[][src]Struct ed25519_dalek::Signature

pub struct Signature { /* fields omitted */ }

An ed25519 signature.


These signatures, unlike the ed25519 signature reference implementation, are "detached"—that is, they do not include a copy of the message which has been signed.


impl Signature[src]

pub fn to_bytes(&self) -> [u8; 64][src]

Convert this Signature to a byte array.

pub fn from_bytes(bytes: &[u8]) -> Result<Signature, SignatureError>[src]

Construct a Signature from a slice of bytes.

Scalar Malleability Checking

As originally specified in the ed25519 paper (cf. the "Malleability" section of the README in this repo), no checks whatsoever were performed for signature malleability.

Later, a semi-functional, hacky check was added to most libraries to "ensure" that the scalar portion, s, of the signature was reduced mod \ell, the order of the basepoint:

This example is not tested
if signature.s[31] & 224 != 0 {
    return Err();

This bit-twiddling ensures that the most significant three bits of the scalar are not set:

>>> 0b00010000 & 224
>>> 0b00100000 & 224
>>> 0b01000000 & 224
>>> 0b10000000 & 224

However, this check is hacky and insufficient to check that the scalar is fully reduced mod \ell = 2^252 + 27742317777372353535851937790883648493 as it leaves us with a guanteed bound of 253 bits. This means that there are 2^253 - 2^252 + 2774231777737235353585193779088364849311 remaining scalars which could cause malleabilllity.

RFC8032 states:

To verify a signature on a message M using public key A, [...] first split the signature into two 32-octet halves. Decode the first half as a point R, and the second half as an integer S, in the range 0 <= s < L. Decode the public key A as point A'. If any of the decodings fail (including S being out of range), the signature is invalid.

However, by the time this was standardised, most libraries in use were only checking the most significant three bits. (See also the documentation for PublicKey.verify_strict.)

Trait Implementations

impl Clone for Signature[src]

impl Copy for Signature[src]

impl Debug for Signature[src]

impl Eq for Signature[src]

impl PartialEq<Signature> for Signature[src]

impl StructuralEq for Signature[src]

impl StructuralPartialEq for Signature[src]

Auto Trait Implementations

impl RefUnwindSafe for Signature

impl Send for Signature

impl Sync for Signature

impl Unpin for Signature

impl UnwindSafe for Signature

Blanket Implementations

impl<T> Any for T where
    T: 'static + ?Sized

impl<T> Borrow<T> for T where
    T: ?Sized

impl<T> BorrowMut<T> for T where
    T: ?Sized

impl<T> From<T> for T[src]

impl<T, U> Into<U> for T where
    U: From<T>, 

impl<T> Same<T> for T

type Output = T

Should always be Self

impl<T> ToOwned for T where
    T: Clone

type Owned = T

The resulting type after obtaining ownership.

impl<T, U> TryFrom<U> for T where
    U: Into<T>, 

type Error = !

The type returned in the event of a conversion error.

impl<T, U> TryInto<U> for T where
    U: TryFrom<T>, 

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

impl<V, T> VZip<V> for T where
    V: MultiLane<T>,