Trait Ciphersuite

pub trait Ciphersuite:
    'static
    + Send
    + Sync
    + Clone
    + Copy
    + PartialEq
    + Eq
    + Debug
    + Zeroize {
    type F: PrimeField + PrimeFieldBits + Zeroize;
    type G: Group<Scalar = Self::F> + GroupOps + PrimeGroup + Zeroize + ConstantTimeEq;
    type H: Send + Clone + BlockSizeUser + Digest + HashMarker + SecureDigest;

    const ID: &'static [u8];

    // Required methods
    fn generator() -> Self::G;
    fn hash_to_F(dst: &[u8], msg: &[u8]) -> Self::F;

    // Provided methods
    fn random_nonzero_F<R>(rng: &mut R) -> Self::F
       where R: RngCore + CryptoRng { ... }
    fn read_F<R>(reader: &mut R) -> Result<Self::F, Error>
       where R: Read { ... }
    fn read_G<R>(reader: &mut R) -> Result<Self::G, Error>
       where R: Read { ... }
}

Unified trait defining a ciphersuite around an elliptic curve.

Required Associated Constants

const ID: &'static [u8]

ID for this curve.

Required Associated Types

type F: PrimeField + PrimeFieldBits + Zeroize

Scalar field element type.

type G: Group<Scalar = Self::F> + GroupOps + PrimeGroup + Zeroize + ConstantTimeEq

Group element type.

type H: Send + Clone + BlockSizeUser + Digest + HashMarker + SecureDigest

Hash algorithm used with this curve.

Required Methods

fn generator() -> Self::G

Generator for the group.

fn hash_to_F(dst: &[u8], msg: &[u8]) -> Self::F

Hash the provided domain-separation tag and message to a scalar. Ciphersuites MAY naively prefix the tag to the message, enabling transpotion between the two. Accordingly, this function should NOT be used in any scheme where one tag is a valid substring of another UNLESS the specific Ciphersuite is verified to handle the DST securely.

Verifying specific ciphersuites have secure tag handling is not recommended, due to it breaking the intended modularity of ciphersuites. Instead, component-specific tags with further purpose tags are recommended (“Schnorr-nonce”, “Schnorr-chal”).

Provided Methods

fn random_nonzero_F<R>(rng: &mut R) -> Self::F

where R: RngCore + CryptoRng,

Generate a random non-zero scalar.

fn read_F<R>(reader: &mut R) -> Result<Self::F, Error>

where R: Read,

Read a canonical scalar from something implementing std::io::Read.

fn read_G<R>(reader: &mut R) -> Result<Self::G, Error>

where R: Read,

Read a canonical point from something implementing std::io::Read.

Dyn Compatibility

This trait is not dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.

Implementors

impl Ciphersuite for Ed25519

const ID: &'static [u8] = b"edwards25519"

type F = Scalar

type G = EdwardsPoint

type H = CoreWrapper<CtVariableCoreWrapper<Sha512VarCore, UInt<UInt<UInt<UInt<UInt<UInt<UInt<UTerm, B1>, B0>, B0>, B0>, B0>, B0>, B0>, OidSha512>>