Crate starknet_crypto
source ·Expand description
§Low-level cryptography utilities for Starknet
starknet-crypto
contains utilities for performing low-level cryptographic operations in Starknet.
You’re advised to use high-level crypto utilities implemented by the
starknet-core
crate (or use it through thestarknet::core
re-export) if you’re not familiar with cryptographic primitives. Using these low-level functions incorrectly could result in leaking your private key, for example.
This library does not provide constant-time guarantees.
§WARNING
While it has been tested against data randomly generated from cairo-lang
, this crate is NOT audited or reviewed for security. Use at your own risk.
If you’re a cryptographer, you’re welcome to contribute by reviewing the implementation :)
§Benchmark
These results were generated on the author’s machine with AMD Ryzen 9 5950X 16-Core Processor running Ubuntu 22.04.1 LTS.
For instructions on running the benchmarks yourself, check out this page.
§Native
ecdsa_get_public_key time: [125.53 µs 125.63 µs 125.75 µs]
ecdsa_recover time: [421.74 µs 421.93 µs 422.16 µs]
ecdsa_sign time: [170.30 µs 170.50 µs 170.71 µs]
ecdsa_verify time: [428.34 µs 428.73 µs 429.17 µs]
pedersen_hash time: [33.379 µs 33.435 µs 33.521 µs]
poseidon_hash time: [12.552 µs 12.571 µs 12.595 µs]
poseidon_hash_single time: [12.572 µs 12.587 µs 12.601 µs]
poseidon_hash_many time: [25.048 µs 25.089 µs 25.137 µs]
rfc6979_generate_k time: [1.4810 µs 1.4817 µs 1.4827 µs]
§WebAssembly
(With its excellent wasm performance, results are only provided for Node.js here. Check out the benchmark page for running the benchmark on other runtimes).
Runtime version:
$ node --version
v18.16.0
Node.js results:
ecdsa_get_public_key time: [1.0093 ms 1.0118 ms 1.0147 ms]
ecdsa_recover time: [3.0610 ms 3.0627 ms 3.0646 ms]
ecdsa_sign time: [1.0584 ms 1.0600 ms 1.0615 ms]
ecdsa_verify time: [3.0273 ms 3.0309 ms 3.0345 ms]
pedersen_hash time: [234.12 µs 234.30 µs 234.49 µs]
poseidon_hash time: [90.892 µs 91.032 µs 91.166 µs]
poseidon_hash_single time: [90.358 µs 90.404 µs 90.451 µs]
poseidon_hash_many time: [180.93 µs 181.13 µs 181.35 µs]
rfc6979_generate_k time: [9.2623 µs 9.2793 µs 9.2979 µs]
§Credits
Most of the code in this crate for the Pedersen hash implementation was inspired and modified from the awesome pathfinder
from Equilibrium.
The Poseidon hash implementation was also ported from pathfinder
.
Based on this solid foundation, ECDSA functionalities were inspired and ported from the crypto-cpp
implementation from StarkWare.
Structs§
- Stark ECDSA signature with
v
- A hasher for Starknet Poseidon hash.
- Stark ECDSA signature
Enums§
- Errors when performing ECDSA
recover
operations - Errors when performing ECDSA
sign
operations - Errors when performing ECDSA
verify
operations
Functions§
- Computes the public key given a Stark private key.
- Computes the Starkware version of the Pedersen hash of x and y. All inputs are little-endian.
- Computes the Starknet Poseidon hash of x and y.
- Computes the Starknet Poseidon hash of an arbitrary number of FieldElements.
- Computes the Starknet Poseidon hash of a single FieldElement.
- Poseidon permutation function.
- Recovers the public key from a message and (r, s, v) signature parameters
- Deterministically generate ephemeral scalar
k
based on RFC 6979. - Computes ECDSA signature given a Stark private key and message hash.
- Verifies if a signature is valid over a message hash given a public key. Returns an error instead of
false
if the public key is invalid.