Crate r255b3

source ·
Expand description

The r255b3 signature scheme: deterministic Schnorr signatures with Curve25519 and Blake3.

WARNING! This signature scheme has not been thoroughly reviewed and is not standardized. This code has not been audited. Use this crate at your own risk, not others!

The r255b3 signature scheme provides short (384 bit) signatures aiming at a roughly 128 bit security level. It is designed for speed - a single pass of Blake3 and the usual Schnorr-style operations for both signing and verifying. It also tries to support ease of good usage: no signature malleability! domain separation required!

Generating

To sign a message you first need a SecretKey.

use r255b3::SecretKey;
use rand::{RngCore,rngs::OsRng};

// Generate 256 random bits.
let mut csprng = OsRng;
let mut raw_key = [0u8; 32];
csprng.fill_bytes(&mut raw_key);

// Create a secret key from those bits.
let secret_key = SecretKey::from_bytes(raw_key);

Signing

Once generated, the secret key can produce a Signature for a messages:

use r255b3::{Domain,Signature};

let msg: &[u8] = b"Did gyre and gimble in the wabe:";
let domain = "test domain for documentation...";
let sig: Signature = secret_key.sign(domain, msg);

Verifying

Then we can derive the PublicKey, and check the signature.

use r255b3::PublicKey;

let public_key: PublicKey = secret_key.derive_public();
assert!(public_key.verify(domain, &sig, msg).is_ok());

Single-pass and incremental operation

r255b3 has been designed to accept incremental and streaming inputs.

use r255b3::SignerVerifier;

let mut sv: SignerVerifier = SignerVerifier::init("test domain for documentation...");

sv.feed(b"`Twas brillig, and the slithy toves");
assert!(sv.verify(&public_key, &sv.sign(&secret_key)).is_ok());

sv.feed(b"Did gyre and gimble in the wabe:");
assert_eq!(sv.sign(&secret_key), secret_key.sign("test domain for documentation...",
    b"`Twas brillig, and the slithy tovesDid gyre and gimble in the wabe:"));

With the std feature enabled, the SignerVerifier also implements std::io::Write, allowing serialization directly into the signature scheme’s input.

Structs

  • Keys
    A r255b3 keypair, to sign or verify messages.
  • PublicKey
    A r255b3 public key to verify signatures.
  • Scalar
    The Scalar struct holds an element of \(\mathbb Z / \ell\mathbb Z \).
  • SecretKey
    A r255b3 secret key to sign messages with.
  • Signature
    A r255b3 signature.
  • SignerVerifier
    Schnorr-Ristretto-Blake3 signer-verifier.

Enums

  • Error
    The errors we can encounter while working with r255b3 keys and signatures.

Type Aliases