Hierarchical secret derivation with Blake2b

Build Status License: Apache-2.0 rust 1.46.0+ required

Documentation: Docs.rs crate docs (master)

secret-tree allows deriving multiple secrets from a single seed value in a secure and forward-compatible way. The derivation procedure is hierarchical: a seed can be used to derive child seeds, which have the same functionality as the original.

Features

Usage

Add this to your Crate.toml:

toml [dependencies] secret-tree = "0.3.0"

See crate documentation for more details how to use the crate.

Implementation

Blake2b is used to derive secrets in a similar (and mostly compatible) way it is used for key derivation in [libsodium]. Derived CSPRNGs are based on the [ChaCha cipher], which has been extensively studied and has much smaller state size that alternatives (~160 bytes vs several kilobytes), limiting the threat of state leakage.

Crate documentation provides more implementation details.