zecfoundation
/
ed25519-zebra
mirror of https://github.com/ZcashFoundation/ed25519-zebra.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
69 Commits 6 Branches 22 Tags 1.1 MiB
Rust 67.1%
Java 19.9%
Scala 11.7%
Shell 1.3%
Go to file
Douglas Roark 2abe8b96b5
Add JNI code for ed25519-zebra (#37) 
* Add JNI code for ed25519-zebra

Add some code allowing other languages, via JNI, to interact with ed25519-zebra. The initial commit:

- Allows users to obtain a random 32 byte signing key seed.
- Allows users to obtain a 32 byte verification key from a signing key seed.
- Allows users to sign arbitrary data.
- Allows users to verify an Ed25519 signature.
- Includes a Java file that can be used.
- Includes some Scala-based JNI tests.

* Review fixups

- Minor Rust code optimizations.
- Rust build optimizations.
- Tweak the JNI JAR prereq script to match the new outputs.

* Significant cleanup

- More build system tidying. The primary goal is to try to firewall the JNI code from everything else.
- README tidying.

* Grab bag of improvements

- Clean up the wrapper classes (streamlining, make constructors private, more mutability safety).
- private -> public for a static variable intended for public usage.
- Minor comment & build system cleanup.

* Bump JNI version to 0.0.4-DEV

Decided to bump the version to reflect earlier changes.

* Hard-code the ed25519-zebra version for ed25519jni to use

* Unify ed25519 JNI version

Also add "-JNI" to assist with tagging and otherwise distinguish the JNI code from the main library version/code.

* Add code to make VerificationKeyBytes comparison easier

Also add a test suite for VerificationKeyBytes.

* VerificationKeyBytes cleanup

- Fix hashCode() override.
- Add a test.
- Remove unneecessary semicolons.

* Add Signature to JNI

Mirror the Signature struct from Rust and add some basic tests. Also do a bit of Scala test cleanup.
 		2021-02-26 14:58:38 -08:00
.github Create Dependabot config file 2020-06-09 16:34:36 -04:00
benches Fix batch verification API to be usable in async contexts. (#22) 2020-06-16 13:44:34 -07:00
ed25519jni Add JNI code for ed25519-zebra (#37) 2021-02-26 14:58:38 -08:00
src Add Zeroize impl for SigningKey (#34) 2020-12-03 13:10:52 -08:00
tests Test that individual and batch verification match. 2020-07-30 10:18:19 -07:00
.gitignore Add JNI code for ed25519-zebra (#37) 2021-02-26 14:58:38 -08:00
CHANGELOG.md Bump version to 2.2.0 2020-09-25 11:26:45 -07:00
Cargo.toml Add Zeroize impl for SigningKey (#34) 2020-12-03 13:10:52 -08:00
README.md Fix typo 2020-10-12 19:12:06 -07:00

README.md

Zcash-flavored Ed25519 for use in Zebra.

Zcash uses Ed25519 for JoinSplit signatures with particular validation rules around edge cases in Ed25519 signatures. Ed25519, as specified in RFC8032, does not specify behaviour around these edge cases and so does not require conformant implementations to agree on whether a signature is valid. For most applications, these edge cases are irrelevant, but in Zcash, nodes must be able to reach consensus on which signatures would be valid, so these validation behaviors are consensus-critical.

Because the Ed25519 validation rules are consensus-critical for Zcash, Zebra requires an Ed25519 library that implements the Zcash-flavored validation rules specifically, and since it is unreasonable to expect an upstream dependency to maintain Zcash-specific behavior, this crate provides an Ed25519 implementation matching the Zcash consensus rules exactly.

However, this library may be of independent interest, as it implements ZIP215, a set of precisely specified validation rules for Ed25519 that make individual verification consistent with batch verification and are backwards-compatible with all existing Ed25519 signatures. Any non-Zcash users should use the ZIP215 rules:

ed25519-zebra = "2"

ZIP 215 and changes to Zcash-flavored Ed25519

Zcash Improvement Proposal 215 changes validation criteria for Ed25519 signatures in Zcash after its activation (currently scheduled for the Canopy network upgrade at block height 1046400). These changes remove the dependence on validation rules inherited from a specific point release of libsodium and make individual verification consistent with batch verification. More details and motivation are available in the text of ZIP215.

The 1.x series of this crate implements the legacy, pre-ZIP-215 validation criteria; the 2.x series of this crate implements the post-ZIP-215 validation criteria. Users (like Zebra or zcashd) who need to handle the upgrade can use both versions simultaneously using cargo renaming, e.g.,

ed25519-zebra-legacy = { package = "ed25519-zebra", version = "1" }
ed25519-zebra-zip215 = { package = "ed25519-zebra", version = "2" }

Example

use std::convert::TryFrom;
use rand::thread_rng;
use ed25519_zebra::*;

let msg = b"Zcash";

// Signer's context
let (vk_bytes, sig_bytes) = {
    // Generate a signing key and sign the message
    let sk = SigningKey::new(thread_rng());
    let sig = sk.sign(msg);

    // Types can be converted to raw byte arrays with From/Into
    let sig_bytes: [u8; 64] = sig.into();
    let vk_bytes: [u8; 32] = VerificationKey::from(&sk).into();

    (vk_bytes, sig_bytes)
};

// Verify the signature
assert!(
    VerificationKey::try_from(vk_bytes)
        .and_then(|vk| vk.verify(&sig_bytes.into(), msg))
        .is_ok()
);