signature: `Keypair` design problems

[tarcieri]

The Keypair crate probably should've received more design work prior to its initial release. This is a tracking and discussion issue for problems around the design.

#1107 relaxed the trait bounds in a mostly-compatible way. However, it remains generic around S: Signature in a way which doesn't actually use the S type parameter, which is a bit odd.

The Keypair trait mandates an AsRef<Self::VerifyingKey> bound. This bound is a bit odd in that it's Self-referential which limits generic impls (e.g. it's not possible to impl AsRef generically). It also makes it difficult to define newtypes for keys, as the inner keypair types might use a verifying key type which isn't wrapped in the newtype, and can only be promoted to a reference of the newtype using an unsafe cast. See RustCrypto/RSA#190 as an example.

A possible alternative would allow computing the verifying key from a signing key without actually storing it in the same struct, e.g. using a type VerifyingKey: for<'a> From<&'a Self> bound rather than AsRef<Self::VerifyingKey> bound.

[lumag]

Yes, AsRef sounds like a more flexible solution

[tarcieri]

Err, do you mean From?

It has the disadvantage that if the key is already known, it will make a needless copy/clone, but in cases where it needs to be computed it's more flexible. Of course, as Keypair has already shipped, we can provide both (possibly with a blanket impl to unite them)

That said, I'm not sure what to name the trait.

[tarcieri]

Fixed in #1141