* Fixed bench when `batch` feature is not present
* Added bench build regression test to CI
* Fixed batch build more generally
* Simplified batch cfg gates in benches
* Updated criterion
* Made CI batch-nondeterministic test use nostd
* Fix batch_deterministic build
* Removed bad compile error when batch and batch_deterministic are selected
* Rename `signing` and `verifying` modules
Renames the following modules:
- `keypair` => `signing`
- `public` => `verifying`
Renaming these in an individual commit preserves the commit history.
This is in anticipation of renaming the following per #225:
- `Keypair` => `SigningKey`
- `PublicKey` => `VerifyingKey`
* Rename `Keypair` => `SigningKey`; `PublicKey` => `VerifyingKey`
As proposed in #225, renames key types after their roles:
- `SigningKey` produces signatures
- `VerifyingKey` verifies signatures
The `SecretKey` type is changed to a type alias for `[u8; 32]`, which
matches the RFC8032 definition:
https://www.rfc-editor.org/rfc/rfc8032#section-5.1.5
> The private key is 32 octets (256 bits, corresponding to b) of
> cryptographically secure random data.
This fix eliminates a scenario where a user misuses the `ExpandedSecretKey` API
in a way that leaks the user's secret key. In short, if a user sends
`ExpandedSecretKey::sign(sk, msg, pk1)` followed by
`ExpandedSecretKey::sign(sk, msg, pk2)`, where `pk1 != pk2`, a passive
adversary [can easily][0] derive `sk`. To mitigate this, we remove the API
entirely.
[0]: https://github.com/MystenLabs/ed25519-unsafe-libs
The API for this isn't the greatest and I apologise for that. Suggestions for
improvement welcome. One thing which @hdevalence and I considered was to
change the function signature to:
pub fn verify_batch<D, C, M, S, K>(messages: M,
signatures: S,
public_keys: K,
csprng: &mut C) -> Result<(), SignatureError>
where D: Digest<OutputSize = U64> + Default,
C: Rng + CryptoRng,
M: IntoIterator<Item = &[u8]>,
S: IntoIterator,
S::Item: Borrow<Signature>,
K: IntoIterator,
K::Item: Borrow<Signature>,
The other improvement which could be made is to implement 128-bit scalars for
the randomnesses.
* CLOSES#27
