Crate chie_crypto 

Cryptographic primitives for CHIE Protocol.

This crate provides:

• Content encryption using ChaCha20-Poly1305
• Digital signatures using Ed25519
• Aggregate signatures for multi-peer coordination
• Fast hashing using BLAKE3
• Key derivation using HKDF
• Constant-time comparison utilities
• Streaming encryption for large content
• Key serialization (PEM, hex, base64)
• Key rotation and management utilities
• HSM/TPM integration for enterprise deployments
• PKCS#11 provider interface for hardware security modules
• Multi-party key generation ceremony orchestration
• Certificate management and key revocation (CRL/OCSP-like)
• Secure key storage with encryption at rest
• Cryptographic commitments and proof-of-possession
• Verifiable Random Functions (VRF) for unpredictable challenges
• Blind signatures for privacy-preserving tokens
• Shamir’s secret sharing for key backup and recovery
• Merkle trees for efficient content verification
• Zero-knowledge range proofs for privacy-preserving verification
• X25519 key exchange for secure P2P channels
• Pedersen commitments for homomorphic bandwidth aggregation
• HMAC-based authentication for message integrity
• Cryptographic accumulators for efficient set membership
• Ring signatures for anonymous signing within a group
• Ring CT (Confidential Transactions) for privacy-preserving value transfers
• Linkable ring signatures for double-spend prevention
• Time-lock encryption for scheduled content release
• Onion encryption for privacy-preserving P2P routing
• Proof of Storage for verifiable content retention
• Bulletproofs for efficient range proofs
• Distributed Key Generation (DKG) for decentralized setup
• Polynomial commitments for batch verification
• Verifiable Delay Functions (VDF) for time-based proofs
• BLS signatures for superior signature aggregation
• BBS+ signatures for selective disclosure and privacy-preserving credentials
• Schnorr signatures for simplicity and provable security
• ElGamal encryption for homomorphic operations
• Paillier homomorphic encryption for privacy-preserving aggregation
• Proxy re-encryption for delegated decryption
• Oblivious transfer for private information retrieval
• Post-quantum key encapsulation with CRYSTALS-Kyber
• Post-quantum signatures with CRYSTALS-Dilithium
• Stateless hash-based signatures with SPHINCS+
• Private Set Intersection (PSI) for privacy-preserving P2P discovery
• Forward-Secure Signatures for key evolution and retroactive security
• FROST (Flexible Round-Optimized Schnorr Threshold) signatures for efficient threshold signing
• Functional Encryption (FE) with Inner Product support for privacy-preserving computation
• Differential Privacy mechanisms for privacy-preserving data analysis
• Anonymous Credentials (Idemix-style) for privacy-preserving authentication
• Searchable Encryption for encrypted content indexing
• Certified Deletion for provable data removal
• Garbled Circuits for secure two-party computation
• SPAKE2 password-authenticated key exchange
• SRP (Secure Remote Password) protocol for password-based authentication
• OPRF (Oblivious Pseudorandom Function) for private protocols
• Identity-Based Encryption (IBE) for simplified key management
• Aggregate MAC for efficient multi-message authentication
• Advanced commitment schemes with opening proofs
• MuSig2 multi-signature aggregation for efficient multi-party signing
• Adaptor signatures for atomic swaps and scriptless scripts
• Threshold ECDSA for distributed signature generation
• Zero-knowledge proof composition framework for complex protocols
• OpenPGP key format compatibility for Ed25519 keys
• OpenSSH key format support for SSH key import/export
• TLS 1.3 key schedule support (RFC 8446)
• WebCrypto API compatibility layer for browser interoperability
• Attribute-Based Encryption (ABE) for fine-grained access control
• Cryptographic operation audit logging for compliance and forensics
• FIPS 140-3 compliance reporting and self-tests
• Key usage policy enforcement for access control and compliance
• Entropy quality monitoring for RNG health and security
• Side-channel resistance verification for timing attack detection
• Formal verification helpers for property-based testing
• Utility functions for file encryption and message handling
• Zeroizing wrappers for sensitive data

