This document offers a conceptual overview of the cryptography used in Substrate.
Hash functions are used in Substrate to map arbitrary sized data to fixed-sized values.
Substrate provides two hash algorithms out of the box, but can support any hash algorithm which implements the
xxHash is a fast non-cryptographic hash function, working at speeds close to RAM limits. Because xxHash is not cryptographically secure, it is possible that the output of the hash algorithm can be reasonably controlled by modifying the input. This can allow a user to attack this algorithm by creating key collisions, hash collisions, and imbalanced storage tries.
xxHash is used in places where outside parties cannot manipulate the input of the hash function. For example, it is used to generate the key for runtime storage values, whose inputs are controlled by the runtime developer.
Substrate uses the
twox-hash implementation in Rust.
Substrate uses the
blake2 implementation in Rust.
Public-key cryptography is used in Substrate to provide a robust authentication system.
Substrate provides multiple different cryptographic schemes and is generic such that it can support anything which implements the
Schnorr signatures bring some noticeable features over the ECDSA/EdDSA schemes:
- It is better for hierarchical deterministic key derivations.
- It allows for native multi-signature through signature aggregation.
- It is generally more resistant to misuse.
One sacrifice that is made when using Schnorr signatures over ECDSA is that both require 64 bytes, but only ECDSA signatures communicate their public key.
- Learn about the Substrate account abstractions.
- For more detailed descriptions, please see the more advanced research wiki.
- Look at the Polkadot claims module to see how you can verify Ethereum signatures in the Substrate runtime.