Crate reach_signatures

Expand description

§Reach Signatures

This crate provides a dual-signature scheme combining classical Ed25519 elliptic curve signatures with post-quantum FN-DSA lattice-based signatures. Both signatures must be valid for authentication to succeed, providing security against both classical and quantum computer attacks.

It uses SHA3-512 for digest generation and provides context-aware signing using type names for domain separation.

§Core Traits

Digestible: Convert data structures to SHA3-512 digests for signing
Signable: Types that can be signed and converted to their signed variants
Sign: Signing key operations with both EC and PQ algorithms
Verifier: Provides verifying keys for operations with verifiable data structures
Verifiable: Types that carry signatures and can be verified

The crate is designed to work across different Reach components including Reaching Link, Reachable Secrets, and the Reach Attestant.

Constants§

FN_DSA_SIGNATURE_EMPTY: Zero filled array with the size of an FN-DSA signature.
FN_DSA_SIGNING_EMPTY: Zero filled array with the size of an FN-DSA signing key.

Traits§

Digestible: Convert data structures to SHA3-512 digests.
Sign: Signing key operations.
Signable: Sign and convert to the respective signed variant.
Signatures: Carries signatures.
Verifiable: Verifiable if Digestible and carrying Signatures.
Verifier: Provides verifying keys for signature verification operations.
Verifies: Indicating which types can be verified by a given verifier.
VerifyingKeys: Links signing keys to their corresponding verifying keys.

Functions§

verify_digest: Verify both Ed25519 and FN-DSA signatures with a digest.