{"id":37020808,"url":"https://github.com/aldenml/ecc","last_synced_at":"2026-01-14T02:25:57.293Z","repository":{"id":43386828,"uuid":"375419356","full_name":"aldenml/ecc","owner":"aldenml","description":"elliptic-curve cryptography","archived":false,"fork":false,"pushed_at":"2023-10-08T21:44:33.000Z","size":5059,"stargazers_count":30,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-09-13T13:32:29.290Z","etag":null,"topics":["apake","authentication","bls-signature","bls12-381","cryptography","ed25519","elliptic-curve-cryptography","elliptic-curves","hkdf","opaque","oprf","pairing-based-cryptography","pake","proxy-re-encryption","ristretto255","threshold-cryptography","threshold-signature"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aldenml.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2021-06-09T16:22:20.000Z","updated_at":"2025-07-11T07:16:36.000Z","dependencies_parsed_at":"2023-09-24T21:51:39.767Z","dependency_job_id":null,"html_url":"https://github.com/aldenml/ecc","commit_stats":{"total_commits":230,"total_committers":2,"mean_commits":115.0,"dds":0.004347826086956497,"last_synced_commit":"c441e5baf24f3af8c4b0bfd54799733c470e5403"},"previous_names":[],"tags_count":17,"template":false,"template_full_name":null,"purl":"pkg:github/aldenml/ecc","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aldenml%2Fecc","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aldenml%2Fecc/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aldenml%2Fecc/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aldenml%2Fecc/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aldenml","download_url":"https://codeload.github.com/aldenml/ecc/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aldenml%2Fecc/sbom","scorecard":{"id":178406,"data":{"date":"2025-08-11","repo":{"name":"github.com/aldenml/ecc","commit":"fedffd5624db6d90c659864c21be0c530484c925"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.5,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":9,"reason":"binaries present in source code","details":["Warn: binary detected: bindings/jvm/gradle/wrapper/gradle-wrapper.jar:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/android.yml:1","Warn: no topLevel permission defined: .github/workflows/ios.yml:1","Warn: no topLevel permission defined: .github/workflows/javascript.yml:1","Warn: no topLevel permission defined: .github/workflows/linux.yml:1","Warn: no topLevel permission defined: .github/workflows/macos.yml:1","Warn: no topLevel permission defined: .github/workflows/sonarcloud.yml:1","Warn: no topLevel permission defined: .github/workflows/windows.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/android.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/aldenml/ecc/android.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/android.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/aldenml/ecc/android.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/android.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/aldenml/ecc/android.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/android.yml:135: update your workflow using https://app.stepsecurity.io/secureworkflow/aldenml/ecc/android.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/android.yml:145: update your workflow using https://app.stepsecurity.io/secureworkflow/aldenml/ecc/android.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/android.yml:195: update your workflow using https://app.stepsecurity.io/secureworkflow/aldenml/ecc/android.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/android.yml:205: update your workflow using https://app.stepsecurity.io/secureworkflow/aldenml/ecc/android.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/android.yml:255: update your workflow using https://app.stepsecurity.io/secureworkflow/aldenml/ecc/android.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ios.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/aldenml/ecc/ios.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ios.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/aldenml/ecc/ios.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ios.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/aldenml/ecc/ios.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ios.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/aldenml/ecc/ios.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ios.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/aldenml/ecc/ios.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ios.yml:115: update your workflow using https://app.stepsecurity.io/secureworkflow/aldenml/ecc/ios.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/javascript.