signature/verifier.rs
1//! Trait for verifying digital signatures
2
3use crate::error::Error;
4
5#[cfg(feature = "digest")]
6use crate::digest::Digest;
7
8/// Verify the provided message bytestring using `Self` (e.g. a public key)
9pub trait Verifier<S> {
10 /// Use `Self` to verify that the provided signature for a given message
11 /// bytestring is authentic.
12 ///
13 /// Returns `Error` if it is inauthentic, or otherwise returns `()`.
14 fn verify(&self, msg: &[u8], signature: &S) -> Result<(), Error>;
15}
16
17/// Verify the provided signature for the given prehashed message [`Digest`]
18/// is authentic.
19///
20/// ## Notes
21///
22/// This trait is primarily intended for signature algorithms based on the
23/// [Fiat-Shamir heuristic], a method for converting an interactive
24/// challenge/response-based proof-of-knowledge protocol into an offline
25/// digital signature through the use of a random oracle, i.e. a digest
26/// function.
27///
28/// The security of such protocols critically rests upon the inability of
29/// an attacker to solve for the output of the random oracle, as generally
30/// otherwise such signature algorithms are a system of linear equations and
31/// therefore doing so would allow the attacker to trivially forge signatures.
32///
33/// To prevent misuse which would potentially allow this to be possible, this
34/// API accepts a [`Digest`] instance, rather than a raw digest value.
35///
36/// [Fiat-Shamir heuristic]: https://en.wikipedia.org/wiki/Fiat%E2%80%93Shamir_heuristic
37#[cfg(feature = "digest")]
38pub trait DigestVerifier<D: Digest, S> {
39 /// Verify the signature against the given [`Digest`] output.
40 fn verify_digest(&self, digest: D, signature: &S) -> Result<(), Error>;
41}