#elliptic-curve #ciphersuite #group #ff

no-std ciphersuite-mirror

Ciphersuites built around ff/group. Mirrored by sneurlax from serai for downstream crate-publishing purposes until serai publishes their crates; use the versions from serai in production. This crate will be unpublished/deleted as soon as possible.

3 unstable releases

0.4.1 Sep 22, 2024
0.3.1 Sep 14, 2024
0.3.0 Sep 13, 2024

#686 in Cryptography

46 downloads per month
Used in 5 crates (3 directly)

MIT license

60KB
938 lines

Ciphersuite

Ciphersuites for elliptic curves premised on ff/group.

This library, except for the not recommended Ed448 ciphersuite, was audited by Cypher Stack in March 2023, culminating in commit 669d2dbffc1dafb82a09d9419ea182667115df06. Any subsequent changes have not undergone auditing.

This library is usable under no_std. The alloc and std features enable reading from the io::Read trait, shimmed by std-shims under alloc.

Secp256k1/P-256

Secp256k1 and P-256 are offered via k256 and p256, two libraries maintained by RustCrypto.

Their hash_to_F is the IETF's hash to curve, yet applied to their scalar field.

Ed25519/Ristretto

Ed25519/Ristretto are offered via dalek-ff-group, an ff/group wrapper around curve25519-dalek.

Their hash_to_F is the wide reduction of SHA2-512, as used in RFC-8032. This is also compliant with the draft RFC-RISTRETTO. The domain-separation tag is naively prefixed to the message.

Ed448

Ed448 is offered via minimal-ed448, an explicitly not recommended, unaudited, incomplete Ed448 implementation, limited to its prime-order subgroup.

Its hash_to_F is the wide reduction of SHAKE256, with a 114-byte output, as used in RFC-8032. The domain-separation tag is naively prefixed to the message.

Dependencies

~1.6–4MB
~81K SLoC