#signature-scheme #verification-key #group #decaf377 #byte #domain #signing-key

no-std decaf377-rdsa

decaf377-rdsa is a randomizable signature scheme using the decaf377 group

5 releases (breaking)

0.10.0 Apr 19, 2024
0.9.0 Nov 15, 2023
0.7.0 Aug 9, 2023
0.6.0 Apr 27, 2023
0.5.0 Apr 27, 2023

#575 in Cryptography

Download history 777/week @ 2024-02-05 1046/week @ 2024-02-12 512/week @ 2024-02-19 1153/week @ 2024-02-26 819/week @ 2024-03-04 793/week @ 2024-03-11 772/week @ 2024-03-18 1085/week @ 2024-03-25 1702/week @ 2024-04-01 1756/week @ 2024-04-08 1726/week @ 2024-04-15 993/week @ 2024-04-22 868/week @ 2024-04-29 877/week @ 2024-05-06 530/week @ 2024-05-13 771/week @ 2024-05-20

3,087 downloads per month

MIT/Apache

37KB
714 lines

decaf377-rdsa

Crates.io

decaf377-rdsa is a variant of RedDSA, instantiated using the decaf377 group.

Signatures are parameterized by domain (for instance, Binding and SpendAuth); this library distinguishes different domains in the type system using the SigType trait as a type-level enum.

In addition to the Signature, SigningKey, VerificationKey types, the library also provides VerificationKeyBytes, a refinement of a [u8; 32] indicating that bytes represent an encoding of a RedJubjub verification key. This allows the VerificationKey type to cache verification checks related to the verification key encoding.

WARNING

This code is a work-in-progress, and the entire specification is still subject to change. In particular, it's likely that the basepoint used for binding signatures will change in the future as the decaf377 spec evolves.

Examples

Creating a spend authorization signature, serializing and deserializing it, and verifying the signature:

# use std::convert::TryFrom;
use rand::thread_rng;
use decaf377_rdsa::*;

let msg = b"Hello!";

// Generate a secret key and sign the message
let sk = SigningKey::<SpendAuth>::new(thread_rng());
let sig = sk.sign(thread_rng(), msg);

// Types can be converted to raw byte arrays using From/Into
let sig_bytes: [u8; 64] = sig.into();
let pk_bytes: [u8; 32] = VerificationKey::from(&sk).into();

// Deserialize and verify the signature.
let sig: Signature<SpendAuth> = sig_bytes.into();
assert!(
    VerificationKey::try_from(pk_bytes)
        .and_then(|pk| pk.verify(msg, &sig))
        .is_ok()
);

About

This library is based on the redjubjub crate.

Dependencies

~2.5–4.5MB
~96K SLoC