Bandersnatch

opaque

Jar.Crypto.bandersnatchVerify (key : BandersnatchPublicKey)
  (context message : ByteArray) (sig : BandersnatchSignature) : Bool
Jar.Crypto.bandersnatchVerify
  (key : BandersnatchPublicKey)
  (context message : ByteArray)
  (sig : BandersnatchSignature) : Bool

Ṽ_k^x⟨m⟩ : Bandersnatch signature verification. GP §3.8.2, Appendix G eq (G.1). Singly-contextualized Schnorr-like signature under IETF VRF template. verify(k, context, message, sig) = ⊤ iff valid. Deliberately left abstract — intended to be axiomatically specified or linked via FFI to a concrete cryptographic implementation.

opaque

Jar.Crypto.bandersnatchSign (secretKey context message : ByteArray) :
  BandersnatchSignature
Jar.Crypto.bandersnatchSign
  (secretKey context message :
    ByteArray) :
  BandersnatchSignature

Ṽ_k^x⟨m⟩ : Bandersnatch signing (requires secret key). GP §3.8.2. Deliberately left abstract — intended to be axiomatically specified or linked via FFI to a concrete cryptographic implementation.

opaque

Jar.Crypto.bandersnatchOutput (sig : BandersnatchSignature) : Hash
Jar.Crypto.bandersnatchOutput
  (sig : BandersnatchSignature) : Hash

Y(s) : VRF output extraction. GP Appendix G eq (G.2). Extracts the first 32 bytes of the VRF output from a signature. banderout(s) ∈ ℍ. Influenced by context but not by message. Deliberately left abstract — intended to be axiomatically specified or linked via FFI to a concrete cryptographic implementation.

JAR: JAM Axiomatic Reference

5.3. Bandersnatch🔗