ZK-friendly cryptographic primitives for Rust.
- MiMC Hash: Efficient hash function designed for ZK circuits (compatible with Tornado Cash / circomlib)
- Merkle Tree: MiMC-based tree with proof generation and verification
- No unsafe code:
#![deny(unsafe_code)] no_stdsupport: Optional, for WASM/embedded targets- Well-documented: Comprehensive API documentation with examples
Add to your Cargo.toml:
[dependencies]
stealth-lib = "1.0"| Feature | Default | Description |
|---|---|---|
std |
✅ | Enable standard library support |
serde |
❌ | Enable serde serialization |
borsh |
❌ | Enable borsh serialization (for Solana) |
experimental |
❌ |
use stealth_lib::{MerkleTree, MerkleProof};
fn main() -> stealth_lib::Result<()> {
// Create a tree with 20 levels (can hold ~1M leaves)
let mut tree = MerkleTree::new(20)?;
// Insert some leaves (e.g., commitment hashes)
let commitment = 12345u128;
let index = tree.insert(commitment)?;
// Generate a proof for the commitment
let proof = tree.prove(index)?;
// Verify the proof against the current root
let root = tree.root().unwrap();
assert!(proof.verify(root, &tree.hasher()));
println!("Commitment {} proven at index {}", commitment, index);
Ok(())
}use stealth_lib::hash::MimcHasher;
fn main() {
let hasher = MimcHasher::default();
// Hash two values (e.g., for a commitment)
let nullifier = 123456789u128;
let secret = 987654321u128;
let commitment = hasher.hash(nullifier, secret);
println!("Commitment: {}", commitment);
}- Zero-knowledge proof circuits (Tornado Cash, Semaphore, etc.)
- On-chain verification of Merkle membership proofs
- Privacy-preserving applications using ZK-SNARKs
- ✅ Collision resistance of MiMC (computational security)
- ✅ Correct Merkle proofs for membership verification
- ✅ Deterministic outputs for same inputs
- ✅ Root history buffer for handling concurrent insertions
- ❌ NOT constant-time — Vulnerable to timing side-channels
- ❌ NOT a general-purpose crypto library — Use
ring,sha2, etc. - ❌ NOT professionally audited — Use at your own risk
- ❌ NOT suitable for password hashing — Use argon2, bcrypt, scrypt
- Use for building ZK circuits
- Verify proofs on-chain (Solana, Ethereum)
- Use established libraries for non-ZK crypto
- Use MiMC for password hashing
- Use the
experimentalfeature in production - Assume constant-time execution
- Use for cryptographic signatures
| Type | Description |
|---|---|
MerkleTree |
Sparse Merkle tree with MiMC hash |
MerkleProof |
Merkle inclusion proof |
MimcHasher |
MiMC-Feistel sponge hasher |
Error |
Typed error enum |
Result<T> |
Result alias with Error |
All fallible operations return Result<T, Error>:
use stealth_lib::{MerkleTree, Error};
let tree = MerkleTree::new(0);
assert!(matches!(tree, Err(Error::InvalidTreeConfig(_))));
let mut tree = MerkleTree::new(2).unwrap(); // 4 leaves max
for _ in 0..4 {
tree.insert(0).unwrap();
}
let result = tree.insert(0);
assert!(matches!(result, Err(Error::TreeFull { .. })));Version 1.0 introduces breaking changes for improved safety:
// Old (v0.x)
use stealth_lib::merkle_tree::MerkleTree;
let tree = MerkleTree::new(20); // Could panic
let root = tree.get_last_root(); // Could panic
// New (v1.0)
use stealth_lib::MerkleTree;
let tree = MerkleTree::new(20).unwrap(); // Returns Result
let root = tree.root().unwrap(); // Returns OptionSee CHANGELOG.md for full migration guide.
Minimum Supported Rust Version: 1.70.0
Run benchmarks with:
cargo benchTypical results on modern hardware:
mimc_hash: ~500nsmerkle_insert (depth 20): ~50μsmerkle_prove (depth 20): ~100μsmerkle_verify (depth 20): ~50μs
Contributions are welcome! Please open an issue or PR.
MIT License - see LICENSE for details.
For security issues, please see SECURITY.md.