62 std::array<unsigned char, 32>
seckey{};
66 void clear() noexcept {
106template <
typename FillRandom>
108 { std::forward<FillRandom>(fill)(bytes) }
noexcept -> std::same_as<void>;
112template <
typename FillRandom>
114 { std::forward<FillRandom>(fill)(bytes) }
noexcept -> std::same_as<Status>;
130template <
typename FillRandom>
137 std::size_t bytes_needed = (bits + 7) / 8;
138 std::array<unsigned char, 64> bytes{};
139 std::span<unsigned char> out(bytes.data(), bytes_needed);
144 if (candidate.
compare(range) < 0) {
156template <
typename FillRandom>
157requires NoexceptByteFill<FillRandom>
163 std::size_t bytes_needed = (bits + 7) / 8;
164 std::array<unsigned char, 64> bytes{};
165 std::span<unsigned char> out(bytes.data(), bytes_needed);
167 std::forward<FillRandom>(fill_random)(out);
170 if (candidate.
compare(range) < 0) {
211template <
typename FillRandom>
212requires(NoexceptByteFill<FillRandom> || NoexceptCheckedByteFill<FillRandom>)
215 "generate_key:random_below_custom");
226Result<FieldElement>
eval(
const SecretKey& secret,
const Bytes& message);
Native Bulletproof-style circuit types and witness serialization helpers.
Purify result carrier that either holds a value or an error.
Field element modulo the backend scalar field used by this implementation.
Move-only packed Purify secret stored in dedicated heap memory.
static Result< SecretKey > from_packed(const UInt512 &packed)
Constructs a validated secret key from packed Purify secret bytes.
Checked span wrapper that guarantees a minimum runtime length.
static Result< SpanAtLeast > try_from(std::span< T > span)
Callable concept for byte-fill RNG adapters that cannot fail.
Callable concept for byte-fill RNG adapters that report failure via Status.
#define PURIFY_RETURN_IF_ERROR(expr, context)
Evaluates an expected-like expression and returns the wrapped error on failure.
#define PURIFY_ASSIGN_OR_RETURN(lhs, expr, context)
Evaluates an expected-like expression, binds the value to lhs, and propagates errors.
void secure_clear_bytes(void *data, std::size_t size) noexcept
constexpr Unexpected< Error > unexpected_error(ErrorCode code, const char *context=nullptr)
Constructs an unexpected Error value from a machine-readable code.
Result< std::string > verifier(const Bytes &message, const UInt512 &pubkey)
Builds the legacy serialized verifier description for a message and public key.
Result< BulletproofWitnessData > prove_assignment_data(const Bytes &message, const SecretKey &secret)
Computes the native Purify witness for a message and secret.
Result< GeneratedKey > generate_key()
Generates a random Purify keypair using the built-in OS RNG.
BigUInt< 8 > UInt512
512-bit unsigned integer used for private and packed public keys.
Result< NativeBulletproofCircuit > verifier_circuit(const Bytes &message, const UInt512 &pubkey)
Builds the native verifier circuit for a message and public key.
Result< Bip340Key > derive_bip340_key(const SecretKey &secret, purify_secp_context *secp_context)
Derives a canonical BIP340 signing keypair from an owned Purify secret.
Result< Bytes > prove_assignment(const Bytes &message, const SecretKey &secret)
Serializes the witness assignment produced for a message and secret.
Result< GeneratedKey > derive_key(const SecretKey &secret)
Derives the packed public key corresponding to a packed secret.
std::vector< unsigned char > Bytes
Dynamically sized byte string used for messages, serialized witnesses, and proofs.
const UInt512 & packed_secret_key_space_size()
Returns the size of the packed secret-key encoding space.
UInt512 key_space_size()
Returns the size of the packed Purify secret-key space.
Result< FieldElement > eval(const SecretKey &secret, const Bytes &message)
Evaluates the Purify PRF for an owned secret key and message.
Result< bool > evaluate_verifier_circuit(const Bytes &message, const BulletproofWitnessData &witness)
Evaluates the generated verifier circuit against an explicit witness.
SpanAtLeast< 16, const unsigned char > KeySeed
Minimum-length checked wrapper for deterministic key-generation seed material.
Result< UInt512 > random_below(const UInt512 &range, FillRandom &&fill_random)
Samples a uniformly random packed secret below a range using a checked byte-fill source.
Status fill_secure_random(std::span< unsigned char > bytes) noexcept
Fills a buffer with operating-system randomness.
Secret-owning Purify key material wrappers.
std::size_t bit_length() const
Returns the index of the highest set bit plus one.
static BigUInt from_bytes_be(const unsigned char *data, std::size_t size)
Parses a big-endian byte string into the fixed-width integer.
bool is_zero() const
Returns true when all limbs are zero.
int compare(const BigUInt &other) const
Compares two fixed-width integers using unsigned ordering.
void mask_bits(std::size_t bits)
Clears all bits above the requested width.
Canonical BIP340 keypair derived deterministically from a packed Purify secret.
Bip340Key(const Bip340Key &)=delete
Bip340Key & operator=(Bip340Key &&other) noexcept
std::array< unsigned char, 32 > seckey
Bip340Key & operator=(const Bip340Key &)=delete
std::array< unsigned char, 32 > xonly_pubkey
Bip340Key(Bip340Key &&other) noexcept
Columnar witness assignment compatible with the native Bulletproof circuit layout.
Complete witness bundle for evaluating and proving a Purify instance.
BulletproofAssignmentData assignment
Derived Purify keypair bundle with an owned packed secret and its matching public key.
1.9.8