For signing, we use libsodium’s EdDSA implementation directly: • Sign.KeyGen generates a key pair (vk, sk) (via crypto sign keypair). • Sign.Sign takes as input a context string Context and a message M and outputs a “detached” signature Sig over SHA256(Context)||SHA256(M) (via crypto sign detached). • Sign.Verify takes as input a detached signature Sig, a context string Context, and a message M; it outputs true on verification success and false on failure (via crypto - sign verify detached).
