3 unstable releases
0.4.1 | Sep 22, 2024 |
---|---|
0.3.1 | Sep 14, 2024 |
0.3.0 | Sep 13, 2024 |
#686 in Cryptography
46 downloads per month
Used in 5 crates
(3 directly)
60KB
938 lines
Ciphersuite
Ciphersuites for elliptic curves premised on ff/group.
This library, except for the not recommended Ed448 ciphersuite, was audited by Cypher Stack in March 2023, culminating in commit 669d2dbffc1dafb82a09d9419ea182667115df06. Any subsequent changes have not undergone auditing.
This library is usable under no_std. The alloc
and std
features enable
reading from the io::Read
trait, shimmed by std-shims
under alloc
.
Secp256k1/P-256
Secp256k1 and P-256 are offered via k256 and p256, two libraries maintained by RustCrypto.
Their hash_to_F
is the
IETF's hash to curve,
yet applied to their scalar field.
Ed25519/Ristretto
Ed25519/Ristretto are offered via dalek-ff-group, an ff/group wrapper around curve25519-dalek.
Their hash_to_F
is the wide reduction of SHA2-512, as used in
RFC-8032. This is also compliant with
the draft
RFC-RISTRETTO.
The domain-separation tag is naively prefixed to the message.
Ed448
Ed448 is offered via minimal-ed448, an explicitly not recommended, unaudited, incomplete Ed448 implementation, limited to its prime-order subgroup.
Its hash_to_F
is the wide reduction of SHAKE256, with a 114-byte output, as
used in RFC-8032. The
domain-separation tag is naively prefixed to the message.
Dependencies
~1.6–4MB
~81K SLoC