Module akd::ecvrf

source ·
Expand description

This module contains implementations of a verifiable random function (currently only ECVRF). VRFs are used, in the case of this crate, to anonymize the user id <-> node label mapping into a 1-way hash, which is verifyable without being regeneratable without the secret key.

VRFs allow us to have the server generate a constant mapping from a user id to a node label but the client cannot themselves generate the mapping, only verify it. They can confirm a user id matches the label, but don’t have the ability to determine the labels of other users in the directory.

This module implements an instantiation of a verifiable random function known as ECVRF-EDWARDS25519-SHA512-TAI from RFC9381.

Adapted from Diem’s NextGen Crypto module available here


  • This is a version of VRFKeyStorage for testing purposes, which uses the example from the VRF crate.
  • The ECVRF output produced from the proof
  • A VRF proof that can be used to validate an input with a public key
  • A longer private key which is slightly optimized for proof generation.
  • An ECVRF private key
  • An ECVRF public key


  • A error related to verifiable random functions


  • Represents a secure storage of the VRF private key. Since the VRF private key should change never (if it does, the entire tree is no longer a consistent mapping of user -> node label), it is highly recommended to back this implementation with a static cache of the private key bytes which lives for the life of the process.