Skip to main content

Schnorr

mina_signer::schnorr

Struct Schnorr 

Source 
pub struct Schnorr<H: Hashable> {
    pub hasher: Box<dyn Hasher<Message<H>>>,
    pub domain_param: H::D,
}
Expand description

Schnorr signer context for the Mina signature algorithm

For details about the signature algorithm please see the schnorr documentation

Fields§

§hasher: Box<dyn Hasher<Message<H>>>

The hasher instance used to hash messages

§domain_param: H::D

The domain parameter used for hashing

Implementations§

Source§

impl<H: 'static + Hashable> Schnorr<H>

Source

pub fn derive_nonce_chunked(&self, kp: &Keypair, input: &H) -> ScalarField

Chunked nonce derivation for zkApp transactions.

This function implements the deterministic nonce derivation algorithm used by Message.Chunked in the OCaml implementation. Use this for zkApp transactions that need to be compatible with o1js.

§Compatibility

This implementation corresponds to Message.Chunked.derive in the OCaml implementation (src/lib/crypto/signature_lib/schnorr.ml).

It is also compatible with the TypeScript o1js implementation: https://github.com/o1-labs/o1js/blob/main/src/mina-signer/src/signature.ts

The private key conversion replicates the “Field.project” method with unpack from the OCaml implementation, which performs modular reduction when the scalar field value is larger than the base field modulus.

§Algorithm

The nonce derivation follows this process:

  1. Create ROInput from: message || public_key_x || public_key_y || private_key || network_id
  2. Pack the ROInput into fields using Mina’s field packing
  3. Convert packed fields to bits (255 bits per field)
  4. Convert bits to bytes for BLAKE2b input
  5. Hash with BLAKE2b-256
  6. Drop the top 2 bits to create a valid scalar field element
§Parameters
  • kp - The keypair containing both public and private keys
  • input - The message to be signed
§Returns

A deterministic nonce as a scalar field element.

§Test Vectors

For test vectors demonstrating this function’s usage, see the sign_fields_test in tests/signer.rs which uses NonceMode::Chunked.

§Security

This function generates a cryptographically secure, deterministic nonce that:

  • Depends on the private key, public key, message, and network context
  • Ensures no two different messages share the same nonce (with the same key)
  • Is compatible with existing Mina protocol implementations
§Panics

Panics if the BLAKE2b variable-output hasher cannot be created with a 32-byte output size (should not happen).

Source

fn derive_nonce_legacy(&self, kp: &Keypair, input: &H) -> ScalarField

Legacy nonce derivation for user commands (payments, delegations).

This function implements the deterministic nonce derivation algorithm used by Message.Legacy in the OCaml implementation. Use this for legacy Mina transactions (user commands) such as payments and delegations.

§Compatibility

This implementation corresponds to Message.Legacy.derive in the OCaml implementation (src/lib/crypto/signature_lib/schnorr.ml).

§Parameters
  • kp - The keypair containing both public and private keys
  • input - The message to be signed
§Returns

A deterministic nonce as a scalar field element.

§Usage

Use this method for legacy Mina transactions (user commands) such as payments and delegations. For zkApp transactions, use derive_nonce_chunked instead.

§Differences from derive_nonce_chunked

This method differs from derive_nonce_chunked in several ways:

  • Uses direct byte serialization (roi.to_bytes()) instead of field packing
  • Appends private key as scalar field element instead of base field element
  • Uses full network ID bytes instead of packed single byte
  • Does not perform bit-level manipulation for BLAKE2b input
§Security

This function generates a cryptographically secure, deterministic nonce that depends on the private key, public key, message, and network context.

Source

fn message_hash( &mut self, pub_key: &PubKey, rx: BaseField, input: &H, ) -> ScalarField

This function uses a cryptographic hash function (based on a sponge construction) to convert the message to be signed (and some other information) into a uniformly and randomly distributed scalar field element. It uses Mina’s variant of the Poseidon SNARK-friendly cryptographic hash function. Details: https://github.com/o1-labs/cryptography-rfcs/blob/httpsnapps-notary-signatures/mina/001-poseidon-sponge.md

Trait Implementations§

Source§

impl<H: 'static + Hashable> Signer<H> for Schnorr<H>

Source§

fn sign(&mut self, kp: &Keypair, input: &H, nonce_mode: NonceMode) -> Signature

Sign input (see [Hashable]) using keypair kp and return the corresponding signature. Read more
Source§

fn verify(&mut self, sig: &Signature, public: &PubKey, input: &H) -> bool

Verify that the signature sig on input (see [Hashable]) is signed with the secret key corresponding to pub_key. Return true if the signature is valid and false otherwise.

