Expand description
Cryptographic algorithm identifiers for VSF hash, signature, and key types
Each type (h, g, k) uses a single lowercase ASCII letter (a-z) to identify the algorithm. This gives 26 slots per type, with most reserved for future use.
§Important: Algorithm vs Output Size
Each letter represents a distinct algorithm, NOT just a different output size:
- SHA-256 (
s) and SHA-512 (t) are different algorithms (32-bit vs 64-bit internal words, different round counts) - They are not “the same algorithm with different output lengths”
§Variable-Length Output
Some algorithms support variable output lengths while maintaining the same algorithm ID:
- BLAKE3: Can output any length (default 32 bytes, but can produce 1 byte to 2^64 bytes)
- BLAKE2b: Can output 1-64 bytes
- SHA-3: Supports “XOF” (extendable output) variants
When storing a hash, the actual output length is encoded in the VSF h type’s length field. The algorithm ID just tells you which hash function was used.
Constants§
- HASH_
BLAK E3 - BLAKE3 hash - RECOMMENDED DEFAULT
- HASH_
SHA256 - SHA-256 hash
- HASH_
SHA512 - SHA-512 hash
- KEY_
AES256_ GCM - AES-256-GCM symmetric key
- KEY_
CHACH A20_ POLY1305 - ChaCha20-Poly1305 symmetric key
- KEY_
ED25519 - Ed25519 public key - RECOMMENDED DEFAULT
- KEY_
FRODO - FrodoKEM public key
- KEY_
MCELIECE - Classic McEliece public key
- KEY_
ML_ KEM - ML-KEM public key (FIPS 203 - formerly Kyber)
- KEY_
P_ CURVE - P-curve ECDSA/ECDH public key (P-256, P-384)
- KEY_
SECP256 K1 - secp256k1 public key (Bitcoin curve)
- KEY_
SHARED_ SECRET - Shared secret / derived key material
- KEY_
X25519 - X25519 public key
- MAC_
BLAK E3 - BLAKE3 keyed mode
- MAC_
CMAC - CMAC (AES-based)
- MAC_
HMAC_ SHA256 - HMAC-SHA256 - RECOMMENDED DEFAULT
- MAC_
HMAC_ SHA512 - HMAC-SHA512
- MAC_
POLY1305 - Poly1305
- SIG_
ECDSA_ P256 - ECDSA P-256 signature
- SIG_
ED25519 - Ed25519 signature - RECOMMENDED DEFAULT
- SIG_
RSA_ 2048 - RSA-2048 signature
- WRAP_
AES256_ GCM - AES-256-GCM encryption
- WRAP_
CHACH A20POL Y1305 - ChaCha20-Poly1305 AEAD encryption - RECOMMENDED DEFAULT
Functions§
- hash_
algorithm_ name - Get hash algorithm name from ID
- hash_
length - Get expected hash length in bytes
- is_
valid_ hash_ algorithm - Validate hash algorithm ID is known
- is_
valid_ key_ algorithm - Validate key algorithm ID is known
- is_
valid_ mac_ algorithm - Validate MAC algorithm ID is known
- is_
valid_ signature_ algorithm - Validate signature algorithm ID is known
- key_
algorithm_ name - Get key algorithm name from ID
- key_
length - Get expected public key length in bytes (None = variable length)
- mac_
algorithm_ name - Get MAC algorithm name from ID
- mac_
length - Get expected MAC tag length in bytes (None = variable length)
- signature_
algorithm_ name - Get signature algorithm name from ID
- signature_
length - Get expected signature length in bytes
- wrap_
algorithm_ name - Get wrapping algorithm name from ID
- wrap_
key_ length - Get expected key length for wrapping algorithm in bytes