Re-exports

pub use abe::AbeAuthority;

pub use abe::AbeCiphertext;

pub use abe::AbeError;

pub use abe::AbeResult;

pub use abe::AccessPolicy;

pub use abe::MasterSecretKey;

pub use abe::PolicyNode;

pub use abe::UserSecretKey;

pub use accumulator::AccumulatorDigest;

pub use accumulator::AccumulatorError;

pub use accumulator::AccumulatorResult;

pub use accumulator::BloomAccumulator;

pub use accumulator::CompactAccumulator;

pub use accumulator::HashAccumulator;

pub use accumulator::MembershipProof;

pub use accumulator::hash_element;

pub use adaptor::AdaptorError;

pub use adaptor::AdaptorPoint;

pub use adaptor::AdaptorPublicKey;

pub use adaptor::AdaptorResult;

pub use adaptor::AdaptorSecret;

pub use adaptor::AdaptorSecretKey;

pub use adaptor::AdaptorSignature;

pub use adaptor::AdaptorSigner;

pub use adaptor::PreSignature;

pub use adaptor::complete_signature;

pub use adaptor::extract_secret;

pub use adaptor::verify_adaptor_signature;

pub use adaptor::verify_pre_signature;

pub use advanced_commitment::AdvancedCommitmentError;

pub use advanced_commitment::AdvancedCommitmentResult;

pub use advanced_commitment::ExtractableCom;

pub use advanced_commitment::ExtractableCommitment;

pub use advanced_commitment::ExtractableOpening;

pub use advanced_commitment::Trapdoor;

pub use advanced_commitment::TrapdoorCom;

pub use advanced_commitment::TrapdoorCommitment;

pub use advanced_commitment::TrapdoorOpening;

pub use advanced_commitment::VectorCom;

pub use advanced_commitment::VectorCommitment;

pub use advanced_commitment::VectorOpening;

pub use aggregate::AggregateError;

pub use aggregate::AggregateResult;

pub use aggregate::AggregateSignature;

pub use aggregate::SignatureAggregator;

pub use aggregate::verify_batch;

pub use aggregate_mac::AggregateMacBuilder;

pub use aggregate_mac::AggregateMacError;

pub use aggregate_mac::AggregateMacKey;

pub use aggregate_mac::AggregateMacResult;

pub use aggregate_mac::AggregateTag;

pub use aggregate_mac::MacTag;

pub use anonymous_credentials::AnonCredError;

pub use anonymous_credentials::AnonCredResult;

pub use anonymous_credentials::AnonymousCredential;

pub use anonymous_credentials::CredentialPresentation;

pub use anonymous_credentials::CredentialRequest;

pub use anonymous_credentials::Issuer;

pub use anonymous_credentials::IssuerPublicKey;

pub use anonymous_credentials::User;

pub use audit_log::AuditEntry;

pub use audit_log::AuditLog;

pub use audit_log::AuditStatistics;

pub use audit_log::OperationType;

pub use audit_log::SeverityLevel;

pub use bbs_plus::BbsPlusError;

pub use bbs_plus::BbsPlusKeypair;

pub use bbs_plus::BbsPlusProof;

pub use bbs_plus::BbsPlusPublicKey;

pub use bbs_plus::BbsPlusResult;

pub use bbs_plus::BbsPlusSecretKey;

pub use bbs_plus::BbsPlusSignature;

pub use bbs_plus::create_proof as bbs_create_proof;

pub use bbs_plus::sign_messages as bbs_sign_messages;

pub use bbs_plus::verify_proof as bbs_verify_proof;

pub use bbs_plus::verify_signature as bbs_verify_signature;

pub use blind::BlindError;

pub use blind::BlindPublicKey;

pub use blind::BlindResult;

pub use blind::BlindSignatureProtocol;

pub use blind::BlindSigner;

pub use blind::BlindingFactor;

pub use blind::RedeemableToken;

pub use blind::SignedCommitment;

pub use blind::TokenCommitment;

pub use blind::UnlinkableToken;

pub use bls::BlsError;

pub use bls::BlsKeypair;

pub use bls::BlsPublicKey;

pub use bls::BlsResult;

pub use bls::BlsSecretKey;

pub use bls::BlsSignature;

pub use bls::aggregate_signatures;

pub use bls::verify_aggregated as verify_bls_aggregated;

pub use bulletproof::AggregatedBulletproof;

pub use bulletproof::BulletproofCommitment;

pub use bulletproof::BulletproofError;

pub use bulletproof::BulletproofParams;

pub use bulletproof::BulletproofRangeProof;

pub use bulletproof::BulletproofResult;

pub use bulletproof::prove_range;

pub use bulletproof::prove_range_aggregated;

pub use bulletproof::verify_aggregated;

pub use bulletproof::verify_range;

pub use cache_timing::ByteLookup;

pub use cache_timing::CacheAligned;

pub use cache_timing::CacheTimingError;

