Lib.rs

CryptographyMagic Beans
#key #generate-keys #scheme #traits #noise #key-derivation #signature

aptos-crypto-link

Aptos crypto

Owned by wns-link.

1 unstable release

0.0.3 Nov 7, 2022

#30 in #generate-keys

Apache-2.0

330KB
5.5K SLoC

id: crypto title: Crypto custom_edit_url: https://github.com/aptos-labs/aptos-core/edit/main/crypto/crypto/README.md

The crypto component hosts all the implementations of cryptographic primitives we use in Aptos: hashing, signatures, multisignatures, aggregate signatures, and key derivation/generation.

To enforce type-safety for signature schemes, we rely on traits from traits.rs and validatable.rs.

Overview

Aptos makes use of several cryptographic algorithms:

  • SHA-3 as the main hash function
  • HKDF: HMAC-based Extract-and-Expand Key Derivation Function
    • Standardized in RFC 5869
    • Used to generate keys from a salt (optional), seed, and application-info (optional)
  • Ed25519 signatures and (naive) multisignatures
    • Based on the ed25519-dalek crate with additional security checks (e.g., for malleability)
  • Boneh-Shacham-Lynn (BLS) multisignatures and aggregate signatures
    • Based on the blst crate
    • Implemented on top of Barreto-Lynn-Scott BLS12-381 elliptic curves
  • The Noise Protocol Framework
    • Used to create authenticated and encrypted communications channels between validators
  • X25519 key exchange

Traits for safer cryptography implementation

Before implementing a cryptographic primitive, be sure to read traits.rs and validatable.rs to understand how to comply with our API as well as some of the security concerns involved.

How is this module organized?

    crypto/src
    ├── bls12-381/          # Boneh-Lynn-Shacham (BLS) signatures over (Barreto-Lynn-Scott) BLS12-381 curves
    ├── unit_tests/         # Unit tests
    ├── lib.rs
    ├── ed25519/            # Ed25519 implementation of the signing/verification API in traits.rs
    ├── hash.rs             # Hash function (SHA-3)
    ├── hkdf.rs             # HKDF implementation
    ├── multi_ed25519.rs    # MultiEd25519 implementation of the signing/verification API in traits.rs
    ├── noise.rs            # Noise Protocol Framework implementation
    ├── test_utils.rs
    ├── traits.rs           # Traits for safer implementations of signature schemes
    ├── validatable.rs      # Traits for deferring validation of group elements (e.g., public keys, signatures)
    └── x25519.rs           # X25519 implementation

Changelog

  • This crate historically had support for (a different) BLS12-381, EC-VRF, and SLIP-0010, though were removed due to lack of use. The last git revision before the removal is 00301524.

Dependencies

~16MB
~441K SLoC