serai/crypto/transcript
Luke Parker 47be373eb0
Resolve #268 by adding a Zeroize to DigestTranscript which writes a full block
This is a 'better-than-nothing' attempt to invalidate its state.

Also replaces black_box features with usage of the rustversion crate.
2023-03-28 04:43:10 -04:00
..
src Resolve #268 by adding a Zeroize to DigestTranscript which writes a full block 2023-03-28 04:43:10 -04:00
Cargo.toml Resolve #268 by adding a Zeroize to DigestTranscript which writes a full block 2023-03-28 04:43:10 -04:00
LICENSE Update licenses 2023-01-11 23:05:31 -05:00
README.md Fully document crypto/ 2023-03-20 20:10:00 -04:00

Flexible Transcript

Flexible Transcript is a crate offering:

  • Transcript, a trait offering functions transcripts should implement.
  • DigestTranscript, a competent transcript format instantiated against a provided hash function.
  • MerlinTranscript, a wrapper of merlin into the trait (available via the merlin feature).
  • RecommendedTranscript, a transcript recommended for usage in applications. Currently, this is DigestTranscript<Blake2b512> (available via the recommended feature).

The trait was created while working on an IETF draft which defined an incredibly simple transcript format. Extensions of the protocol would quickly require a more competent format, yet implementing the one specified was mandatory to meet the specification. Accordingly, the library implementing the draft defined an IetfTranscript, dropping labels and not allowing successive challenges, yet thanks to the trait, allowed protocols building on top to provide their own transcript format as needed.

DigestTranscript takes in any hash function implementing Digest, offering a secure transcript format around it. All items are prefixed by a flag, denoting their type, and their length.

MerlinTranscript was used to justify the API, and if any issues existed with DigestTranscript, enable a fallback. It was also meant as a way to be compatible with existing Rust projects using merlin.

This library was audited by Cypher Stack in March 2023, culminating in commit 669d2dbffc1dafb82a09d9419ea182667115df06. Any subsequent changes have not undergone auditing.