pub use cache_timing::CacheTimingResult;

pub use cache_timing::ConstantTimeLookup;

pub use cache_timing::conditional_swap;

pub use cache_timing::constant_time_clamp_index;

pub use cache_timing::constant_time_memcmp;

pub use cache_timing::prefetch_array;

pub use cache_timing::prefetch_read;

pub use certified_deletion::BatchDeletion;

pub use certified_deletion::CertifiedDeletion;

pub use certified_deletion::CertifiedDeletionError;

pub use certified_deletion::CertifiedDeletionResult;

pub use certified_deletion::DeletionCertificate;

pub use certified_deletion::EncryptedWithWitness;

pub use commitment::BandwidthProofCommitment;

pub use commitment::ChunkChallenge;

pub use commitment::ChunkPossessionProof;

pub use commitment::Commitment;

pub use commitment::CommitmentError;

pub use commitment::CommitmentOpening;

pub use commitment::KeyPossessionProof;

pub use commitment::commit;

pub use commitment::generate_challenge;

pub use commitment::verify_commitment;

pub use compliance::ComplianceAlgorithm;

pub use compliance::ComplianceChecker;

pub use compliance::ComplianceIssue;

pub use compliance::ComplianceReport;

pub use compliance::ComplianceStatus;

pub use compliance::IssueSeverity;

pub use compliance::SecurityLevel;

pub use compliance::SelfTestResult;

pub use compliance::SelfTestResults;

pub use ct_audit::CtAuditError;

pub use ct_audit::CtAuditResult;

pub use ct_audit::CtAuditor;

pub use ct_audit::OperationBenchmark;

pub use ct_audit::TimingStatistics;

pub use ct_audit::measure_average;

pub use ct_audit::measure_once;

pub use differential_privacy::DPError;

pub use differential_privacy::DPResult;

pub use differential_privacy::ExponentialMechanism;

pub use differential_privacy::GaussianMechanism;

pub use differential_privacy::LaplaceMechanism;

pub use differential_privacy::PrivacyBudget;

pub use dilithium::Dilithium2;

pub use dilithium::Dilithium2PublicKey;

pub use dilithium::Dilithium2SecretKey;

pub use dilithium::Dilithium2Signature;

pub use dilithium::Dilithium3;

pub use dilithium::Dilithium3PublicKey;

pub use dilithium::Dilithium3SecretKey;

pub use dilithium::Dilithium3Signature;

pub use dilithium::Dilithium5;

pub use dilithium::Dilithium5PublicKey;

pub use dilithium::Dilithium5SecretKey;

pub use dilithium::Dilithium5Signature;

pub use dilithium::DilithiumError;

pub use dilithium::DilithiumResult;

pub use dkg::DkgCommitments;

pub use dkg::DkgError;

pub use dkg::DkgParams;

pub use dkg::DkgParticipant;

pub use dkg::DkgResult;

pub use dkg::DkgShare;

pub use dkg::aggregate_public_key;

pub use elgamal::ElGamalCiphertext;

pub use elgamal::ElGamalError;

pub use elgamal::ElGamalKeypair;

pub use elgamal::ElGamalPublicKey;

pub use elgamal::ElGamalResult;

pub use elgamal::ElGamalSecretKey;

pub use elgamal::decrypt as elgamal_decrypt;

pub use elgamal::encrypt as elgamal_encrypt;

pub use entropy::EntropyError;

pub use entropy::EntropyMonitor;

pub use entropy::EntropyQuality;

pub use entropy::EntropyResult;

pub use entropy::EntropySource;

pub use formal_verify::Invariant;

pub use formal_verify::PostCondition;

pub use formal_verify::PreCondition;

pub use formal_verify::PropertyCheckResult;

pub use formal_verify::PropertyChecker;

pub use formal_verify::PropertyResult;

pub use formal_verify::StateMachine;

pub use formal_verify::VerificationCondition;

pub use formal_verify::check_invariant;

pub use formal_verify::check_postcondition;

pub use formal_verify::check_precondition;

pub use forward_secure::ForwardSecureBuilder;

pub use forward_secure::ForwardSecureError;

pub use forward_secure::ForwardSecureKeypair;

pub use forward_secure::ForwardSecurePublicKey;

pub use forward_secure::ForwardSecureResult;

pub use forward_secure::ForwardSecureSignature;

pub use frost::FrostError;

pub use frost::FrostKeygen;

pub use frost::FrostNonceCommitment;

pub use frost::FrostResult;

pub use frost::FrostSecretShare;

