#eddsa #ed448 #algorithm #public-key #private-key #signing-verifying #edwards-curve

ed448-rust

Implementation of Edwards-Curve Digital Signature Algorithm (EdDSA) for ed448 only

2 releases

0.1.1 Mar 25, 2021
0.1.0 Mar 25, 2021

#2451 in Cryptography

Download history 26/week @ 2024-09-22 22/week @ 2024-09-29 18/week @ 2024-10-06 21/week @ 2024-10-13 2/week @ 2024-10-20 11/week @ 2024-10-27 16/week @ 2024-11-03

53 downloads per month
Used in quantcrypt

MIT/Apache

46KB
800 lines

Ed448-Rust

Ci Security audit codecov License License: MIT Docs.rs

This is an implementation of Edwards-Curve Digital Signature Algorithm (EdDSA) from the RFC8032 in pure Rust, but only the ed448 support is implemented.

It's a EdDSA for ed448 signing/verifying.

This is direct port of the Python code in the RFC, so it's the same warning as it:

Note: This code is not intended for production. Although it should produce correct results for every input, it is slow and makes no attempt to avoid side-channel attacks.

Usage

use core::convert::TryFrom;
use rand_core::OsRng;
use ed448_rust::{PrivateKey, PublicKey};

fn main () {
    // Generate a new random private key
    let private_key = PrivateKey::new(&mut OsRng);

    // Store the key
    let pkey_stored = private_key.as_bytes();

    // Load a stored key before using it, or generating the public key
    let private_key = PrivateKey::try_from(pkey_stored).unwrap();

    // Extract associated public key
    let public_key = PublicKey::from(&private_key);

    // Store the public key
    let pubkey_stored = public_key.as_byte();

    // Sign a message without context
    let signature = private_key.sign(b"Message to sign", None).unwrap();
    // Sign a message with a context
    let signature_ctx = private_key.sign(b"Message to sign", Some(&[0x01, 0xA6])).unwrap();
    // Sign a pre-hashed message without context
    let signature_ph = private_key.sign_ph(b"Message to sign", None).unwrap();

    // Verify the signature without context
    assert!(public_key.verify(b"Message to sign", &signature, None).is_ok());
    // Verify the signature with context
    assert!(public_key.verify(b"Message to sign", &signature_ctx, Some(&[0x01, 0xA6])).is_ok());
    // Verify the signature with the pre-hash and without context
    assert!(public_key.verify_ph(b"Message to sign", &signature_ph, None).is_ok());
}

License

This code is licensed under MIT / Apache2.0

Dependencies

~2MB
~22K SLoC