MCPcopy Index your code
hub / github.com/MystenLabs/fastcrypto

github.com/MystenLabs/fastcrypto @fastcrypto-v2.0.0

Chat with this repo
repository ↗ · DeepWiki ↗ · release fastcrypto-v2.0.0 ↗ · + Follow
313 symbols 694 edges 23 files 36 documented · 12% updated todayfastcrypto-v0.1.11 · 2026-07-02★ 31042 open issues
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

fastcrypto

crate Docs Build status Apache2/MIT licensed Rust Version

fastcrypto is a common cryptography library used in software at Mysten Labs. It is published as an independent crate to encourage reusability across different applications and domains. It is a wrapper library around several carefully selected crates with the following considerations:

  • Security: Whether the libraries are vulnerable to known attack vectors or possible misuses.
  • Performance: Whether the crate performs cryptographic operations with speed after extensive benchmarking. This is critical for the Sui Network to be performant when signing and verifying large amounts of transactions and certificates.
  • Determinism: Whether the signature is non-malleable.
  • Popularity: Whether the library is used by other consensus critical systems.

Furthermore, we extend the selected libraries with additional features: - Robust testing framework: Wycheproof tests and prop tests are added when possible to protect against arbitrary inputs and crafted edge cases. - Zeroization: Sensitive private key materials are cleared from memory securely and proactively when it goes out of scope using zeroize trait. - Serialization: Effective and standardized serialization are required.

This library will be continuously updated with more schemes and faster implementations based on benchmarking results, RFC updates, new research and auditor inputs.

This crate contains:

  • Traits that should be implemented by concrete types representing digital cryptographic materials.

    • [SigningKey]: Trait implemented by the private key with associated types of its public key and signature.
    • [VerifyingKey]: Trait implemented by the public key with associated types of its private key and signature. It also includes a default implementation of batch verification that fails on empty batch verification.
    • [Authenticator]: Trait implemented by the signature with associated types of its public key and private key.
    • [AggregateAuthenticator]: Trait implemented by the aggregated signature, which allows adding signatures to the aggregated signature and verifying against the public keys with the corresponding messages.
    • [KeyPair]: Trait that represents a public/private keypair, which includes the common get priv/pub key functions and a keypair generation function with seeded randomness.
    • [ToFromBytes]: Trait that aims to minimize the number of steps involved in obtaining a serializable key.
    • [EncodeDecodeBase64]: Trait that extends ToFromBytes for immediate conversion to/from Base64 strings. This is the format in which cryptographic materials are stored.
  • Concrete signature schemes of type that implement the recommended traits required for cryptographic agility.

    • Ed25519: Backed by ed25519-consensus crate. Compliant to ZIP-215 that defines the signature validity that is lacking from RFC8032 but critical for consensus algorithms. ed25519-dalek is fully deprecated due to the recently discovered Chalkias double pub-key api vulnerability.
    • Secp256k1: Backed by Secp256k1 FFI wrapper that binds to C library and provides performance faster than the native Rust implementation k256 library by ~30% on verification. Produces a 65-byte recoverable signature of shape [r, s, v] where v can be 0 or 1 representing the recovery Id. Produces deterministic signatures using the pseudo-random deterministic nonce generation according to RFC6979, without the strong requirement to generate randomness for nonce protection. Uses sha256 as the default hash function for sign and verify. An interface for verify_hashed is provided to accept a pre-hashed message and its signature for verification. Supports public key recovery by providing the Secp256k1 signature with the corresponding pre-hashed message.
    • BLS12-381: Backed by blst crate written in Assembly and C that optimizes for performance and security. G1 and G2 points are serialized following ZCash specification in compressed format. Provides methods for verifying signatures in the G1 group against public keys in the G2 group. Provides methods for aggregating signatures and fast verifying aggregated signatures, where public keys are assumed to be verified for proof of possession.
  • Utility functions that serve as the underlying RUST implementation for the Move smart contract api.

    • HKDF: An HMAC-based key derivation function based on RFC-5869, to derive keypairs with a salt and an optional domain for the given keypair. This requires choosing an HMAC function that expands precisely to the byte length of a private key for the chosen KeyPair parameter.
    • Pedersen Commitment: Function to create a Pedersen commitment with a value and a blinding factor. Add or subtract Ristretto points that represent Pedersen commitments.
    • Bulletproofs Range Proof: Function to prove that a committed value is an unsigned integer that is within the range [0, 2^bits). Function to verify that the commitment is a Pedersen commitment of some value with an unsigned bit length, a value is an integer within the range [0, 2^bits)
  • A asynchronous signature service is provided for testing and benchmarking.

Tests and Benchmarks

There exist tests for all the three schemes, which can be run by:

$ cargo test

One can compare all currently implemented schemes for sign, verify, verify_batch and key-generation by running:

$ cargo bench

License

All crates licensed under either of

Extension points exported contracts — how you extend this code

ToFromBytes (Interface)
Trait impl'd by concrete types that represent digital cryptographic material (keys). For signatures, we rely on `signatu [13 …
src/traits.rs
HashFunction (Interface)
Trait implemented by hash functions providing a output of fixed length [2 implementers]
src/hash.rs
SealedPublicKeyLength (Interface)
(no doc) [3 implementers]
src/pubkey_bytes.rs
EncodeDecodeBase64 (Interface)
Cryptographic material with an immediate conversion to/from Base64 strings. This is an [extension trait](https://rust-l [4 …
src/traits.rs
Hashable (Interface)
This trait is implemented by all messages that can be hashed. [1 implementers]
src/hash.rs
VerifyingKey (Interface)
Trait impl'd by public keys in asymmetric cryptography. The trait bounds are implemented so as to be symmetric and equi [3 …
src/traits.rs
SigningKey (Interface)
Trait impl'd by private (secret) keys in asymmetric cryptography. The trait bounds are implemented so as to be symmetri [3 …
src/traits.rs
Authenticator (Interface)
Trait impl'd by signatures in asymmetric cryptography. The trait bounds are implemented so as to be symmetric and equiv [3 …
src/traits.rs

Core symbols most depended-on inside this repo

as_ref
called by 36
src/aes.rs
public
called by 30
src/ed25519.rs
as_bytes
called by 19
src/aes.rs
as_ref
called by 13
src/secp256k1.rs
as_ref
called by 12
src/bls12381.rs
to_vec
called by 12
src/hash.rs
private
called by 11
src/ed25519.rs
verify
called by 10
src/ed25519.rs

Shape

Method 134
Function 131
Class 31
Interface 16
Enum 1

Languages

Rust100%

Modules by API surface

src/ed25519.rs36 symbols
src/bls12381.rs33 symbols
src/tests/ed25519_tests.rs31 symbols
src/secp256k1.rs30 symbols
src/tests/secp256k1_tests.rs24 symbols
src/tests/bls12381_tests.rs23 symbols
src/traits.rs19 symbols
src/tests/aes_tests.rs15 symbols
src/aes.rs15 symbols
src/bulletproofs.rs14 symbols
src/hash.rs13 symbols
src/tests/hmac_tests.rs10 symbols

For agents

$ claude mcp add fastcrypto \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact