fastcrypto is a common cryptography library used in software at Mysten Labs. It is published as an independent crate to encourage reusability across different applications and domains. It is a wrapper library around several carefully selected crates with the following considerations:
Furthermore, we extend the selected libraries with additional features: - Robust testing framework: Wycheproof tests and prop tests are added when possible to protect against arbitrary inputs and crafted edge cases. - Zeroization: Sensitive private key materials are cleared from memory securely and proactively when it goes out of scope using zeroize trait. - Serialization: Effective and standardized serialization are required.
This library will be continuously updated with more schemes and faster implementations based on benchmarking results, RFC updates, new research and auditor inputs.
This crate contains:
Traits that should be implemented by concrete types representing digital cryptographic materials.
SigningKey]: Trait implemented by the private key with associated types of its public key and signature. VerifyingKey]: Trait implemented by the public key with associated types of its private key and signature. It also includes a default implementation of batch verification that fails on empty batch verification.Authenticator]: Trait implemented by the signature with associated types of its public key and private key.AggregateAuthenticator]: Trait implemented by the aggregated signature, which allows adding signatures to the aggregated signature and verifying against the public keys with the corresponding messages.KeyPair]: Trait that represents a public/private keypair, which includes the common get priv/pub key functions and a keypair generation function with seeded randomness.ToFromBytes]: Trait that aims to minimize the number of steps involved in obtaining a serializable key.EncodeDecodeBase64]: Trait that extends ToFromBytes for immediate conversion to/from Base64 strings. This is the format in which cryptographic materials are stored.Concrete signature schemes of type that implement the recommended traits required for cryptographic agility.
ed25519-consensus crate. Compliant to ZIP-215 that defines the signature validity that is lacking from RFC8032 but critical for consensus algorithms. ed25519-dalek is fully deprecated due to the recently discovered Chalkias double pub-key api vulnerability.blst crate written in Assembly and C that optimizes for performance and security. G1 and G2 points are serialized following ZCash specification in compressed format. Provides methods for verifying signatures in the G1 group against public keys in the G2 group. Provides methods for aggregating signatures and fast verifying aggregated signatures, where public keys are assumed to be verified for proof of possession.Utility functions that serve as the underlying RUST implementation for the Move smart contract api.
A asynchronous signature service is provided for testing and benchmarking.
There exist tests for all the three schemes, which can be run by:
$ cargo test
One can compare all currently implemented schemes for sign, verify, verify_batch and
key-generation by running:
$ cargo bench
A report of the benchmarks is generated for each release, allowing easy comparison of the performance of the different cryptographic primitives and schemes available in fastcrypto. As an example, we get these timings for signing messages and verifying the signature for the different schemes in fastcrypto as of revision dbf2ea4:
| Scheme | Sign | Verify | | ---------------- | ---------- | ---------- | | Ed25519 | 20.556 μs | 57.110 μs | | BLS12377 | 581.66 μs | 2525.4 μs | | BLS12381 minsig | 167.69 μs | 1013.6 μs | | BLS12381 minpk | 410.96 μs | 1143.3 μs | | Secp256k1 | 102.06 μs | 47.641 μs |
Below is a plot from the report, showing benchmarks for batched signature verification where all signatures are on the same message:
All crates licensed under either of