Alternative ED25519 hash

[rainbyte]

While learning about RaiBlocks, I'm trying to replicate some of its functionality using Haskell.

As it is explained in their design document, ED25519 is used for key handling, but Blake2b is used instead of SHA-512 for hashing.

I have searched a way to select hashing type in Cryptonite, but it seems that SHA-512 is hardcoded in the C implementation (see here).

Maybe I'm mistaken, but if that is not the case, would it be possible to add a way to select Blake2b?

Thanks in advance!

P/D: I'm willing to contribute a patch if minimal instructions are given (it is my 1st time using Cryptonite)

[ocheron]

With the Edwards25519 primitives it shouldn't be too difficult to reimplement Ed25519 in Haskell and have a parameter for the hash algorithm. And now even a constraint like HashDigestSize hash ~ 64 is possible.

[ocheron]

@rainbyte I recovered an implementation I did some time ago for testing:
https://gist.github.com/ocheron/892f4b50b7db5f4b3cebedf19d39835c

[rainbyte]

Thanks for answering so fast! I will take a look at that code and try to adapt it

[ocheron]

If something is required on the project I would go for something like this: in addition to modules Ed25519 and Ed448 we already have, a new module Crypto.PubKey.EdDSA with some features:

• selection of elliptic curve with a parameter (we have only Curve_Edwards25519 so far but Curve_Edwards448 may come later)
• control over hash algorithm to use internally
• support for context and prehash variants described in RFC 8032

[Shou]

Glad I'm not alone here, I'm also trying to do something with Nano (Raiblocks) in Haskell. Is a patch still on the table? I'd also be willing to help out here. It'd probably also help to make the choice of hash function explicit in the Haddock documentation.