Module keys

zoe_wire_protocol

Module keys 

Source
Expand description

Hybrid cryptographic key system supporting multiple signature algorithms.

This module provides a unified interface for working with different signature algorithms, supporting both legacy Ed25519 and post-quantum ML-DSA signatures. The hybrid approach allows for gradual migration from classical to post-quantum cryptography.

§Supported Algorithms

  • Ed25519: Legacy elliptic curve signatures (32-byte keys, 64-byte signatures)
  • ML-DSA-44: Post-quantum signatures for TLS certificates (~128-bit security)
  • ML-DSA-65: Post-quantum signatures for messages (~192-bit security)
  • ML-DSA-87: Post-quantum signatures for high security (~256-bit security)

§Key Generation

use zoe_wire_protocol::{KeyPair, VerifyingKey, SigningKey};
use rand::rngs::OsRng;

// Generate different key types
let ed25519_keypair = KeyPair::generate_ed25519(&mut OsRng);
let ml_dsa_65_keypair = KeyPair::generate(&mut OsRng); // Default: ML-DSA-65

// Access keys
let verifying_key = ed25519_keypair.public_key();
let signature = ed25519_keypair.sign(b"message");

§Signing and Verification

use zoe_wire_protocol::{KeyPair, VerifyingKey, SigningKey};
use rand::rngs::OsRng;

let keypair = KeyPair::generate(&mut OsRng);
let message = b"Hello, world!";

// Sign message
let signature = keypair.sign(message);

// Verify signature
let verifying_key = keypair.public_key();
let is_valid = verifying_key.verify(message, &signature)?;
assert!(is_valid);

§Serialization

All key types support postcard serialization for storage and transmission:

use zoe_wire_protocol::{VerifyingKey, Signature};

// Serialize keys and signatures
let key_bytes = verifying_key.encode();
let sig_bytes = signature.encode();

// Keys can be deserialized using postcard
let key_restored: VerifyingKey = postcard::from_bytes(&key_bytes)?;
let sig_restored: Signature = postcard::from_bytes(&sig_bytes)?;

Modules§

serde_helpers 🔒

Enums§

Algorithm
Cryptographic algorithm identifier
KeyPair
KeyPairError
Error type for KeyPair serialization and deserialization operations
Signature
SigningKey
Private key for creating digital signatures supporting multiple algorithms.
VerifyError
VerifyingKey
Public key for signature verification supporting multiple algorithms.
VerifyingKeyError
Error type for VerifyingKey PEM operations