Skip to main content

Crate saorsa_seal

Crate saorsa_seal 

Source
Expand description

§Threshold Sealing for Group Data in the Saorsa Network

saorsa-seal provides threshold sealing capabilities for the Saorsa network, combining threshold cryptography, forward error correction, and authenticated encryption to create a robust distributed data protection system.

§Architecture Integration

This crate leverages the Saorsa ecosystem:

  • [saorsa-core]: Threshold cryptography and DHT abstraction
  • [saorsa-fec]: Forward error correction and AEAD encryption
  • [saorsa-pqc]: Post-quantum cryptography

§Core Features

  • Threshold Sealing: Uses Shamir’s Secret Sharing via [saorsa-core] for configurable threshold schemes
  • Forward Error Correction: Reed-Solomon coding via [saorsa-fec] for fault tolerance
  • AEAD Encryption: XChaCha20-Poly1305 content encryption via [saorsa-fec::CryptoEngine]
  • Post-Quantum Security: ML-KEM-768 encryption via [saorsa-pqc]
  • Distributed Storage: DHT abstraction from [saorsa-core] for decentralized storage
  • Verifiable Shares: Feldman commitments for cryptographic share verification
  • Envelope Encryption: Post-quantum recipient encryption using ML-KEM-768

§Quick Start

use saorsa_seal::{seal_bytes, open_bytes, SealPolicy, FecParams, EnvelopeKind, Recipient, RecipientId};
use std::collections::HashMap;
use std::sync::Mutex;

// Simple DHT implementation for testing
#[derive(Debug)]
struct TestDht {
    storage: Mutex<HashMap<[u8; 32], Vec<u8>>>,
}

impl TestDht {
    fn new() -> Self {
        Self { storage: Mutex::new(HashMap::new()) }
    }
}

impl saorsa_seal::Dht for TestDht {
    fn put(&self, key: &[u8; 32], value: &[u8], _ttl: Option<u64>) -> anyhow::Result<()> {
        self.storage.lock().unwrap().insert(*key, value.to_vec());
        Ok(())
    }

    fn get(&self, key: &[u8; 32]) -> anyhow::Result<Vec<u8>> {
        self.storage.lock().unwrap().get(key).cloned()
            .ok_or_else(|| anyhow::anyhow!("Key not found"))
    }
}

#[tokio::main]
async fn main() -> anyhow::Result<()> {
    let dht = TestDht::new();
    let plaintext = b"Hello, Saorsa Network!";

    // Create recipients (5 total, threshold of 3)
    let recipients: Vec<Recipient> = (0..5)
        .map(|i| Recipient {
            id: RecipientId::from_bytes(vec![i; 32]),
            public_key: None,
        })
        .collect();

    // Configure sealing policy
    let policy = SealPolicy {
        n: 5, t: 3, recipients,
        fec: FecParams { data_shares: 3, parity_shares: 2, symbol_size: 1024 },
        envelope: EnvelopeKind::PostQuantum,
        aad: vec![],
    };

    // Seal and recover data
    let summary = seal_bytes(plaintext, &policy, &dht).await?;
    // ... (recovery process)
     
    Ok(())
}

§Features

  • std (default): Standard library support
  • Post-quantum cryptography is always enabled via saorsa-pqc
  • telemetry: Tracing and metrics support

Re-exports§

pub use api::open_bytes;
pub use api::open_file;
pub use api::seal_bytes;
pub use api::seal_file;
pub use types::*;

Modules§

aead
AEAD content encryption using saorsa-fec CryptoEngine
api
High-level API functions for sealing and opening data
envelope
Envelope encryption abstraction for recipient encryption
types
Core types for threshold sealing operations

Traits§

Dht