reddsa/README.md

A minimal [RedDSA][reddsa] implementation for use in Zcash.

Two specializations of RedDSA are used in Zcash: RedJubjub and
RedPallas. For each of these, two parameterizations are used, one for
`BindingSig` and one for `SpendAuthSig`. This library distinguishes
these in the type system, using the [sealed] `SigType` trait as a
type-level enum.

In addition to the `Signature`, `SigningKey`, `VerificationKey` types,
the library also provides `VerificationKeyBytes`, a [refinement] of a
`[u8; 32]` indicating that bytes represent an encoding of a RedDSA
verification key. This allows the `VerificationKey` type to cache
verification checks related to the verification key encoding.
For all specializations of RedDSA used in Zcash, encodings of signing
and verification keys are 32 bytes.

## Examples

Creating a `BindingSig`, serializing and deserializing it, and
verifying the signature:

```rust
# use std::convert::TryFrom;
use rand::thread_rng;
use reddsa::*;

let msg = b"Hello!";

// Generate a secret key and sign the message
let sk = SigningKey::<sapling::Binding>::new(thread_rng());
let sig = sk.sign(thread_rng(), msg);

// Types can be converted to raw byte arrays using From/Into
let sig_bytes: [u8; 64] = sig.into();
let pk_bytes: [u8; 32] = VerificationKey::from(&sk).into();

// Deserialize and verify the signature.
let sig: Signature<sapling::Binding> = sig_bytes.into();
assert!(
    VerificationKey::try_from(pk_bytes)
        .and_then(|pk| pk.verify(msg, &sig))
        .is_ok()
);
```

## FROST

You can enable ZIP-312 re-randomized FROST support with the `frost` feature.
This is still experimental since ZIP-312 is still a draft.

## docs

```shell,no_run
cargo doc --features "nightly" --open
```

## Developers guide

See [DEVELOPERS.md](DEVELOPERS.md).


[reddsa]: https://zips.z.cash/protocol/protocol.pdf#concretereddsa
[zebra]: https://github.com/ZcashFoundation/zebra
[refinement]: https://en.wikipedia.org/wiki/Refinement_type
[sealed]: https://rust-lang.github.io/api-guidelines/future-proofing.html#sealed-traits-protect-against-downstream-implementations-c-sealed
Rename crate to reddsa 2021-03-01 06:38:25 -08:00			`A minimal [RedDSA][reddsa] implementation for use in Zcash.`
Add readme, module layout 2019-12-02 21:32:38 -08:00
Introduce SpendAuth: SigType and Binding: SigType traits The prior `SpendAuth` and `Binding` enums have been renamed to `sapling::{SpendAuth, Binding}`. These might subsequently be removed from the crate entirely (moving into a wrapping `redjubjub` crate). The code assumes that scalar and point representations are [u8; 32], which will be the case for all curves we instantiate RedDSA with for Zcash. 2021-03-01 07:29:07 -08:00			`Two specializations of RedDSA are used in Zcash: RedJubjub and`
			`RedPallas. For each of these, two parameterizations are used, one for`
Change terminology to signing, verification keys (#35) Matches ed25519-zebra. Resolves #33 2020-06-25 11:56:29 -07:00			`BindingSig` and one for `SpendAuthSig`. This library distinguishes
			these in the type system, using the [sealed] `SigType` trait as a
			`type-level enum.`
Add readme, module layout 2019-12-02 21:32:38 -08:00
Change terminology to signing, verification keys (#35) Matches ed25519-zebra. Resolves #33 2020-06-25 11:56:29 -07:00			In addition to the `Signature`, `SigningKey`, `VerificationKey` types,
			the library also provides `VerificationKeyBytes`, a [refinement] of a
Introduce SpendAuth: SigType and Binding: SigType traits The prior `SpendAuth` and `Binding` enums have been renamed to `sapling::{SpendAuth, Binding}`. These might subsequently be removed from the crate entirely (moving into a wrapping `redjubjub` crate). The code assumes that scalar and point representations are [u8; 32], which will be the case for all curves we instantiate RedDSA with for Zcash. 2021-03-01 07:29:07 -08:00			`[u8; 32]` indicating that bytes represent an encoding of a RedDSA
Change terminology to signing, verification keys (#35) Matches ed25519-zebra. Resolves #33 2020-06-25 11:56:29 -07:00			verification key. This allows the `VerificationKey` type to cache
			`verification checks related to the verification key encoding.`
Introduce SpendAuth: SigType and Binding: SigType traits The prior `SpendAuth` and `Binding` enums have been renamed to `sapling::{SpendAuth, Binding}`. These might subsequently be removed from the crate entirely (moving into a wrapping `redjubjub` crate). The code assumes that scalar and point representations are [u8; 32], which will be the case for all curves we instantiate RedDSA with for Zcash. 2021-03-01 07:29:07 -08:00			`For all specializations of RedDSA used in Zcash, encodings of signing`
			`and verification keys are 32 bytes.`
Update README, fill missing impls. 2019-12-04 17:36:01 -08:00
			`## Examples`

