serai/crypto/ciphersuite
2023-03-16 19:25:01 -04:00
..
src Make Schnorr modular to its transcript 2023-03-07 05:30:21 -05:00
Cargo.toml Update and remove unused dependencies 2023-03-07 03:06:46 -05:00
LICENSE Update licenses 2023-01-11 23:05:31 -05:00
README.md Document crypto crates with audit notices 2023-03-16 19:25:01 -04:00

Ciphersuite

Ciphersuites for elliptic curves premised on ff/group.

This library, except for the not recommended Ed448 ciphersuite, was [audited by Cypher Stack in March 2023](../../audits/Cypher Stack crypto March 2023/Audit.pdf), culminating in commit 669d2dbffc.

Secp256k1/P-256

Secp256k1 and P-256 are offered via k256 and p256, two libraries maintained by RustCrypto.

Their hash_to_F is the IETF's hash to curve, yet applied to their scalar field.

Ed25519/Ristretto

Ed25519/Ristretto are offered via dalek-ff-group, an ff/group wrapper around curve25519-dalek.

Their hash_to_F is the wide reduction of SHA2-512, as used in RFC-8032. This is also compliant with the draft RFC-RISTRETTO. The domain-separation tag is naively prefixed to the message.

Ed448

Ed448 is offered via minimal-ed448, an explicitly not recommended, unaudited, incomplete Ed448 implementation, limited to its prime-order subgroup.

Its hash_to_F is the wide reduction of SHAKE256, with a 114-byte output, as used in RFC-8032. The domain-separation tag is naively prefixed to the message.