Cryptography is delicate.

We aim to use robust and efficient components, with mandatory domain separation and a lack of common gotchas.

Unfortunately most conventional components are XChaCha20-Poly1305 doesn't provide key commitment, Ed25519 has problems with malleability, neither provides a standard way to do domain separation.

The cryptography is organized into generations, sets of implementations which fulfill the component requirements. To reduce code bloat each generation should be implemented with a minimal set of primitives.

There is currently one generation, built from these primitives:

  • Blake3 for data hashing, authenticity, and key derivation.
  • XChaCha8 for encryption.
  • Ristretto255 for public key operations.