Change terminology to signing, verification keys (#35) Matches ed25519-zebra. Resolves #33 2020-06-25 11:56:29 -07:00			Creating a `BindingSig`, serializing and deserializing it, and
			`verifying the signature:`
Add docs command. 2019-12-02 22:38:15 -08:00
use rust in code sample of the README (#96) 2021-05-17 05:48:24 -07:00			```rust
Update README, fill missing impls. 2019-12-04 17:36:01 -08:00			`# use std::convert::TryFrom;`
			`use rand::thread_rng;`
Rename crate to reddsa 2021-03-01 06:38:25 -08:00			`use reddsa::*;`
Update README, fill missing impls. 2019-12-04 17:36:01 -08:00
			`let msg = b"Hello!";`

			`// Generate a secret key and sign the message`
Introduce SpendAuth: SigType and Binding: SigType traits The prior `SpendAuth` and `Binding` enums have been renamed to `sapling::{SpendAuth, Binding}`. These might subsequently be removed from the crate entirely (moving into a wrapping `redjubjub` crate). The code assumes that scalar and point representations are [u8; 32], which will be the case for all curves we instantiate RedDSA with for Zcash. 2021-03-01 07:29:07 -08:00			`let sk = SigningKey::<sapling::Binding>::new(thread_rng());`
Update README, fill missing impls. 2019-12-04 17:36:01 -08:00			`let sig = sk.sign(thread_rng(), msg);`

			`// Types can be converted to raw byte arrays using From/Into`
			`let sig_bytes: [u8; 64] = sig.into();`
Change terminology to signing, verification keys (#35) Matches ed25519-zebra. Resolves #33 2020-06-25 11:56:29 -07:00			`let pk_bytes: [u8; 32] = VerificationKey::from(&sk).into();`
Update README, fill missing impls. 2019-12-04 17:36:01 -08:00
			`// Deserialize and verify the signature.`
Introduce SpendAuth: SigType and Binding: SigType traits The prior `SpendAuth` and `Binding` enums have been renamed to `sapling::{SpendAuth, Binding}`. These might subsequently be removed from the crate entirely (moving into a wrapping `redjubjub` crate). The code assumes that scalar and point representations are [u8; 32], which will be the case for all curves we instantiate RedDSA with for Zcash. 2021-03-01 07:29:07 -08:00			`let sig: Signature<sapling::Binding> = sig_bytes.into();`
Update README, fill missing impls. 2019-12-04 17:36:01 -08:00			`assert!(`
Change terminology to signing, verification keys (#35) Matches ed25519-zebra. Resolves #33 2020-06-25 11:56:29 -07:00			`VerificationKey::try_from(pk_bytes)`
Update README, fill missing impls. 2019-12-04 17:36:01 -08:00			`.and_then(\|pk\| pk.verify(msg, &sig))`
			`.is_ok()`
			`);`
			```

bump to 0.5.0; don't enable frost-rerandomized with std (#48) * bump to 0.4.1; don't enable frost-rerandomized with std * Apply suggestions from code review Co-authored-by: str4d <thestr4d@gmail.com> * add rust-version to Cargo.toml * use published version of frost-rerandomized --------- Co-authored-by: str4d <thestr4d@gmail.com> 2023-03-09 12:05:07 -08:00			`## FROST`

			You can enable ZIP-312 re-randomized FROST support with the `frost` feature.
			`This is still experimental since ZIP-312 is still a draft.`

Update README, fill missing impls. 2019-12-04 17:36:01 -08:00			`## docs`

			```shell,no_run
Add docs command. 2019-12-02 22:38:15 -08:00			`cargo doc --features "nightly" --open`
			```

add DEVELOPERS.md (#73) 2023-11-22 09:19:52 -08:00			`## Developers guide`

			`See [DEVELOPERS.md](DEVELOPERS.md).`


Rename crate to reddsa 2021-03-01 06:38:25 -08:00			`[reddsa]: https://zips.z.cash/protocol/protocol.pdf#concretereddsa`
Add readme, module layout 2019-12-02 21:32:38 -08:00			`[zebra]: https://github.com/ZcashFoundation/zebra`
Update README, fill missing impls. 2019-12-04 17:36:01 -08:00			`[refinement]: https://en.wikipedia.org/wiki/Refinement_type`
Rename to just `redjubjub`. 2019-12-09 13:54:10 -08:00			`[sealed]: https://rust-lang.github.io/api-guidelines/future-proofing.html#sealed-traits-protect-against-downstream-implementations-c-sealed`