pub use frost::FrostSigner;

pub use frost::PartialSignature as FrostPartialSignature;

pub use frost::aggregate_frost_signatures;

pub use frost::verify_frost_signature;

pub use functional_encryption::FunctionalEncryptionError;

pub use functional_encryption::FunctionalEncryptionResult;

pub use functional_encryption::IpfeCiphertext;

pub use functional_encryption::IpfeFunctionalKey;

pub use functional_encryption::IpfeMasterPublicKey;

pub use functional_encryption::IpfeMasterSecretKey;

pub use functional_encryption::MultiClientIpfe;

pub use functional_encryption::ipfe_decrypt;

pub use functional_encryption::ipfe_encrypt;

pub use functional_encryption::ipfe_keygen;

pub use functional_encryption::ipfe_setup;

pub use garbled_circuit::Circuit;

pub use garbled_circuit::GarbledCircuit;

pub use garbled_circuit::GarbledCircuitError;

pub use garbled_circuit::GarbledCircuitResult;

pub use garbled_circuit::Gate;

pub use garbled_circuit::GateType;

pub use garbled_circuit::WireLabel;

pub use hmac::AuthenticatedMessage;

pub use hmac::HmacError;

pub use hmac::HmacKey;

pub use hmac::HmacResult;

pub use hmac::HmacTag;

pub use hmac::compute_hmac;

pub use hmac::compute_hmac_blake3;

pub use hmac::compute_hmac_sha256;

pub use hmac::compute_tagged_hmac;

pub use hmac::verify_hmac;

pub use hmac::verify_hmac_blake3;

pub use hmac::verify_hmac_sha256;

pub use hmac::verify_tagged_hmac;

pub use hsm::HsmError;

pub use hsm::HsmManager;

pub use hsm::HsmManagerBuilder;

pub use hsm::HsmResult;

pub use hsm::KeyId;

pub use hsm::KeyMetadata;

pub use hsm::Pkcs11Config;

pub use hsm::Pkcs11Provider;

pub use hsm::SigningProvider;

pub use hsm::SoftwareProvider;

pub use hsm::TpmConfig;

pub use hsm::TpmHierarchy;

pub use hsm::TpmProvider;

pub use ibe::IbeCiphertext;

pub use ibe::IbeError;

pub use ibe::IbeMaster;

pub use ibe::IbeParams;

pub use ibe::IbeResult;

pub use ibe::IbeSecretKey;

pub use key_backup::BackupConfig;

pub use key_backup::BackupError;

pub use key_backup::BackupResult;

pub use key_backup::BackupShare;

pub use key_backup::EncryptedBackup;

pub use key_backup::KeyType as BackupKeyType;

pub use key_backup::backup_key_encrypted;

pub use key_backup::backup_key_shamir;

pub use key_backup::backup_secret_encrypted;

pub use key_backup::backup_secret_shamir;

pub use key_backup::recover_key_encrypted;

pub use key_backup::recover_key_shamir;

pub use key_backup::recover_secret_encrypted;

pub use key_backup::recover_secret_shamir;

pub use key_formats::DerKey;

pub use key_formats::JwkKey;

pub use key_formats::KeyFormatError;

pub use key_formats::KeyFormatResult;

pub use key_policy::KeyPolicy;

pub use key_policy::KeyUsagePolicy;

pub use key_policy::Operation;

pub use key_policy::PolicyEngine;

pub use key_policy::PolicyViolation;

pub use key_rotation_scheduler::KeyMetadata as RotationKeyMetadata;

pub use key_rotation_scheduler::KeyRotationPolicy;

pub use key_rotation_scheduler::KeyRotationScheduler;

pub use keyexchange::KeyExchange;

pub use keyexchange::KeyExchangeError;

pub use keyexchange::KeyExchangeKeypair;

pub use keyexchange::KeyExchangeResult;

pub use keyexchange::SharedSecret;

pub use keyexchange::ephemeral_keypair;

pub use keyexchange::exchange_and_derive;

pub use keystore::KeyMetadata as KeyStoreMetadata;

pub use keystore::KeyStoreError;

pub use keystore::KeyStoreResult;

pub use keystore::KeyType;

pub use keystore::SecureKeyStore;

pub use kyber::Kyber512;

pub use kyber::Kyber512Ciphertext;

pub use kyber::Kyber512PublicKey;

pub use kyber::Kyber512SecretKey;

pub use kyber::Kyber512SharedSecret;

pub use kyber::Kyber768;