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/aldenml/ecc/javascript.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linux.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/aldenml/ecc/linux.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linux.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/aldenml/ecc/linux.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/macos.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/aldenml/ecc/macos.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/macos.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/aldenml/ecc/macos.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/macos.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/aldenml/ecc/macos.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/macos.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/aldenml/ecc/macos.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sonarcloud.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/aldenml/ecc/sonarcloud.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sonarcloud.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/aldenml/ecc/sonarcloud.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sonarcloud.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/aldenml/ecc/sonarcloud.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/windows.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/aldenml/ecc/windows.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/windows.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/aldenml/ecc/windows.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/windows.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/aldenml/ecc/windows.yml/master?enable=pin","Warn: npmCommand not pinned by hash: .github/workflows/javascript.yml:29","Warn: npmCommand not pinned by hash: .github/workflows/javascript.yml:46","Warn: pipCommand not pinned by hash: .github/workflows/linux.yml:28","Warn: pipCommand not pinned by hash: .github/workflows/linux.yml:29","Warn: pipCommand not pinned by hash: .github/workflows/macos.yml:27","Warn: pipCommand not pinned by hash: .github/workflows/macos.yml:28","Warn: downloadThenRun not pinned by hash: .github/workflows/macos.yml:39","Warn: pipCommand not pinned by hash: .github/workflows/macos.yml:91","Warn: pipCommand not pinned by hash: .github/workflows/macos.yml:92","Info:   0 out of  26 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned","Info:   0 out of   2 npmCommand dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v1.1.0 not signed: https://api.github.com/repos/aldenml/ecc/releases/124191139","Warn: release artifact v1.0.23 not signed: https://api.github.com/repos/aldenml/ecc/releases/103730969","Warn: release artifact v1.0.22 not signed: https://api.github.com/repos/aldenml/ecc/releases/103398578","Warn: release artifact v1.0.21 not signed: https://api.github.com/repos/aldenml/ecc/releases/102141703","Warn: release artifact v1.0.20 not signed: https://api.github.com/repos/aldenml/ecc/releases/99908016","Warn: release artifact v1.1.0 does not have provenance: https://api.github.com/repos/aldenml/ecc/releases/124191139","Warn: release artifact v1.0.23 does not have provenance: https://api.github.com/repos/aldenml/ecc/releases/103730969","Warn: release artifact v1.0.22 does not have provenance: https://api.github.com/repos/aldenml/ecc/releases/103398578","Warn: release artifact v1.0.21 does not have provenance: https://api.github.com/repos/aldenml/ecc/releases/102141703","Warn: release artifact v1.0.20 does not have provenance: https://api.github.com/repos/aldenml/ecc/releases/99908016"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 28 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":4,"reason":"6 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55","Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5","Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-16T18:18:27.850Z","repository_id":43386828,"created_at":"2025-08-16T18:18:27.850Z","updated_at":"2025-08-16T18:18:27.850Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28408711,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T01:52:23.358Z","status":"online","status_checked_at":"2026-01-14T02:00:06.678Z","response_time":107,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["apake","authentication","bls-signature","bls12-381","cryptography","ed25519","elliptic-curve-cryptography","elliptic-curves","hkdf","opaque","oprf","pairing-based-cryptography","pake","proxy-re-encryption","ristretto255","threshold-cryptography","threshold-signature"],"created_at":"2026-01-14T02:25:56.864Z","updated_at":"2026-01-14T02:25:57.285Z","avatar_url":"https://github.com/aldenml.