recrypt 0.15.0

A pure-Rust implementation of Transform Encryption, a Proxy Re-encryption scheme
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

# CLAUDE.md

This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.

## Project Overview

recrypt-rs is a pure-Rust implementation of Transform Encryption (also known as Proxy Re-encryption or PRE). It implements cryptographic primitives that allow data encrypted to one public key to be transformed so it can be decrypted by another user's private key, without exposing the plaintext or private keys during the transformation.

## Build Commands

```bash
cargo build              # Build the library
cargo test               # Run all tests
cargo test <test_name>   # Run a single test
cargo bench              # Run benchmarks
cargo fmt --all -- --check  # Check formatting (CI uses nightly rustfmt)
```

For WASM builds:
```bash
cargo build --features wasm --no-default-features --target wasm32-unknown-unknown
```

## Architecture

### Two Security Levels

The library provides two security levels with separate public APIs:

- **256-bit** (`src/api.rs`): Primary API via `Recrypt` struct, uses Barreto-Naehrig curve with 256-bit field. Better performance.
- **480-bit** (`src/api_480.rs`): Higher security via `Recrypt480` struct, uses 480-bit field. Slower but more secure.

Both APIs share identical method signatures through traits (`KeyGenOps`, `CryptoOps`, `Ed25519Ops`, `SchnorrOps`).

### Module Structure

- `src/lib.rs` - Crate entry point with doc examples
- `src/prelude.rs` - Common re-exports for convenient imports
- `src/api.rs` / `src/api_480.rs` - Public APIs (256/480-bit)
- `src/api_common.rs` - Shared code between both APIs
- `src/internal/` - Core cryptographic implementations (not public API):
  - `pairing.rs` - Optimal Ate pairing over Barreto-Naehrig curves
  - `curve.rs` - Pre-computed curve points (generator, g1, hash_element)
  - `fp*.rs` - Finite field arithmetic (Fp, Fp2, Fp6, Fp12 tower extensions)
  - `homogeneouspoint.rs` - Elliptic curve point operations
  - `schnorr.rs` - Schnorr signatures for transform key verification
  - `ed25519.rs` - Ed25519 signatures for message authentication
  - `memlock.rs` - Memory protection via mlock for secret data

### Key Types

- `Plaintext` - Unencrypted Fp12 element (memory-locked)
- `PrivateKey` / `PublicKey` - Keypairs for encryption/decryption
- `TransformKey` - Enables re-encryption from one key to another
- `EncryptedValue` - Encrypted data (level 0 = direct, level 1+ = transformed)
- `SigningKeypair` - Ed25519 keypair for message signatures

### Dependency on gridiron

The library depends on `gridiron` (local path `../gridiron`) for finite field arithmetic. This is IronCore's optimized field arithmetic library.

## Feature Flags

- `wasm` - Enable WebAssembly support (disables memlock, enables wasm-bindgen for getrandom)
- `disable_memlock` - Disable automatic memory locking for platforms that don't support it

## Testing

The test suite includes property-based tests using proptest. Tests are run with optimizations enabled (`opt-level = 2` in dev profile) because crypto operations are too slow unoptimized.

## Minimum Supported Rust Version

MSRV is 1.85.0 (tested in CI).