7 releases (breaking)
0.5.1 | Jul 12, 2023 |
---|---|
0.5.0 | Mar 9, 2023 |
0.4.0 | Jan 31, 2023 |
0.3.0 | May 10, 2022 |
0.0.0 | Jan 8, 2021 |
#645 in Cryptography
18,310 downloads per month
Used in 27 crates
(3 directly)
105KB
1.5K
SLoC
A minimal RedDSA implementation for use in Zcash.
Two specializations of RedDSA are used in Zcash: RedJubjub and
RedPallas. For each of these, two parameterizations are used, one for
BindingSig
and one for SpendAuthSig
. This library distinguishes
these in the type system, using the sealed SigType
trait as a
type-level enum.
In addition to the Signature
, SigningKey
, VerificationKey
types,
the library also provides VerificationKeyBytes
, a refinement of a
[u8; 32]
indicating that bytes represent an encoding of a RedDSA
verification key. This allows the VerificationKey
type to cache
verification checks related to the verification key encoding.
For all specializations of RedDSA used in Zcash, encodings of signing
and verification keys are 32 bytes.
Examples
Creating a BindingSig
, serializing and deserializing it, and
verifying the signature:
# use std::convert::TryFrom;
use rand::thread_rng;
use reddsa::*;
let msg = b"Hello!";
// Generate a secret key and sign the message
let sk = SigningKey::<sapling::Binding>::new(thread_rng());
let sig = sk.sign(thread_rng(), msg);
// Types can be converted to raw byte arrays using From/Into
let sig_bytes: [u8; 64] = sig.into();
let pk_bytes: [u8; 32] = VerificationKey::from(&sk).into();
// Deserialize and verify the signature.
let sig: Signature<sapling::Binding> = sig_bytes.into();
assert!(
VerificationKey::try_from(pk_bytes)
.and_then(|pk| pk.verify(msg, &sig))
.is_ok()
);
FROST
You can enable ZIP-312 re-randomized FROST support with the frost
feature.
This is still experimental since ZIP-312 is still a draft.
docs
cargo doc --features "nightly" --open
Dependencies
~3MB
~60K SLoC