Module public_key

Expand description

Public-key building blocks.

This module starts with the arithmetic foundation needed by the public-key schemes here: a simple limb-based bigint representation, a reusable Montgomery toolkit, plus primality and modular-arithmetic helpers. The goal is fidelity to the published arithmetic in pure idiomatic Rust, not a replacement for industrial multiprecision libraries or a wrapper around external C code.

The public-key APIs are layered, but not every scheme exposes every layer with the same shape:

arithmetic maps such as encrypt_raw, encrypt_with_nonce, encrypt_point_with_nonce, or sign_digest_with_nonce
typed wrappers such as encrypt, decrypt, sign_message, and verify_message, which operate on the scheme’s natural plaintext, ciphertext, or signature representation
byte wrappers such as encrypt_bytes, decrypt_bytes, verify_message_bytes, standard wire encodings, and crate-defined key blobs

The important design rule is that the math stays visible. The exact method set depends on what the underlying construction naturally supports: signature schemes do not grow encryption wrappers, key-agreement schemes do not pretend to be byte-to-byte encryption APIs, and schemes such as ECIES intentionally present a direct byte-oriented wrapper because the primitive is already hybrid encryption.

The arithmetic primitives remain directly accessible, and the wrapper layer adds:

rsa_pkcs1 for OAEP encryption and PSS signatures
rsa_io for standard RSA key serialization (PKCS #1, PKCS #8, SPKI) plus an optional flat XML export for symmetry with the other schemes
internal io helpers for the crate-defined non-RSA key formats: a DER SEQUENCE of positive INTEGERs, custom PEM armor, and the shared flat XML form

Public-key naming is normalized crate-wide:

prefer *_with_nonce for deterministic/external-randomness entry points
prefer to_wire_bytes / from_wire_bytes for standard compact encodings that omit curve or algorithm parameters
prefer to_key_blob / from_key_blob for crate-defined self-describing binary formats

This follows the crate-wide design rule: keep the implementation in Rust, avoid intrinsics and FFI, and add dependencies only where they materially improve interoperability or maintenance.

Modules§

bigint: A small pure-Rust bigint foundation for public-key primitives.
cocks: Clifford Cocks’s original public-key scheme (CESG memo, 1973).
dh: Classical Diffie-Hellman (DH) key exchange over a prime-order subgroup.
dsa: Digital Signature Algorithm (DSA, FIPS 186-5).
ec: Elliptic-curve arithmetic over short-Weierstrass prime-field curves.
ec_edwards: Twisted Edwards curve arithmetic over prime fields.
ec_elgamal: Elliptic-curve ElGamal encryption.
ecdh: Elliptic-Curve Diffie-Hellman (ECDH) key exchange.
ecdsa: Elliptic-Curve Digital Signature Algorithm (ECDSA, FIPS 186-5).
ecies: Elliptic Curve Integrated Encryption Scheme (ECIES).
ed25519: RFC 8032 Ed25519.
eddsa: Edwards-curve Digital Signature Algorithm style signatures.
edwards_dh: Diffie-Hellman key agreement over twisted Edwards curves.
edwards_elgamal: ElGamal encryption over twisted Edwards curves.
elgamal: ElGamal public-key primitive (Taher ElGamal, 1985).
ml_dsa: ML-DSA (Dilithium) implemented in safe, idiomatic Rust from FIPS 204.
ml_kem: ML-KEM (Kyber) implemented in safe, idiomatic Rust from FIPS 203.
paillier: Paillier public-key primitive (Pascal Paillier, 1999).
primes: Primality and modular-arithmetic helpers for the public-key layer.
rabin: Rabin public-key primitive (Michael O. Rabin, 1979).
rsa: RSA public-key primitive (Rivest, Shamir, Adleman, 1978).
rsa_io: Modern RSA key externalization helpers.
rsa_pkcs1: PKCS #1 v2.2 wrappers for the raw RSA primitive.
schmidt_samoa: Schmidt-Samoa public-key primitive (Katja Schmidt-Samoa, 2005).
x448: X448 ECDH per RFC 7748 §5 over Curve448.
x25519: X25519 ECDH per RFC 7748 §5 over Curve25519.