Skip to content

Latest commit

 

History

History

starknet-crypto

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 
 
 

Low-level cryptography utilities for Starknet

starknet-crypto contains utilities for performing low-level cryptographic operations in Starknet:

  • ECDSA operations
    • Signing hashes
    • Verifying signatures
    • Recovering public keys from signatures
  • Pedersen hash
  • Poseidon hash
  • RFC-6979

You're advised to use high-level crypto utilities implemented by the starknet-core crate (or use it through the starknet::core re-export) if you're not familiar with cryptographic primitives. Using these low-level functions incorrectly could result in leaking your private key, for example.

This library does not provide constant-time guarantees.

WARNING

While it has been tested against data randomly generated from cairo-lang, this crate is NOT audited or reviewed for security. Use at your own risk.

If you're a cryptographer, you're welcome to contribute by reviewing the implementation :)

Benchmark

These results were generated on the author's machine with Apple M3 Max running macOS 14.5.

For instructions on running the benchmarks yourself, check out this page.

Native

ecdsa_get_public_key    time:   [62.223 µs 62.231 µs 62.240 µs]
ecdsa_recover           time:   [253.15 µs 253.47 µs 254.13 µs]
ecdsa_sign              time:   [95.633 µs 95.649 µs 95.668 µs]
ecdsa_verify            time:   [255.70 µs 255.77 µs 255.84 µs]
pedersen_hash           time:   [13.021 µs 13.023 µs 13.024 µs]
poseidon_hash           time:   [5.0139 µs 5.0148 µs 5.0155 µs]
poseidon_hash_single    time:   [5.0239 µs 5.0381 µs 5.0543 µs]
poseidon_hash_many      time:   [10.077 µs 10.087 µs 10.100 µs]
rfc6979_generate_k      time:   [4.5806 µs 4.5821 µs 4.5836 µs]

WebAssembly

(Results are only provided for wasmtime here. Check out the benchmark page for running the benchmark on other runtimes).

Runtime version:

$ wasmtime --version
wasmtime-cli 21.0.1 (cedf9aa0f 2024-05-22)

wasmtime results:

ecdsa_get_public_key    time:   [333.64 µs 334.07 µs 334.48 µs]
ecdsa_recover           time:   [1.1177 ms 1.1207 ms 1.1248 ms]
ecdsa_sign              time:   [386.33 µs 387.42 µs 388.68 µs]
ecdsa_verify            time:   [1.1246 ms 1.1280 ms 1.1320 ms]
pedersen_hash           time:   [64.934 µs 64.962 µs 64.993 µs]
poseidon_hash           time:   [20.745 µs 20.772 µs 20.825 µs]
poseidon_hash_single    time:   [20.790 µs 20.813 µs 20.837 µs]
poseidon_hash_many      time:   [41.878 µs 41.911 µs 41.945 µs]
rfc6979_generate_k      time:   [11.564 µs 11.566 µs 11.569 µs]

Binary size optimization

By default, starknet-crypto ships with a Pedersen hash implementation utilizing a lookup table for better performance. To optimize for binary size over performance, the crate offers a pedersen_no_lookup feature, which uses a vanilla unoptimized implementation instead.

Warning

Enabling the pedersen_no_lookup feature significantly slows down hashing performance by approximately a factor of 10. Make sure you understand the impact on your use case before turning it on.

Credits

Most of the code in this crate for the Pedersen hash implementation was inspired and modified from the awesome pathfinder from Equilibrium.

The Poseidon hash implementation was also ported from pathfinder.

Based on this solid foundation, ECDSA functionalities were inspired and ported from the crypto-cpp implementation from StarkWare.