pub struct Signature { /* private fields */ }
Expand description
An RPO Falcon512 signature over a message.
The signature is a pair of polynomials (s1, s2) in (Z_p[x]/(phi))^2 a nonce r
, and a public
key polynomial h
where:
- p := 12289
- phi := x^512 + 1
The signature verifies against a public key pk
if and only if:
- s1 = c - s2 * h
- |s1|^2 + |s2|^2 <= SIG_L2_BOUND
where |.| is the norm and:
- c = HashToPoint(r || message)
- pk = Rpo256::hash(h)
Here h is a polynomial representing the public key and pk is its digest using the Rpo256 hash function. c is a polynomial that is the hash-to-point of the message being signed.
The polynomial h is serialized as:
- 1 byte representing the log2(512) i.e., 9.
- 896 bytes for the public key itself.
The signature is serialized as:
- A header byte specifying the algorithm used to encode the coefficients of the
s2
polynomial together with the degree of the irreducible polynomial phi. For RPO Falcon512, the header byte is set to10111001
which differentiates it from the standardized instantiation of the Falcon signature. - 40 bytes for the nonce.
- 625 bytes encoding the
s2
polynomial above.
The total size of the signature (including the extended public key) is 1563 bytes.
Implementations§
source§impl Signature
impl Signature
pub fn new(nonce: Nonce, h: PubKeyPoly, s2: SignaturePoly) -> Signature
sourcepub fn pk_poly(&self) -> &PubKeyPoly
pub fn pk_poly(&self) -> &PubKeyPoly
Returns the public key polynomial h.
pub fn sig_poly(&self) -> &Polynomial<FalconFelt>
Trait Implementations§
source§impl Deserializable for Signature
impl Deserializable for Signature
source§fn read_from<R: ByteReader>(
source: &mut R,
) -> Result<Self, DeserializationError>
fn read_from<R: ByteReader>( source: &mut R, ) -> Result<Self, DeserializationError>
Reads a sequence of bytes from the provided
source
, attempts to deserialize these bytes
into Self
, and returns the result. Read moresource§fn read_from_bytes(bytes: &[u8]) -> Result<Self, DeserializationError>
fn read_from_bytes(bytes: &[u8]) -> Result<Self, DeserializationError>
source§impl Serializable for Signature
impl Serializable for Signature
source§fn write_into<W: ByteWriter>(&self, target: &mut W)
fn write_into<W: ByteWriter>(&self, target: &mut W)
Serializes
self
into bytes and writes these bytes into the target
.source§fn get_size_hint(&self) -> usize
fn get_size_hint(&self) -> usize
Returns an estimate of how many bytes are needed to represent self. Read more
impl Eq for Signature
impl StructuralPartialEq for Signature
Auto Trait Implementations§
impl Freeze for Signature
impl RefUnwindSafe for Signature
impl Send for Signature
impl Sync for Signature
impl Unpin for Signature
impl UnwindSafe for Signature
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more
source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
source§unsafe fn clone_to_uninit(&self, dst: *mut T)
unsafe fn clone_to_uninit(&self, dst: *mut T)
🔬This is a nightly-only experimental API. (
clone_to_uninit
)