pub fn derive_emoji_verification(shared_secret: &[u8; 32]) -> [&'static str; 6]Expand description
Derive a 6-emoji verification sequence from a PQXDH shared secret
This function takes a 32-byte shared secret and derives a sequence of 6 emojis that can be displayed to users for manual verification. The derivation uses BLAKE3 with domain separation to ensure the emojis cannot be used to recover the original shared secret.
§Security Properties
- One-way function: BLAKE3 is cryptographically one-way
- Domain separation: Uses unique context string for verification
- Limited exposure: Only 48 bits of derived data used for emojis
- Uniform distribution: Each emoji has equal probability (1/64)
- High collision resistance: 64^6 = 68.7 billion possible sequences
§Algorithm
- Derive 32-byte fingerprint using BLAKE3 with domain separation
- Split fingerprint into 6 chunks of ~5.33 bytes each
- Convert each chunk to little-endian integer
- Map integer modulo 64 to emoji index
§Arguments
shared_secret- 32-byte PQXDH shared secret
§Returns
Array of 6 emoji strings for user verification
§Example
use zoe_app_primitives::invitation::derive_emoji_verification;
let shared_secret = [0u8; 32]; // Example shared secret
let emojis = derive_emoji_verification(&shared_secret);
println!("Verify these emojis match: {}", emojis.join(" "));