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# elliptic-curve cryptography\n\n[![macOS](https://github.com/aldenml/ecc/actions/workflows/macos.yml/badge.svg?branch=master)](https://github.com/aldenml/ecc/actions/workflows/macos.yml)\n[![Linux](https://github.com/aldenml/ecc/actions/workflows/linux.yml/badge.svg?branch=master)](https://github.com/aldenml/ecc/actions/workflows/linux.yml)\n[![Windows](https://github.com/aldenml/ecc/actions/workflows/windows.yml/badge.svg?branch=master)](https://github.com/aldenml/ecc/actions/workflows/windows.yml)\n[![javascript](https://github.com/aldenml/ecc/actions/workflows/javascript.yml/badge.svg?branch=master)](https://github.com/aldenml/ecc/actions/workflows/javascript.yml)\n[![iOS](https://github.com/aldenml/ecc/actions/workflows/ios.yml/badge.svg?branch=master)](https://github.com/aldenml/ecc/actions/workflows/ios.yml)\n[![Android](https://github.com/aldenml/ecc/actions/workflows/android.yml/badge.svg?branch=master)](https://github.com/aldenml/ecc/actions/workflows/android.yml)\n[![Codacy Badge](https://app.codacy.com/project/badge/Grade/b805b9122f2e46d097eab8cefb0df48e)](https://app.codacy.com/gh/aldenml/ecc/dashboard)\n[![Codacy Badge](https://app.codacy.com/project/badge/Coverage/b805b9122f2e46d097eab8cefb0df48e)](https://www.codacy.com/gh/aldenml/ecc/dashboard)\n[![javadoc](https://javadoc.io/badge2/org.ssohub/ecc/javadoc.svg)](https://javadoc.io/doc/org.ssohub/ecc)\n[![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=aldenml_ecc\u0026metric=sqale_rating)](https://sonarcloud.io/summary/new_code?id=aldenml_ecc)\n[![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=aldenml_ecc\u0026metric=security_rating)](https://sonarcloud.io/summary/new_code?id=aldenml_ecc)\n[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=aldenml_ecc\u0026metric=alert_status)](https://sonarcloud.io/summary/new_code?id=aldenml_ecc)\n\nLibrary to work with elliptic-curve cryptography based on [libsodium](https://github.com/jedisct1/libsodium)\nand [blst](https://github.com/supranational/blst).\n\n| Bindings   |                               |                                                                                                                                      |\n|------------|-------------------------------|--------------------------------------------------------------------------------------------------------------------------------------|\n| Java       | [jvm/ecc](bindings/jvm)       | [![maven](https://img.shields.io/maven-central/v/org.ssohub/ecc.svg?label=maven)](https://central.sonatype.com/namespace/org.ssohub) |\n| Javascript | [js/ecc](bindings/js)         | [![npm](https://img.shields.io/npm/v/@aldenml/ecc)](https://www.npmjs.com/package/@aldenml/ecc)                                      |\n| Python     | [python/ecc](bindings/python) | [![PyPI version](https://badge.fury.io/py/libecc.svg)](https://badge.fury.io/py/libecc)                                              |\n\n### Features\n\n- [OPRF](#oprf-oblivious-pseudo-random-functions)\n- [OPAQUE](#opaque-the-opaque-asymmetric-pake-protocol)\n- [Two-Round Threshold Schnorr Signatures with FROST](#two-round-threshold-schnorr-signatures-with-frost)\n- [Ethereum BLS Signature](#ethereum-bls-signature)\n- [BLS12-381 Pairing](#bls12-381-pairing)\n- [Proxy Re-Encryption (PRE)](#proxy-re-encryption-pre)\n- [Cryptographic primitives and utilities](#cryptographic-primitives-and-utilities)\n\n### OPRF Oblivious pseudo-random functions\n\nThis is an implementation of [draft-irtf-cfrg-voprf-21](https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-voprf-21)\nciphersuite **OPRF(ristretto255, SHA-512)** using `libsodium`.\n\nAn Oblivious Pseudorandom Function (OPRF) is a two-party protocol between client\nand server for computing the output of a Pseudorandom Function (PRF). The server\nprovides the PRF secret key, and the client provides the PRF input. At the end\nof the protocol, the client learns the PRF output without learning anything\nabout the PRF secret key, and the server learns neither the PRF input nor\noutput.\n\nThere are two variations of the basic protocol:\n\n- VOPRF: is OPRF with the notion of verifiability. Clients can verify that the\nserver used a specific private key during the execution of the protocol.\n- POPRF: is a partially-oblivious VOPRF that allows clients and servers to\nprovide public input to the PRF computation.