Auto Trait Implementations§

§

impl<H> Freeze for Schnorr<H>
where <H as Hashable>::D: Freeze,

§

impl<H> !RefUnwindSafe for Schnorr<H>

§

impl<H> !Send for Schnorr<H>

§

impl<H> !Sync for Schnorr<H>

§

impl<H> Unpin for Schnorr<H>
where <H as Hashable>::D: Unpin,

§

impl<H> UnsafeUnpin for Schnorr<H>
where <H as Hashable>::D: UnsafeUnpin,

§

impl<H> !UnwindSafe for Schnorr<H>

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
§

impl<T> Conv for T

§

fn conv<T>(self) -> T
where Self: Into<T>,

Converts self into T using Into<T>. Read more
§

impl<T> FmtForward for T

§

fn fmt_binary(self) -> FmtBinary<Self>
where Self: Binary,

Causes self to use its Binary implementation when Debug-formatted.
§

fn fmt_display(self) -> FmtDisplay<Self>
where Self: Display,

Causes self to use its Display implementation when Debug-formatted.
§

fn fmt_lower_exp(self) -> FmtLowerExp<Self>
where Self: LowerExp,

Causes self to use its LowerExp implementation when Debug-formatted.
§

fn fmt_lower_hex(self) -> FmtLowerHex<Self>
where Self: LowerHex,

Causes self to use its LowerHex implementation when Debug-formatted.
§

fn fmt_octal(self) -> FmtOctal<Self>
where Self: Octal,

Causes self to use its Octal implementation when Debug-formatted.
§

fn fmt_pointer(self) -> FmtPointer<Self>
where Self: Pointer,

Causes self to use its Pointer implementation when Debug-formatted.
§

fn fmt_upper_exp(self) -> FmtUpperExp<Self>
where Self: UpperExp,

Causes self to use its UpperExp implementation when Debug-formatted.
§

fn fmt_upper_hex(self) -> FmtUpperHex<Self>
where Self: UpperHex,

Causes self to use its UpperHex implementation when Debug-formatted.
§

fn fmt_list(self) -> FmtList<Self>
where &'a Self: for<'a> IntoIterator,

Formats each item in a sequence. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

§

impl<T> Pipe for T
where T: ?Sized,

§

fn pipe<R>(self, func: impl FnOnce(Self) -> R) -> R
where Self: Sized,

Pipes by value. This is generally the method you want to use. Read more
§

fn pipe_ref<'a, R>(&'a self, func: impl FnOnce(&'a Self) -> R) -> R
where R: 'a,

Borrows self and passes that borrow into the pipe function. Read more
§

fn pipe_ref_mut<'a, R>(&'a mut self, func: impl FnOnce(&'a mut Self) -> R) -> R
where R: 'a,

Mutably borrows self and passes that borrow into the pipe function. Read more
§

fn pipe_borrow<'a, B, R>(&'a self, func: impl FnOnce(&'a B) -> R) -> R
where Self: Borrow<B>, B: 'a + ?Sized, R: 'a,

Borrows self, then passes self.borrow() into the pipe function. Read more
§

fn pipe_borrow_mut<'a, B, R>( &'a mut self, func: impl FnOnce(&'a mut B) -> R, ) -> R
where Self: BorrowMut<B>, B: 'a + ?Sized, R: 'a,

Mutably borrows self, then passes self.borrow_mut() into the pipe function. Read more
§

fn pipe_as_ref<'a, U, R>(&'a self, func: impl FnOnce(&'a U) -> R) -> R
where Self: AsRef<U>, U: 'a + ?Sized, R: 'a,

Borrows self, then passes self.as_ref() into the pipe function.
§

fn pipe_as_mut<'a, U, R>(&'a mut self, func: impl FnOnce(&'a mut U) -> R) -> R
where Self: AsMut<U>, U: 'a + ?Sized, R: 'a,

