Cryptography
This section provides an overview of the cryptography utilized in Cere and other Substrate-based chains. It assumes familiarity with cryptographic primitives commonly employed in blockchains, such as hashes, elliptic curve cryptography (ECC), and public-private keypairs.
For detailed descriptions of the cryptography used in Cere, refer to the Polkadot Wiki and the research wiki on this subject.
Cere Network uses the Blake2b hashing algorithm. Blake2b is known for its speed and is also employed in the cryptocurrency Zcash.
Cere Network employs Schnorrkel/Ristretto x25519 ("sr25519") as its key derivation and signing algorithm. Sr25519 is based on the same underlying Curve25519 as its EdDSA counterpart, Ed25519. However, it uses Schnorr signatures instead of the EdDSA scheme. Schnorr signatures offer efficiency and retain the same feature set and security assumptions. Additionally, they allow for native multisignature through signature aggregation.
The names Schnorrkel and Ristretto are derived from the two Rust libraries implementing this scheme: the Schnorrkel library for Schnorr signatures and the Ristretto library that enables the use of cofactor-8 curves like Curve25519.
Public and private keys are vital components enabling the existence of blockchains like Cere Network.
Account keys are meant to control funds and can be either:
ed25519 implementation using Schnorr signatures.sr25519 variant using Schnorr signatures.Both ed25519 and sr25519 offer comparable security for simple signatures. While ed25519 is expected to be better supported by commercial HSMs in the foreseeable future, sr25519 is safer for implementing complex protocols like HDKD commonly used in the Bitcoin and Ethereum ecosystem.
Stash and staking proxy keys are discussed in the context of running a validator or nominating but are essential for all users to understand. They are types of account keys defined by their intended use, not cryptographic differences. Both types can use any cryptography supported by account keys.
The staking proxy key is a semi-online key directly controlled by the user, used for submitting manual extrinsics, starting or stopping validating/nominating. It should hold enough DOT to pay for fees but should not hold significant amounts as it is exposed to the internet relatively frequently.
The stash key, in contrast, is typically a cold wallet, kept offline and securely stored, holding a larger amount of funds. It should rarely, if ever, be exposed to the internet or used to submit extrinsics. The stash key is designed to be like a savings account or buried treasure, hidden away and accessed only in urgent situations.