newton-core 0.4.16

newton protocol core sdk
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

//! Privacy-preserving cryptography for Newton Prover AVS.
//!
//! Provides HPKE encryption (RFC 9180), Ed25519 signing with key derivation
//! from existing ECDSA keys, and [`SecureEnvelope`] for encrypted data transport.
//!
//! # Modules
//!
//! - [`hpke`]: X25519-based hybrid public key encryption (seal / open).
//! - [`ed25519`]: Deterministic Ed25519 key derivation from ECDSA operator keys
//!   (separately for the privacy/HPKE path and the PDS ยง9.2 signed-read path)
//!   and Ed25519-to-X25519 conversion for HPKE interop.
//! - [`envelope`]: High-level [`SecureEnvelope`] that bundles HPKE ciphertext
//!   with policy-context AAD binding.
//! - [`threshold`]: RFC 9180 post-DH operations for threshold decryption
//!   (`decrypt_with_precomputed_dh`). Feature-gated behind `threshold`.
//! - [`error`]: Shared [`CryptoError`] type for the module.

pub mod ed25519;
pub mod encrypted_partial;
pub mod envelope;
pub mod error;
pub mod hpke;
#[cfg(feature = "threshold")]
pub mod threshold;

pub use ed25519::{
    derive_ed25519_from_ecdsa, derive_ed25519_signed_read, ed25519_to_x25519_private, ed25519_to_x25519_public,
    sign_data_ref, verify_data_ref,
};
// Re-export ed25519-dalek primitives so downstream crates (operator, gateway,
// challenger) can construct, sign, and verify Ed25519 messages without taking a
// direct dependency on `ed25519-dalek`. Naming with the `Ed25519` prefix avoids
// colliding with `alloy::primitives::Signature` at use sites that already pull
// in alloy.
pub use ed25519_dalek::{
    Signature as Ed25519Signature, Signer as Ed25519Signer, SigningKey as Ed25519SigningKey,
    Verifier as Ed25519Verifier, VerifyingKey as Ed25519VerifyingKey,
};
pub use encrypted_partial::{EnclaveOperatorId, EncryptedPartialDH};
#[cfg(feature = "database")]
pub use envelope::decrypt_envelopes;
#[cfg(feature = "database")]
pub use envelope::decrypt_envelopes_with_key;
pub use envelope::{compute_aad, derive_hpke_keypair_from_ecdsa, derive_hpke_keypair_from_raw, SecureEnvelope};
pub use error::CryptoError;
pub use hpke::{decrypt, encrypt, generate_keypair, HpkePrivateKey, HpkePublicKey};