Open ghost opened 3 years ago
I think there is not any question about using ChaCha20 and BLAKE2b for right now, and unless there is something to debate about it, there are no further decisions to make.
The only remaining relevant open issue is implementing a key-committing AEAD for the transactions which can be built on top of the primitives we choose.
The plan is to implement https://eprint.iacr.org/2020/1153.pdf over ChaCha20/BLAKE2b. It would be ideal to write this in an abstract way (perhaps in its own crate) where it can be easily reused. (Default license for such a crate should be gpl3 for now)
There is a nontrivial amount of symmetric crypto in the protocol, almost all of it should be provided by existing crates.
This task involves:
I think the high priority for symmetric crypto choices should be: