Hierarchical secret derivation with Blake2b

Documentation:

secret-tree allows deriving multiple secrets from a single seed value in a secure and forward-compatible way. The derivation procedure is hierarchical: a seed can be used to derive child seeds, which have the same functionality as the original.

Features

• Compact: the seed takes 32 bytes regardless of the number and size of derived secrets.
• Forward-compatible: it's possible to add new and/or remove existing derived secrets without regenerating the seed or littering the codebase.
• Versatile: the crate provides API to derive a virtually unbounded number of secrets (via indexing) and secrets with complex internal structure (thanks to a cryptographically secure pseudo-random number generator that can be derived from the seed).

Usage

Add this to your Crate.toml:

[dependencies]
secret-tree = "0.5.0"

Basic usage:

use secret_tree::{SecretTree, Name};
use rand::{Rng, thread_rng};
use secrecy::Secret;

let tree = SecretTree::new(&mut thread_rng());
// Create 2 children from the tree: an ordinary secret
// and a CSPRNG with a fixed seed.
let secret: Secret<[u8; 32]> = tree
    .child(Name::new("secret"))
    .create_secret();
let other_secret_rng = tree
    .child(Name::new("other_secret"))
    .rng();

See crate documentation for more details how to use the crate.

Implementation

Blake2b is used to derive secrets in a similar (and mostly compatible) way it is used for key derivation in libsodium. Derived CSPRNGs are based on the ChaCha cipher, which has been extensively studied and has much smaller state size that alternatives (~160 bytes vs several kilobytes), limiting the threat of state leakage.

Crate documentation provides more implementation details.

License

Licensed under the Apache-2.0 license.