pub use kyber::Kyber768Ciphertext;

pub use kyber::Kyber768PublicKey;

pub use kyber::Kyber768SecretKey;

pub use kyber::Kyber768SharedSecret;

pub use kyber::Kyber1024;

pub use kyber::Kyber1024Ciphertext;

pub use kyber::Kyber1024PublicKey;

pub use kyber::Kyber1024SecretKey;

pub use kyber::Kyber1024SharedSecret;

pub use kyber::KyberError;

pub use kyber::KyberResult;

pub use linkable_ring::KeyImageDb;

pub use linkable_ring::LinkableRingError;

pub use linkable_ring::LinkableRingResult;

pub use linkable_ring::LinkableRingSignature;

pub use linkable_ring::check_double_sign;

pub use linkable_ring::sign_linkable;

pub use linkable_ring::verify_linkable;

pub use merkle::IncrementalMerkleBuilder;

pub use merkle::MerkleError;

pub use merkle::MerkleProof;

pub use merkle::MerkleResult;

pub use merkle::MerkleTree;

pub use merkle::MultiProof;

pub use musig2::MuSig2Error;

pub use musig2::MuSig2Nonce;

pub use musig2::MuSig2PublicKey;

pub use musig2::MuSig2Result;

pub use musig2::MuSig2SecretKey;

pub use musig2::MuSig2Signature;

pub use musig2::MuSig2Signer;

pub use musig2::NonceCommitment;

pub use musig2::PartialSignature;

pub use musig2::SigningNonce;

pub use musig2::aggregate_nonces;

pub use musig2::aggregate_partial_signatures;

pub use musig2::aggregate_partial_signatures_with_nonce;

pub use musig2::aggregate_public_keys;

pub use musig2::verify_musig2;

pub use onion::OnionBuilder;

pub use onion::OnionError;

pub use onion::OnionLayer;

pub use onion::OnionPacket;

pub use onion::OnionResult;

pub use onion::OnionRoute;

pub use onion::create_onion;

pub use openpgp::OpenPgpError;

pub use openpgp::OpenPgpPublicKey;

pub use openpgp::OpenPgpResult;

pub use openpgp::OpenPgpSecretKey;

pub use openssh::SshKeyError;

pub use openssh::SshKeyResult;

pub use openssh::SshPrivateKey;

pub use openssh::SshPublicKey;

pub use oprf::BatchOprfClient;

pub use oprf::BlindedInput;

pub use oprf::BlindedOutput;

pub use oprf::OprfClient;

pub use oprf::OprfError;

pub use oprf::OprfOutput;

pub use oprf::OprfResult;

pub use oprf::OprfServer;

pub use ot::OTError;

pub use ot::OTReceiver;

pub use ot::OTRequest;

pub use ot::OTResponse;

pub use ot::OTResult;

pub use ot::OTSender;

pub use paillier::PaillierCiphertext;

pub use paillier::PaillierKeypair;

pub use paillier::PaillierPrivateKey;

pub use paillier::PaillierPublicKey;

pub use paillier::decrypt as paillier_decrypt;

pub use paillier::encrypt as paillier_encrypt;

pub use pedersen::PedersenCommitment;

pub use pedersen::PedersenError;

pub use pedersen::PedersenOpening;

pub use pedersen::PedersenResult;

pub use pkcs11::Pkcs11MockProvider;

pub use pkcs11::Pkcs11Session;

pub use pkcs11::SessionState;

pub use polycommit::BatchEvaluationProof;

pub use polycommit::EvaluationProof;

pub use polycommit::PolyBlinding;

pub use polycommit::PolyCommitError;

pub use polycommit::PolyCommitParams;

pub use polycommit::PolyCommitResult;

pub use polycommit::PolyCommitment;

pub use polycommit::commit_polynomial;

pub use polycommit::prove_batch_evaluations;

pub use polycommit::prove_evaluation;

pub use polycommit::verify_batch_evaluations;

pub use polycommit::verify_evaluation;

pub use pos::AuditSession;

pub use pos::Challenge;

pub use pos::DEFAULT_CHUNK_SIZE;

pub use pos::PosResult;

pub use pos::ProofOfStorageError;

pub use pos::StorageProof;

pub use pos::StorageProver;

pub use pos::StorageVerifier;

pub use proxy_re::ProxyReCiphertext;

pub use proxy_re::ProxyReError;

pub use proxy_re::ProxyReKeypair;

pub use proxy_re::ProxyRePublicKey;

pub use proxy_re::ProxyReReKey;

