The crypto component hosts all the implementations of cryptographic primitives we use in Libra: hashing, signing, and key derivation/generation. The parts of the library usig traits.rs contain the crypto API enforcing type safety, verifiable random functions, EdDSA & BLS signatures.
Libra makes use of several cryptographic algorithms:
- SHA-3 as the main hash function. It is standardized in FIPS 202. It is based on the tiny_keccak library.
- HKDF: HMAC-based Extract-and-Expand Key Derivation Function (HKDF) based on RFC 5869. It is used to generate keys from a salt (optional), seed, and application-info (optional).
- traits.rs introduces new abstractions for the crypto API.
- Ed25519 performs signatures using the new API design based on ed25519-dalek library with additional security checks (e.g. for malleability).
- BLS12381 performs signatures using the new API design based on threshold_crypto library. BLS signatures currently undergo a standardization process.
- ECVRF implements a verifiable random function (VRF) according to draft-irtf-cfrg-vrf-04 over curve25519.
- SLIP-0010 implements universal hierarchical key derivation for Ed25519 according to SLIP-0010.
- X25519 to perform key exchanges. It is used to secure communications between validators via the Noise Protocol Framework. It is based on the x25519-dalek library.
How is this module organized?
crypto/src ├── hash.rs # Hash function (SHA-3) ├── hkdf.rs # HKDF implementation (HMAC-based Extract-and-Expand Key Derivation Function based on RFC 5869) ├── macros/ # Derivations for SilentDebug and SilentDisplay ├── utils.rs # Serialization utility functions ├── lib.rs ├── bls12381.rs # Bls12-381 implementation of the signing/verification API in traits.rs ├── ed25519.rs # Ed25519 implementation of the signing/verification API in traits.rs ├── slip0010.rs # SLIP-0010 universal hierarchical key derivation for Ed25519 ├── x25519.rs # X25519 keys generation ├── test_utils.rs ├── traits.rs # New API design and the necessary abstractions ├── unit_tests/ # Tests └── vrf/ ├── ecvrf.rs # ECVRF implementation using curve25519 and SHA512 ├── mod.rs └── unit_tests # Tests