#const #point #ed25519 #byte #evaluation #hashing #codec

const-crypto

A #[no_std] library for const sha2/sha3 hashing, ed25519 off-curve point evaluation, and bs58 decoding/encoding with minimal dependencies

3 releases (breaking)

0.3.0 Jun 1, 2024
0.2.0 Apr 28, 2024
0.1.0 Apr 28, 2024

#47 in #ed25519

Download history 43/week @ 2024-06-19 22/week @ 2024-06-26 48/week @ 2024-07-03 466/week @ 2024-07-10 286/week @ 2024-07-17 565/week @ 2024-07-24 17307/week @ 2024-07-31 9281/week @ 2024-08-07 3357/week @ 2024-08-14 2205/week @ 2024-08-21 1527/week @ 2024-08-28 1013/week @ 2024-09-04 766/week @ 2024-09-11 631/week @ 2024-09-18 510/week @ 2024-09-25 446/week @ 2024-10-02

2,422 downloads per month
Used in 21 crates (6 directly)

MIT/Apache

44KB
709 lines

const-crypto

A #[no_std] library for const sha2/sha3 hashing, ed25519 off-curve point evaluation, and bs58 decoding/encoding with minimal dependencies.

Features

  • We write a const implementation of Edwards point decompression and use it to provide a const implementation of on/off curve evaluation. This is then used to build a const implementation of Solana's Pubkey::find_program_address. NOTE: this point decompression implementation is not cryptographically safe; it does not use constant time implementations for the internal math operations, as it is not intended to be used with secrets. Do not reuse.
  • Base58 encoding of 32 byte arrays into strings (and vice versa, i.e. decoding). The encoding is taken from fd_bs58, and adapted for const/`#[no_std] with some bug fixes.
  • Full sha2/sha3 hash suites. Re-exports of sha2-const-stable (authored by yours truly) and keccak-const (authored by OffChainLabs)

Usage

The file examples/pda.rs concisely demonstrates all functionality:

use const_crypto::{bs58, ed25519, sha2, sha3};

/// Uses const bs58 to roundtrip (decode + encode) system_program ID
pub const PROGRAM_KEY: [u8; 32] = bs58::decode_pubkey("11111111111111111111111111111111");
pub const PROGRAM_KEY_STR: &'static str = bs58::encode_pubkey(&PROGRAM_KEY).str();
const _: () = assert!(ascii_str_eq(
    PROGRAM_KEY_STR,
    "11111111111111111111111111111111"
));

/// Uses const ed25519 (and thus const sha2 internally)
pub const PROGRAM_DERIVED_ADDRESS: [u8; 32] =
    ed25519::derive_program_address(&[b"seed"], &PROGRAM_KEY).0;

// the address is off curve
const _: () = assert!(!ed25519::crypto_unsafe_is_on_curve(
    &PROGRAM_DERIVED_ADDRESS
));

pub fn main() {
    pub const KECCAK_DEMO: [u8; 32] = sha3::Keccak256::new().update(b"const-keccak").finalize();
    pub const SHA3_256_DEMO: [u8; 32] = sha3::Sha3_256::new().update(b"const-sha3").finalize();
    pub const SHA256_DEMO: [u8; 32] = sha2::Sha256::new().update(b"const-sha2").finalize();

    println!("pda      = {PROGRAM_DERIVED_ADDRESS:?}\n");
    println!("keccak   = {KECCAK_DEMO:?}\n");
    println!("sha3_256 = {SHA3_256_DEMO:?}\n");
    println!("sha256   = {SHA256_DEMO:?}\n");
}

/// A utility function used to show round trip is correct
pub const fn ascii_str_eq(a: &str, b: &str) -> bool {
    assert!(a.len() == b.len());
    assert!(a.is_ascii());
    assert!(b.is_ascii());

    let mut i = 0;
    while i < a.len() {
        assert!(a.as_bytes()[i] == b.as_bytes()[i]);
        i += 1
    }
    true
}

Dependencies

~4.5MB