sign method
SchnorrkelSignature
sign(
- MerlinTranscript signingContextScript, {
- GenerateRandom? nonceGenerator,
Signs a message using the Schnorrkel secret key and a specified signing context script.
Parameters:
signingContextScript: A transcript containing context-specific information for the signature.nonceGenerator(optional): A function that generates a nonce. Default is a function that generates a random 64-byte nonce.
Implementation
SchnorrkelSignature sign(
MerlinTranscript signingContextScript, {
GenerateRandom? nonceGenerator,
}) {
const int nonceLength = SchnorrkelKeyCost.nonceLength * 2;
signingContextScript.additionalData(
"proto-name".codeUnits,
"Schnorr-sig".codeUnits,
);
signingContextScript.additionalData(
"sign:pk".codeUnits,
publicKey().toBytes(),
);
final nonceRand =
nonceGenerator?.call(nonceLength) ??
QuickCrypto.generateRandom(nonceLength);
if (nonceRand.length != nonceLength) {
throw const CryptoException("invalid nonce bytes length.");
}
final scNonce = Ed25519Utils.scalarReduceConst(nonceRand);
final mult = Ed25519Utils.scalarMultBase(scNonce);
final r = RistrettoPoint.fromEdwardBytes(mult);
signingContextScript.additionalData("sign:R".codeUnits, r.toBytes());
final k = signingContextScript.toBytesWithReduceScalar(
"sign:c".codeUnits,
64,
);
final sigS = Ed25519Utils.mulAdd(key(), k, scNonce);
final sig = SchnorrkelSignature._(sigS, r.toBytes());
return sig;
}