pub use proxy_re::ProxyReResult;

pub use proxy_re::ProxyReSecretKey;

pub use proxy_re::decrypt as proxy_re_decrypt;

pub use proxy_re::encrypt as proxy_re_encrypt;

pub use proxy_re::generate_re_key;

pub use proxy_re::re_encrypt;

pub use psi::BloomPsiClient;

pub use psi::BloomPsiMessage;

pub use psi::BloomPsiServer;

pub use psi::PsiClient;

pub use psi::PsiError;

pub use psi::PsiResult;

pub use psi::PsiServer;

pub use psi::PsiServerMessage;

pub use rangeproof::BatchRangeProof;

pub use rangeproof::RangeProof;

pub use rangeproof::RangeProofError;

pub use rangeproof::RangeProofResult;

pub use ring::RingError;

pub use ring::RingResult;

pub use ring::RingSignature;

pub use ring::RingSignatureBuilder;

pub use ring::sign_ring;

pub use ring::verify_ring;

pub use ringct::RingCtBuilder;

pub use ringct::RingCtError;

pub use ringct::RingCtInput;

pub use ringct::RingCtOutput;

pub use ringct::RingCtResult;

pub use ringct::RingCtTransaction;

pub use rotation::EncryptedKey;

pub use rotation::EncryptionKeyRing;

pub use rotation::KeyVersion;

pub use rotation::ReEncryptor;

pub use rotation::RotationError;

pub use rotation::RotationPolicy;

pub use rotation::SigningKeyRing;

pub use schnorr::SchnorrError;

pub use schnorr::SchnorrKeypair;

pub use schnorr::SchnorrPublicKey;

pub use schnorr::SchnorrResult;

pub use schnorr::SchnorrSecretKey;

pub use schnorr::SchnorrSignature;

pub use schnorr::batch_verify as schnorr_batch_verify;

pub use searchable::DocumentId;

pub use searchable::EncryptedIndex;

pub use searchable::EncryptedIndexBuilder;

pub use searchable::MultiKeywordSearch;

pub use searchable::SearchableEncryption;

pub use searchable::SearchableError;

pub use searchable::SearchableResult;

pub use shamir::ShamirError;

pub use shamir::ShamirResult;

pub use shamir::Share;

pub use shamir::reconstruct;

pub use shamir::reconstruct_key_32;

pub use shamir::split;

pub use shamir::split_key_32;

pub use sidechannel::SideChannelAnalysis;

pub use sidechannel::SideChannelAnalyzer;

pub use sidechannel::TimingTest;

pub use sidechannel::Vulnerability;

pub use sidechannel::VulnerabilitySeverity;

pub use simd::SimdError;

pub use simd::SimdResult;

pub use simd::batch_constant_time_eq;

pub use simd::constant_time_eq;

pub use simd::parallel_hash;

pub use simd::parallel_hash_with_threads;

pub use simd::secure_copy;

pub use simd::secure_zero as simd_secure_zero;

pub use simd::xor_buffers;

pub use simd::xor_keystream;

pub use spake2::Spake2;

pub use spake2::Spake2Error;

pub use spake2::Spake2Message;

pub use spake2::Spake2Result;

pub use spake2::Spake2SharedSecret;

pub use spake2::Spake2Side;

pub use sphincs::SphincsError;

pub use sphincs::SphincsResult;

pub use sphincs::SphincsSHAKE128f;

pub use sphincs::SphincsSHAKE128fPublicKey;

pub use sphincs::SphincsSHAKE128fSecretKey;

pub use sphincs::SphincsSHAKE128fSignature;

pub use sphincs::SphincsSHAKE192f;

pub use sphincs::SphincsSHAKE192fPublicKey;

pub use sphincs::SphincsSHAKE192fSecretKey;

pub use sphincs::SphincsSHAKE192fSignature;

pub use sphincs::SphincsSHAKE256f;

pub use sphincs::SphincsSHAKE256fPublicKey;

pub use sphincs::SphincsSHAKE256fSecretKey;

pub use sphincs::SphincsSHAKE256fSignature;

pub use srp::SrpClient;

pub use srp::SrpError;

pub use srp::SrpPublicKey;

pub use srp::SrpResult;

pub use srp::SrpServer;

pub use srp::SrpSessionKey;

pub use srp::SrpVerifier;

pub use threshold::MultiSig;

pub use threshold::MultiSigBuilder;

pub use threshold::ThresholdCoordinator;

pub use threshold::ThresholdError;

