#derivation #blake2b

no-std secret-tree

Hierarchical secret derivation with Blake2b

8 releases (4 breaking)

0.5.0 Jul 21, 2022
0.4.1 Dec 29, 2021
0.4.0 May 3, 2021
0.3.0 Nov 30, 2020
0.1.1 Dec 24, 2018

#614 in Cryptography

Download history 80/week @ 2024-02-26 67/week @ 2024-03-04 43/week @ 2024-03-11 62/week @ 2024-03-18 57/week @ 2024-03-25 96/week @ 2024-04-01 27/week @ 2024-04-08 48/week @ 2024-04-15 42/week @ 2024-04-22 40/week @ 2024-04-29 52/week @ 2024-05-06 46/week @ 2024-05-13 46/week @ 2024-05-20 51/week @ 2024-05-27 38/week @ 2024-06-03 32/week @ 2024-06-10

176 downloads per month
Used in 13 crates (via exonum-keys)


633 lines

Hierarchical secret derivation with Blake2b

Build Status License: Apache-2.0 rust 1.57+ required no_std supported

Documentation: Docs.rs crate docs (master)

secret-tree allows deriving multiple secrets from a single seed value in a secure and forward-compatible way. The derivation procedure is hierarchical: a seed can be used to derive child seeds, which have the same functionality as the original.


  • Compact: the seed takes 32 bytes regardless of the number and size of derived secrets.
  • Forward-compatible: it's possible to add new and/or remove existing derived secrets without regenerating the seed or littering the codebase.
  • Versatile: the crate provides API to derive a virtually unbounded number of secrets (via indexing) and secrets with complex internal structure (thanks to a cryptographically secure pseudo-random number generator that can be derived from the seed).


Add this to your Crate.toml:

secret-tree = "0.5.0"

Basic usage:

use secret_tree::{SecretTree, Name};
use rand::{Rng, thread_rng};
use secrecy::Secret;

let tree = SecretTree::new(&mut thread_rng());
// Create 2 children from the tree: an ordinary secret
// and a CSPRNG with a fixed seed.
let secret: Secret<[u8; 32]> = tree
let other_secret_rng = tree

See crate documentation for more details how to use the crate.


Blake2b is used to derive secrets in a similar (and mostly compatible) way it is used for key derivation in libsodium. Derived CSPRNGs are based on the ChaCha cipher, which has been extensively studied and has much smaller state size that alternatives (~160 bytes vs several kilobytes), limiting the threat of state leakage.

Crate documentation provides more implementation details.


Licensed under the Apache-2.0 license.


~19K SLoC