Class Verifier<C>

A batch verification context.

Type Parameters

C extends Ciphersuite

Index

Constructors

Methods

Constructors

constructor

new Verifier<C extends Ciphersuite>(ciphersuite: C): Verifier<C>
Constructs a new batch verifier.
Type Parameters
- C extends Ciphersuite
Parameters
- ciphersuite: C
  The ciphersuite to use for verification
Returns Verifier<C>
- Defined in core/dist/index.d.ts:3668

Methods

queue

queue(item: Item<C>): void
Queues an Item for verification.
Parameters
- item: Item<C>
  The item to queue for verification
Returns void
- Defined in core/dist/index.d.ts:3674

verify

verify(rng: () => Scalar<C>): void
Performs batch verification, returning nothing if all signatures were valid and throwing an error otherwise, or if the batch is empty.

The batch verification equation is:

h_G * -[sum(z_i * s_i)]P_G + sum([z_i]R_i + [z_i * c_i]VK_i) = 0_G

which we split out into:

h_G * -[sum(z_i * s_i)]P_G + sum([z_i]R_i) + sum([z_i * c_i]VK_i) = 0_G

so that we can use multiscalar multiplication speedups.

where for each signature i,
- VK_i is the verification key;
- R_i is the signature's R value;
- s_i is the signature's s value;
- c_i is the hash of the message and other data;
- z_i is a random 128-bit Scalar;
- h_G is the cofactor of the group;
- P_G is the generator of the subgroup;
As follows elliptic curve scalar multiplication convention, scalar variables are lowercase and group point variables are uppercase. This does not exactly match the RedDSA notation in the protocol specification section B.1.
Parameters
- rng: () => Scalar<C>
  A random number generator function that returns random scalars
Returns void
Throws
FrostError if the batch is empty or if verification fails
- Defined in core/dist/index.d.ts:3706