pub use threshold::ThresholdSig;

pub use threshold_ecdsa::NonceShare;

pub use threshold_ecdsa::PublicNonceShare;

pub use threshold_ecdsa::PublicShare;

pub use threshold_ecdsa::SecretShare;

pub use threshold_ecdsa::ThresholdEcdsaError;

pub use threshold_ecdsa::ThresholdEcdsaResult;

pub use threshold_ecdsa::ThresholdEcdsaSignature;

pub use threshold_ecdsa::ThresholdEcdsaSigner;

pub use threshold_ecdsa::ThresholdPartialSignature;

pub use threshold_ecdsa::aggregate_threshold_public_key;

pub use threshold_ecdsa::aggregate_threshold_signatures;

pub use threshold_ecdsa::generate_threshold_keys;

pub use threshold_ecdsa::verify_threshold_ecdsa;

pub use timelock::TimeLockCiphertext;

pub use timelock::TimeLockError;

pub use timelock::TimeLockPuzzle;

pub use timelock::TimeLockResult;

pub use timelock::TimeParams;

pub use timelock::timelock_decrypt;

pub use timelock::timelock_encrypt;

pub use timelock::timelock_encrypt_with_puzzle;

pub use tls13::Tls13Error;

pub use tls13::Tls13KeySchedule;

pub use tls13::Tls13Result;

pub use tls13::derive_traffic_keys;

pub use utils::EncryptedAndSigned;

pub use utils::EncryptedMessage;

pub use utils::SignedMessage;

pub use utils::UtilError;

pub use utils::UtilResult;

pub use utils::decrypt_file;

pub use utils::encrypt_file;

pub use utils::generate_and_save_key;

pub use utils::load_key;

pub use vdf_delay::VdfError;

pub use vdf_delay::VdfOutput;

pub use vdf_delay::VdfParams;

pub use vdf_delay::VdfProof;

pub use vdf_delay::VdfResult;

pub use vdf_delay::vdf_compute;

pub use vdf_delay::vdf_randomness_beacon;

pub use vdf_delay::vdf_verify;

pub use vrf::VrfError;

pub use vrf::VrfProof;

pub use vrf::VrfPublicKey;

pub use vrf::VrfResult;

pub use vrf::VrfSecretKey;

pub use vrf::generate_bandwidth_challenge;

pub use vrf::verify_bandwidth_challenge;

pub use webcrypto::Algorithm;

pub use webcrypto::KeyType as WebCryptoKeyType;

pub use webcrypto::KeyUsage;

pub use webcrypto::WebCryptoError;

pub use webcrypto::WebCryptoKey;

pub use webcrypto::WebCryptoKeyPair;

pub use webcrypto::WebCryptoResult;

pub use zeroizing::SecureBuffer;

pub use zeroizing::ZeroizingKey;

pub use zeroizing::secure_move;

pub use zeroizing::secure_zero;

pub use zeroizing::zeroizing_key_32;

pub use zeroizing::zeroizing_nonce;

pub use zkproof::AndProof;

pub use zkproof::OrProof;

pub use zkproof::ZkProof;

pub use zkproof::ZkProofBuilder;

pub use zkproof::ZkProofError;

pub use zkproof::ZkProofResult;

pub use zkproof::ZkProvable;

pub use zkproof::create_binding;

pub use ct::*;

pub use encryption::*;

pub use hash::*;

pub use kdf::*;

pub use keyserde::*;

pub use pbkdf::*;

pub use signing::*;

pub use streaming::*;

Modules

abe

Attribute-Based Encryption (ABE) for fine-grained access control.

accumulator

Cryptographic accumulators for efficient set membership proofs.

adaptor

Adaptor Signatures for Atomic Swaps.

advanced_commitment

Advanced commitment schemes with opening proofs.

aggregate

Aggregate signatures for multi-peer coordination in CHIE protocol.

aggregate_mac

Aggregate MAC for efficient multi-message authentication.

anonymous_credentials

Anonymous Credentials (Idemix-style) for privacy-preserving authentication

audit_log

Cryptographic Operation Audit Logging

bbs_plus

BBS+ Signatures for selective disclosure and privacy-preserving credentials.

blind

Privacy-preserving unlinkable tokens for anonymous credentials.

bls

BLS (Boneh-Lynn-Shacham) Signatures for efficient signature aggregation.

bulletproof

Bulletproofs for efficient range proofs.

cache_timing

Cache-timing attack mitigations.

cert_manager

Certificate management and key revocation system.

