Struct ClsagMultisig 

pub struct ClsagMultisig {
    transcript: RecommendedTranscript,
    key_image_generator: EdwardsPoint,
    key_image_shares: HashMap<[u8; 32], EdwardsPoint>,
    image: EdwardsPoint,
    context: ClsagContext,
    mask_recv: Option<ClsagMultisigMaskReceiver>,
    mask: Option<Scalar>,
    msg_hash: Option<[u8; 32]>,
    interim: Option<Interim>,
}

Available on crate feature multisig only.

FROST-inspired algorithm for producing a CLSAG signature.

Before this has its process_addendum called, a mask must be set. Before this has its sign_share called, all addendums (a non-zero amount) must be processed with process_addendum. Before verify, verify_share are called, sign_share must be called. Violation of this timeline is fundamentally incorrect and may cause panics.

The message signed is expected to be a 32-byte value. Per Monero, it’s the keccak256 hash of the transaction data which is signed. This will panic if the message is not a 32-byte value.

Fields

transcript: RecommendedTranscript

key_image_generator: EdwardsPoint

key_image_shares: HashMap<[u8; 32], EdwardsPoint>

image: EdwardsPoint

context: ClsagContext

mask_recv: Option<ClsagMultisigMaskReceiver>

mask: Option<Scalar>

msg_hash: Option<[u8; 32]>

interim: Option<Interim>

Implementations

impl ClsagMultisig

pub fn new( transcript: RecommendedTranscript, context: ClsagContext, ) -> (ClsagMultisig, ClsagMultisigMaskSender)

Construct a new instance of multisignature CLSAG signing.

pub fn key_image_generator(&self) -> EdwardsPoint

The key image generator used by the signer.

Trait Implementations

impl Algorithm<Ed25519> for ClsagMultisig

type Transcript = DigestTranscript<CoreWrapper<CtVariableCoreWrapper<Blake2bVarCore, UInt<UInt<UInt<UInt<UInt<UInt<UInt<UTerm, B1>, B0>, B0>, B0>, B0>, B0>, B0>>>>

The transcript format this algorithm uses. This likely should NOT be the IETF-compatible transcript included in this crate.

type Addendum = ClsagAddendum

Serializable addendum, used in algorithms requiring more data than just the nonces.

type Signature = (Clsag, EdwardsPoint)

The resulting type of the signatures this algorithm will produce.

fn nonces(&self) -> Vec<Vec<EdwardsPoint>>

Obtain the list of nonces to generate, as specified by the generators to create commitments against per-nonce.

fn preprocess_addendum<R: RngCore + CryptoRng>( &mut self, _rng: &mut R, keys: &ThresholdKeys<Ed25519>, ) -> ClsagAddendum

Generate an addendum to FROST“s preprocessing stage.

fn read_addendum<R: Read>(&self, reader: &mut R) -> Result<ClsagAddendum>

Read an addendum from a reader.

fn process_addendum( &mut self, view: &ThresholdView<Ed25519>, l: Participant, addendum: ClsagAddendum, ) -> Result<(), FrostError>

Process the addendum for the specified participant. Guaranteed to be called in order.

fn transcript(&mut self) -> &mut Self::Transcript

Obtain a mutable borrow of the underlying transcript.

fn sign_share( &mut self, view: &ThresholdView<Ed25519>, nonce_sums: &[Vec<EdwardsPoint>], nonces: Vec<Zeroizing<Scalar>>, msg_hash: &[u8], ) -> Scalar

Sign a share with the given secret/nonce. The secret will already have been its lagrange coefficient applied so it is the necessary key share. The nonce will already have been processed into the combined form d + (e * p).

fn verify( &self, _: EdwardsPoint, _: &[Vec<EdwardsPoint>], sum: Scalar, ) -> Option<Self::Signature>

Verify a signature.

fn verify_share( &self, verification_share: EdwardsPoint, nonces: &[Vec<EdwardsPoint>], share: Scalar, ) -> Result<Vec<(Scalar, EdwardsPoint)>, ()>

Verify a specific share given as a response. This function should return a series of pairs whose products should sum to zero for a valid share. Any error raised is treated as the share being invalid.

impl Drop for ClsagMultisig

fn drop(&mut self)

Executes the destructor for this type.

impl Zeroize for ClsagMultisig

fn zeroize(&mut self)

Zero out this object from memory using Rust intrinsics which ensure the zeroization operation is not “optimized away” by the compiler.

impl ZeroizeOnDrop for ClsagMultisig