) -> usize

Returns an estimate of how many bytes are needed to represent self. Read more
source§

impl Eq for Signature

source§

impl StructuralPartialEq for Signature

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> CloneToUninit for T
where T: Clone,

source§

unsafe fn clone_to_uninit(&self, dst: *mut T)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> Same for T

source§

type Output = T

Should always be Self
source§

impl<T> ToOwned for T
where T: Clone,

source§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

source§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

source§

fn vzip(self) -> V