Cryptography
Cryptography is delicate.
We aim to use robust and efficient components, with mandatory domain separation and a lack of common gotchas.
Unfortunately most conventional components are XChaCha20-Poly1305 doesn't provide key commitment, Ed25519 has problems with malleability, neither provides a standard way to do domain separation.
The cryptography is organized into generations, sets of implementations which fulfill the component requirements. To reduce code bloat each generation should be implemented with a minimal set of primitives.
There is currently one generation, built from these primitives:
- Blake3 for data hashing, authenticity, and key derivation.
- XChaCha8 for encryption.
- Ristretto255 for public key operations.