[−][src]Crate zerocaf
What is Zerocaf?
Zerocaf is a pure Rust cryptographic library constructed to define operations for an elliptic curve embedded
into the Ristretto scalar field, which allows the construction of prime order groups
from an otherwise non prime order curve.
The ultimate purpose of defining operations is for set inclusion proofs - where it is shown, in zero-knowledge,
that a private key exists in a set of many public keys.
Additionally, the zero-knowledge proofs use Bulletproofs as the argument for arithmetic circuits that are used to form arbitrary constraint systems.
What can it be used for?
The main goal of the library, as said before, is to be the base of operations over set inclusion proofs
and other Zero-Knowledge protocols.
But since Zerocaf is build upon the Doppio Curve using the Ristretto protocol, it allows other devs to build
cryptographic protocols over it without needing to take care about the co-factor of the curve.
This, brings to developers, a good mathematical backend library which can be used as a mid-level
API
for building all kinds of cryptographic protocols over it such as key agreement, signatures,
anonymous credentials, rangeproofs...
Usage
To import the library as a dependency of your project, just add on your Cargo.toml
s project file:
zerocaf = "0"
Then import the crate as:
extern crate zerocaf;
Backends.
Zerocaf has been builded following the Curve25519-dalek library structure, so it allows
multiple babkend-implementations. It's build to enable modularity.
NowZerocaf
has only implemented the u64 backend.
By default, the u64
backend is the one which is used to perform all of
the operations.
On the future, we would like to implement an u32
backend too.
To select a backend just type:
// For unoptimized builds:
cargo build --features "u64_backend"
// For optimized/release builds:
cargo build --release --features "u64_backend"
Security and features of Zerocaf
As is previously mentioned, zerocaf is designed to host the fastest possible curve operations whilst
simultaneously avoiding all of the drawbacks associated with having a cofactor such that h > 1.
To achieve this we make use of Ristretto, which is a technique to construct prime order elliptic curve groups.
The Ristretto protocol compresses the cofactor by adding a thin abstraction layer to allow small changes
in code to ultimately omit the cofactor issues.
This is achieved by having defining the twisted edwards curve over the ristretto scalar field,
which means to perform every operation on the curve in modulo L,
where L is the order of the ristretto scalar field. L = 2^252 + 27742317777372353535851937790883648493.
By expounding the operations in this manner, we can benefit from the speed of a non-prime order twisted edwards curve whilst not suffering the pitfalls of a cofactor greater than one.
NOTE: If no backend is selected, compilation will fail!
Performance & Benchmarks
Benchmarks have been implemented using Criterion.rs.
To run them just execute cargo bech
on the repository root.
All of the operatons have been implemented using bit-shifting techniques to allow a better performance and a decrease in execution time.
Modules
backend | Contains the different backend implementations: |
constants | Contains the curve-constants needed by the different algorithm implementations. |
edwards | Edwards Point operation implementations and definitions. Encoding/decoding processes implementation and support for all kind of interactions with them. |
field | A |
montgomery | Implementation that provides support for Montgomery Points over the Doppio curve. |
scalar | A |
traits | Module for Public Trait implementations. |