Function verifyStrict [src]

Verify that the signature is valid for the entire message using cofactorless verification. This function performs strict verification without cofactor multiplication, checking the exact equation: [s]B = R + [H(R,A,m)]A This is more restrictive than the cofactored verify() method and may reject specially crafted signatures that would be accepted by cofactored verification. But it will never reject valid signatures created using the sign() method. Return IdentityElement or NonCanonical if the public key or signature are not in the expected range, or SignatureVerificationError if the signature is invalid for the given message and key.

Prototype

pub fn verifyStrict(self: *Verifier) VerifyError!void

Parameters

self: *Verifier

Possible Errors

IdentityElement IdentityElementError

SignatureVerificationFailed SignatureVerificationError

WeakPublicKey WeakPublicKeyError

Source

  pub fn verifyStrict(self: *Verifier) VerifyError!void {
    var hram64: [Sha512.digest_length]u8 = undefined;
    self.h.final(&hram64);
    const hram = Curve.scalar.reduce64(hram64);
    const sb_ah = (try Curve.basePoint.mulDoubleBasePublic(
        self.s,
        self.a.neg(),
        hram,
    ));
    const check = sb_ah.sub(self.expected_r);
    if (check.rejectIdentity()) |_| {
        return error.SignatureVerificationFailed;
    } else |_| {}
}  