certified_deletion

Certified Deletion for cryptographically provable data removal.

commitment

Cryptographic commitments for zero-knowledge proofs and challenge-response.

compliance

FIPS 140-3 Compliance Reporting

ct

Constant-time comparison utilities.

ct_audit

Constant-time operation auditing and verification.

differential_privacy

Differential Privacy primitives for privacy-preserving data analysis

dilithium

Post-Quantum Signatures with CRYSTALS-Dilithium.

dkg

Distributed Key Generation (DKG) using Feldman’s VSS.

elgamal

ElGamal encryption for additively homomorphic public key encryption.

encryption

Content encryption using ChaCha20-Poly1305.

entropy

Entropy Quality Monitoring

formal_verify

Formal Verification Helpers

forward_secure

Forward-Secure Signatures for key evolution and retroactive security.

frost

FROST: Flexible Round-Optimized Schnorr Threshold Signatures

functional_encryption

Functional Encryption (FE) primitives

garbled_circuit

Garbled Circuits for Secure Two-Party Computation

hash

Fast hashing using BLAKE3.

hmac

HMAC-based authentication for message integrity.

hsm

Hardware Security Module (HSM) and TPM integration for enterprise deployments.

ibe

Identity-Based Encryption (IBE) for simplified key management.

kdf

Key derivation functions using HKDF.

key_backup

Key backup and recovery mechanisms for secure key management.

key_formats

Standard key format support (DER, JWK, PKCS#8).

key_policy

Key Usage Policy Enforcement

key_rotation_scheduler

Key rotation scheduler with configurable policies.

keyexchange

X25519 key exchange for secure P2P communication.

keygen_ceremony

Multi-party key generation ceremony support.

keyserde

Key serialization and deserialization utilities.

keystore

Secure key storage with encryption at rest.

kyber

Post-Quantum Key Encapsulation with CRYSTALS-Kyber.

linkable_ring

Linkable ring signatures for double-spend prevention.

merkle

Merkle tree implementation for efficient content verification.

musig2

MuSig2: Secure multi-signature aggregation scheme.

onion

Onion encryption for privacy-preserving P2P routing.

openpgp

OpenPGP Key Format Compatibility

openssh

OpenSSH Key Format Support

oprf

Oblivious Pseudorandom Function (OPRF) implementation.

ot

Oblivious Transfer for private information retrieval.

paillier

Paillier Homomorphic Encryption

pbkdf

Password-based key derivation using Argon2id.

pedersen

Pedersen commitments for privacy-preserving bandwidth proof aggregation.

pkcs11

This module provides a comprehensive PKCS#11 interface for Hardware Security Module (HSM) integration. It includes both a mock provider for testing and the interface for real PKCS#11 library integration.

polycommit

Polynomial commitments for efficient batch verification.

pos

Proof of Storage (PoS) for verifiable content retention.

proxy_re

Proxy Re-Encryption for delegated decryption.

psi

Private Set Intersection (PSI) for privacy-preserving P2P content discovery.

rangeproof

Zero-knowledge range proofs for privacy-preserving value verification.

ring

Ring signatures for anonymous signing within a group.

ringct

Ring Confidential Transactions (Ring CT)

rotation

Key rotation utilities for secure key management.

schnorr

Schnorr signatures for simplicity and provable security.

searchable

Searchable Encryption for privacy-preserving keyword search.

shamir

Shamir’s Secret Sharing for secure key backup and recovery.

sidechannel

Side-Channel Resistance Verification

signing

Digital signatures using Ed25519.

simd

SIMD-accelerated cryptographic operations

spake2

SPAKE2 - Simple Password-Authenticated Key Exchange.

sphincs

Stateless Hash-Based Signatures with SPHINCS+.

srp

SRP - Secure Remote Password Protocol (SRP-6a).

streaming

Streaming encryption for large content.

threshold

Threshold signatures and multi-signature schemes.

threshold_ecdsa

Threshold ECDSA for distributed signature generation.

timelock

Time-lock encryption for scheduled content release.

tls13

TLS 1.3 Key Schedule Support

utils

Utility functions and convenience wrappers for common cryptographic operations.

vdf_delay

Verifiable Delay Functions (VDF) for time-based proofs.

vrf

Verifiable Random Functions (VRF) for unpredictable but verifiable randomness.

webcrypto

WebCrypto API Compatibility Layer

zeroizing

Zeroizing wrappers for sensitive cryptographic material.

zkproof

Zero-Knowledge Proof Composition Framework