Mutably borrows self, then passes self.as_mut() into the pipe function.
§

fn pipe_deref<'a, T, R>(&'a self, func: impl FnOnce(&'a T) -> R) -> R
where Self: Deref<Target = T>, T: 'a + ?Sized, R: 'a,

Borrows self, then passes self.deref() into the pipe function.
§

fn pipe_deref_mut<'a, T, R>( &'a mut self, func: impl FnOnce(&'a mut T) -> R, ) -> R
where Self: DerefMut<Target = T> + Deref, T: 'a + ?Sized, R: 'a,

Mutably borrows self, then passes self.deref_mut() into the pipe function.
§

impl<T> Pointable for T

§

const ALIGN: usize

The alignment of pointer.
§

type Init = T

The type for initializers.
§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
§

impl<T> Tap for T

§

fn tap(self, func: impl FnOnce(&Self)) -> Self

Immutable access to a value. Read more
§

fn tap_mut(self, func: impl FnOnce(&mut Self)) -> Self

Mutable access to a value. Read more
§

fn tap_borrow<B>(self, func: impl FnOnce(&B)) -> Self
where Self: Borrow<B>, B: ?Sized,

Immutable access to the Borrow<B> of a value. Read more
§

fn tap_borrow_mut<B>(self, func: impl FnOnce(&mut B)) -> Self
where Self: BorrowMut<B>, B: ?Sized,

Mutable access to the BorrowMut<B> of a value. Read more
§

fn tap_ref<R>(self, func: impl FnOnce(&R)) -> Self
where Self: AsRef<R>, R: ?Sized,

Immutable access to the AsRef<R> view of a value. Read more
§

fn tap_ref_mut<R>(self, func: impl FnOnce(&mut R)) -> Self
where Self: AsMut<R>, R: ?Sized,

Mutable access to the AsMut<R> view of a value. Read more
§

fn tap_deref<T>(self, func: impl FnOnce(&T)) -> Self
where Self: Deref<Target = T>, T: ?Sized,

Immutable access to the Deref::Target of a value. Read more
§

fn tap_deref_mut<T>(self, func: impl FnOnce(&mut T)) -> Self
where Self: DerefMut<Target = T> + Deref, T: ?Sized,

Mutable access to the Deref::Target of a value. Read more
§

fn tap_dbg(self, func: impl FnOnce(&Self)) -> Self

Calls .tap() only in debug builds, and is erased in release builds.
§

fn tap_mut_dbg(self, func: impl FnOnce(&mut Self)) -> Self

Calls .tap_mut() only in debug builds, and is erased in release builds.
§

fn tap_borrow_dbg<B>(self, func: impl FnOnce(&B)) -> Self
where Self: Borrow<B>, B: ?Sized,

Calls .tap_borrow() only in debug builds, and is erased in release builds.
§

fn tap_borrow_mut_dbg<B>(self, func: impl FnOnce(&mut B)) -> Self
where Self: BorrowMut<B>, B: ?Sized,

Calls .tap_borrow_mut() only in debug builds, and is erased in release builds.
§

fn tap_ref_dbg<R>(self, func: impl FnOnce(&R)) -> Self
where Self: AsRef<R>, R: ?Sized,

Calls .tap_ref() only in debug builds, and is erased in release builds.
§

fn tap_ref_mut_dbg<R>(self, func: impl FnOnce(&mut R)) -> Self
where Self: AsMut<R>, R: ?Sized,

Calls .tap_ref_mut() only in debug builds, and is erased in release builds.
§

fn tap_deref_dbg<T>(self, func: impl FnOnce(&T)) -> Self
where Self: Deref<Target = T>, T: ?Sized,

Calls .tap_deref() only in debug builds, and is erased in release builds.
§

fn tap_deref_mut_dbg<T>(self, func: impl FnOnce(&mut T)) -> Self
where Self: DerefMut<Target = T> + Deref, T: ?Sized,

Calls .tap_deref_mut() only in debug builds, and is erased in release builds.
§

impl<T> TryConv for T

§

fn try_conv<T>(self) -> Result<T, Self::Error>
where Self: TryInto<T>,

Attempts to convert self into T using TryInto<T>. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V