\n\nThe OPRF flow is shown below (from the IRTF draft):\n```\n    Client(input)                                        Server(skS)\n  -------------------------------------------------------------------\n  blind, blindedElement = Blind(input)\n\n                             blindedElement\n                               ----------\u003e\n\n                evaluatedElement = BlindEvaluate(skS, blindedElement)\n\n                             evaluatedElement\n                               \u003c----------\n\n  output = Finalize(input, blind, evaluatedElement)\n```\n\nFor the advanced modes VOPRF and POPRF refer to the published draft.\n\n### OPAQUE The OPAQUE Asymmetric PAKE Protocol\n\nThis is an implementation of [draft-irtf-cfrg-opaque-12](https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-opaque-12)\nusing `libsodium`.\n\nOPAQUE consists of two stages: registration and authenticated key\nexchange. In the first stage, a client registers its password with\nthe server and stores its encrypted credentials in the server, but\nthe server never knows what the password is.\n\nThe registration flow is shown below (from the IRTF draft):\n\n```\n       creds                                   parameters\n         |                                         |\n         v                                         v\n       Client                                    Server\n       ------------------------------------------------\n                   registration request\n                -------------------------\u003e\n                   registration response\n                \u003c-------------------------\n                         record\n                -------------------------\u003e\n      ------------------------------------------------\n         |                                         |\n         v                                         v\n     export_key                                 record\n```\n\nIn the second stage, the client outputs two values, an \"export_key\" (matching\nthat from registration) and a \"session_key\". The server outputs a single value\n\"session_key\" that matches that of the client.\n\nThe authenticated key exchange flow is shown below (from the IRTF draft):\n```\n       creds                             (parameters, record)\n         |                                         |\n         v                                         v\n       Client                                    Server\n       ------------------------------------------------\n                      AKE message 1\n                -------------------------\u003e\n                      AKE message 2\n                \u003c-------------------------\n                      AKE message 3\n                -------------------------\u003e\n      ------------------------------------------------\n         |                                         |\n         v                                         v\n   (export_key, session_key)                  session_key\n```\n\nThe public API for implementing the protocol is:\n\n- Client\n```\nopaque_ristretto255_sha512_CreateRegistrationRequest\nopaque_ristretto255_sha512_FinalizeRequest\nopaque_ristretto255_sha512_3DH_ClientInit\nopaque_ristretto255_sha512_3DH_ClientFinish\n```\n\n- Server\n```\nopaque_ristretto255_sha512_CreateRegistrationResponse\nopaque_ristretto255_sha512_3DH_ServerInit\nopaque_ristretto255_sha512_3DH_ServerFinish\n```\n\n### Two-Round Threshold Schnorr Signatures with FROST\n\nThis is an implementation of [draft-irtf-cfrg-frost-13](https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-frost-13)\nusing `libsodium`.\n\nThe draft presents a two-round signing variant of FROST, a Flexible Round-Optimized Schnorr Threshold signature\nscheme. FROST signatures can be issued after a threshold number of entities cooperate to issue a signature,\nallowing for improved distribution of trust and redundancy with respect to a secret key.\n\nUnlike signatures in a single-party setting, threshold signatures require cooperation among a threshold number\nof signers each holding a share of a common private key. The security of threshold schemes in general assume\nthat an adversary can corrupt strictly fewer than a threshold number of participants.\n\nThis implementation follows the trusted dealer key generation documented in the Appendix B of the draft\nusing Shamir and Verifiable Secret Sharing.\n\n### Ethereum BLS Signature\n\nEthereum uses BLS signatures as specified in the IETF\ndraft [draft-irtf-cfrg-bls-signature-05](https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-bls-signature-05)\nciphersuite `BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_POP_`.