From 48b88daf1c27fff0cefb8f188a64ff0a1bab60d2 Mon Sep 17 00:00:00 2001
From: Kikuo Emoto <kemoto@codemonger.io>
Date: Sat, 23 Nov 2024 12:33:12 +0900
Subject: [PATCH] docs: update README

Adds the motivation, and some more acknowledgements.
---
 README.md | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 364a1c1..47ec029 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
 
 An [Ed448](https://datatracker.ietf.org/doc/html/rfc8032#section-5.2) verifier written in [Rust](https://www.rust-lang.org).
 
-This crate does nothing but wraps the [`ed448-goldilocks`](https://crates.io/crates/ed448-goldilocks) crate which undertakes all the complicated arithmetics in an implementation of [`Verifier`](https://docs.rs/signature/latest/signature/trait.Verifier.html) of the [`signature`](https://crates.io/crates/signature) crate.
+This crate does nothing but wraps the [`ed448-goldilocks`](https://crates.io/crates/ed448-goldilocks) crate which undertakes all the complicated arithmetics in an implementation of the [`Verifier`](https://docs.rs/signature/latest/signature/trait.Verifier.html) trait of the [`signature`](https://crates.io/crates/signature) crate.
 
 As this crate has not been audited for security at all, use it at **YOUR OWN RISK**.
 
@@ -37,10 +37,24 @@ fn main() {
 
 You can find the API documentation at <https://codemonger-io.github.io/ed448-verifier/ed448_verifier/index.html>.
 
+## Motivation
+
+This crate was developed in the course of [my project](https://github.com/codemonger-io/webauthn-rs) where I am trying to remove the OpenSSL dependency from [`webauthn-rs`](https://github.com/kanidm/webauthn-rs).
+As of November 23, 2024, there is no Ed448 verifier that implements the [`Verifier`](https://docs.rs/signature/2.2.0/signature/trait.Verifier.html) trait as far as I searched.
+There is an unreleased crate [`ed448-signature`](https://github.com/RustCrypto/signatures/tree/master/ed448) maintained by [Rust Crypto](https://github.com/rustcrypto), but it is not intended to provide the actual curve implementation.
+
 ## License
 
 While [`ed448-goldilocks` has no clear license](https://github.com/crate-crypto/Ed448-Goldilocks/pull/37), the original part of this crate is licensed under the [MIT license](./LICENSE).
 
 ## Acknowledgements
 
-This crate was designed after [`ed22519-dalek`](https://github.com/dalek-cryptography/curve25519-dalek/tree/main/ed25519-dalek).
\ No newline at end of file
+This crate was designed after [`ed22519-dalek`](https://github.com/dalek-cryptography/curve25519-dalek/tree/main/ed25519-dalek).
+
+The curve implementation is provided by [`ed448-goldilocks`](https://crates.io/crates/ed448-goldilocks).
+
+The default [SHAKE256](https://en.wikipedia.org/wiki/SHA-3) implementation is provided by [`sha3`](https://crates.io/crates/sha3).
+
+Test vectors for Ed448 verification were taken from [RFC 8032](https://datatracker.ietf.org/doc/html/rfc8032).
+
+Test vectors for SHAKE256 were downloaded from <https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/secure-hashing>.
\ No newline at end of file