\n\nThis library provides the following API:\n\n```\necc_sign_eth_bls_KeyGen\necc_sign_eth_bls_SkToPk\necc_sign_eth_bls_KeyValidate\necc_sign_eth_bls_Sign\necc_sign_eth_bls_Verify\necc_sign_eth_bls_Aggregate\necc_sign_eth_bls_FastAggregateVerify\necc_sign_eth_bls_AggregateVerify\n```\n\nBLS is a digital signature scheme with aggregation properties that can be applied to signatures\nand public keys. For this reason, in the context of blockchains, BLS signatures are used for\nauthenticating transactions, votes during consensus protocols, and to reduce bandwidth\nand storage requirements.\n\n### BLS12-381 Pairing\n\nIn the context of pairing friendly elliptic curves, a pairing is a map `e: G1xG2 -\u003e GT` such\nthat for each a, b, P and Q\n```\ne(a * P, b * Q) = e(P, Q)^(a * b)\n```\nYou can use this to obtain such pairings:\n```c\n// c code, for a very similar java code, look at the unit tests\nbyte_t a[ecc_bls12_381_SCALARSIZE];\nbyte_t b[ecc_bls12_381_SCALARSIZE];\necc_bls12_381_scalar_random(a);\necc_bls12_381_scalar_random(b);\n\nbyte_t aP[ecc_bls12_381_G1SIZE];\nbyte_t bQ[ecc_bls12_381_G2SIZE];\n\necc_bls12_381_g1_scalarmult_base(aP, a); // a * P\necc_bls12_381_g2_scalarmult_base(bQ, b); // b * Q\n\nbyte_t pairing[ecc_bls12_381_FP12SIZE];\necc_bls12_381_pairing(pairing, aP, bQ); // e(a * P, b * Q)\n```\n\nRead more at:\u003cbr/\u003e\nhttps://hackmd.io/@benjaminion/bls12-381 \u003cbr/\u003e\nhttps://en.wikipedia.org/wiki/Pairing-based_cryptography\n\n### Proxy Re-Encryption (PRE)\n\nWith a pairing-friendly elliptic curve and a well-defined pairing operation,\nyou can implement a proxy re-encryption scheme.\n\nThis library provides an implementation using BLS12-381.\n\nExample of how to use it:\n```java\n// This is a java code sample, but for a similar plain C code sample look at the unit tests\n\n// client A setup public/private keys and signing keys\nKeyPair keysA = pre_schema1_KeyGen();\nSigningKeyPair signingA = pre_schema1_SigningKeyGen();\n\n// client B setup public/private keys (signing keys are not used here)\nKeyPair keysB = pre_schema1_KeyGen();\n\n// proxy server setup signing keys\nSigningKeyPair signingProxy = pre_schema1_SigningKeyGen();\n\n// client A selects a plaintext message, this message\n// in itself is random but can be used as a seed\n// for symmetric encryption keys\nbyte[] message = pre_schema1_MessageGen();\n\n// client A encrypts the message to itself, making it\n// possible to send this ciphertext to the proxy.\nbyte[] ciphertextLevel1 = pre_schema1_Encrypt(message, keysA.pk, signingA);\n\n// client A sends ciphertextLevel1 to the proxy server and\n// eventually client A allows client B to see the encrypted\n// message, in this case the proxy needs to re-encrypt\n// ciphertextLevel1 (without ever knowing the plaintext).\n// In order to do that, client A needs to create a re-encryption\n// key that the proxy can use to perform such operation.\n\n// client A creates a re-encryption key the proxy can use\n// to re-encrypt the ciphertext (ciphertextLevel1) in order for\n// client B be able to recover the original message\nbyte[] reEncKey = pre_schema1_ReKeyGen(keysA.sk, keysB.pk, signingA);\n\n// the proxy re-encrypts the ciphertext ciphertextLevel1 with such\n// a key that allows client B to recover the original message\nbyte[] ciphertextLevel2 = pre_schema1_ReEncrypt(\n    ciphertextLevel1,\n    reEncKey,\n    signingA.spk, keysB.pk,\n    signingProxy\n);\n\n// client B is able to decrypt ciphertextLevel2 and the result\n// is the original plaintext message\nbyte[] messageDecrypted = pre_schema1_DecryptLevel2(\n    ciphertextLevel2,\n    keysB.sk, signingProxy.spk\n);\n\n// now both client A and client B share the same plaintext message\n// messageDecrypted is equal to message\n```\n\nRead more at:\u003cbr/\u003e\n\"A Fully Secure Unidirectional and Multi-user Proxy Re-encryption Scheme\" by H. Wang and Z. Cao, 2009 \u003cbr/\u003e\n\"A Multi-User CCA-Secure Proxy Re-Encryption Scheme\" by Y. Cai and X. Liu, 2014 \u003cbr/\u003e\n\"Cryptographically Enforced Orthogonal Access Control at Scale\" by B. Wall and P. Walsh, 2018 \u003cbr/\u003e\nhttps://en.wikipedia.org/wiki/Proxy_re-encryption\n\n### Cryptographic primitives and utilities\n\n```\necc_hash_sha256\necc_hash_sha512\n\necc_kdf_scrypt\necc_kdf_argon2id\n\necc_aead_chacha20poly1305_encrypt\necc_aead_chacha20poly1305_decrypt\n```\n\n### Bindings and building\n\nTo generate the static files for bindings:\n```shell\npython3 bindings/gen_code.py\n```\nTo build c shared and static libraries and jvm bindings:\n```shell\n./build-c.sh\n```\nTo build javascript bindings:\n```shell\n./build-js.sh\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faldenml%2Fecc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faldenml%2Fecc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faldenml%2Fecc/lists"}