[cryptography] upgrade sha2 to 0.11

[roberto-bayardo]

Upgrades sha2 to 0.11.0, which removed the asm feature and selects hardware backends automatically: SHA-NI on x86_64 (as before) and ARMv8 SHA2 intrinsics on aarch64 with runtime detection (previously the portable software implementation by default).

Per-target effect:

• x86_64 (servers): no behavioral change (SHA-NI was already runtime-detected).
• aarch64 linux (e.g. Graviton) and macos (dev machines): hardware SHA-256, ~4.3-5.4x faster.
• wasm32 and other targets: portable implementation, as before.

One wrinkle: curve25519-dalek's generic APIs (Scalar::from_hash in ed25519 core) and arkworks' DefaultFieldHasher (bandersnatch eVRF) require digest 0.10 trait impls, so those four call sites use a temporary second pin sha2-v010 (commented in the workspace manifest) until curve25519-dalek 5 stabilizes (currently 5.0.0-rc.0) and arkworks moves to digest 0.11. The sha2-asm feature hook is removed (it would no longer compile against 0.11; nothing enabled it). Cargo.lock shrinks: sha2-asm and its cc build dependency leave the graph.

Hash outputs are identical, so wire/storage formats and conformance fixtures are unaffected.

Criterion results on Apple M-series vs the previous default (soft) backend:

sha256::hash_message/msg_len=256       533.8 ns -> 99.6 ns  (-81%)
sha256::hash_message/msg_len=4096      6.90 us  -> 1.49 us  (-78%)
sha256::hash_message/msg_len=65536     108.1 us -> 24.2 us  (-78%)
sha256::hash_message/msg_len=1048576   1.72 ms  -> 361 us   (-79%)
sha256::hash_message/msg_len=16777216  27.5 ms  -> 5.77 ms  (-79%)

Verified: 498 cryptography tests (incl. sha256 conformance), 548 runtime tests, 2566 storage tests, wasm32-unknown-unknown cdylib builds for cryptography and storage.

🤖 Generated with Claude Code

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
✅ Deployment successful! View logs	commonware-mcp	3141574	Jun 12 2026, 04:59 PM

[cloudflare-workers-and-pages]

Deploying monorepo with    Cloudflare Pages

Latest commit:	3141574
Status:	✅  Deploy successful!
Preview URL:	https://7e67a203.monorepo-eu0.pages.dev
Branch Preview URL:	https://roberto-aarch64-hw-sha256.monorepo-eu0.pages.dev

View logs

[github-actions]

Benchmark results

Tip

✅ PASSED: No benchmark exceeded the regression threshold.

Benchmark comparison table

Benchmark	Baseline (main)	Current	Delta	Threshold	Status
qmdb::merkleize/variant=any::unordered::fixed::mmr keys=10000 ch=false sync=false	1.419 ms	1.411 ms	-0.59%	10.00%	✅ PASS
qmdb::merkleize/variant=current::ordered::fixed::mmb chunk=256 keys=10000 ch=true sync=false	2.323 ms	2.339 ms	+0.68%	10.00%	✅ PASS

Baseline commit(s): 6ba8ceee809f

[patrick-ogrady]

p256 still uses sha2@v0.10, so this wouldn't get removed even if we weren't using ark

[patrick-ogrady]

I think defaulting to hardware accelerated sha256 is a big enough win that this tweak is worth it.

[patrick-ogrady]

Does this mean we can't activate asm for ark?

[roberto-bayardo]

Good catch — sha2 0.11 removed the asm feature entirely (hardware acceleration is on by default now), which left no way to enable the asm backend for the 0.10 copy. Restored it as sha2-asm = ["sha2-v010/asm"] in 335fba8, so the ark path (and p256's internal sha2 0.10, via feature unification) can still get hw SHA on aarch64. Goes away once ark moves to digest 0.11.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 95.19%. Comparing base (6ba8cee) to head (3141574).

@@            Coverage Diff             @@
##             main    #4018      +/-   ##
==========================================
- Coverage   95.19%   95.19%   -0.01%     
==========================================
  Files         530      531       +1     
  Lines      217970   217973       +3     
  Branches     5277     5277              
==========================================
- Hits       207507   207501       -6     
- Misses       8683     8693      +10     
+ Partials     1780     1779       -1     

Files with missing lines	Coverage Δ
...raphy/src/bls12381/dkg/golden/evrf/bandersnatch.rs	90.75% <ø> (ø)
cryptography/src/ed25519/core/batch.rs	98.70% <100.00%> (ø)
cryptography/src/ed25519/core/mod.rs	100.00% <100.00%> (ø)
cryptography/src/ed25519/core/signing_key.rs	57.83% <100.00%> (ø)
cryptography/src/ed25519/core/verification_key.rs	51.64% <100.00%> (ø)

... and 8 files with indirect coverage changes

---

Continue to review full report in Codecov by Harness.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6ba8cee...3141574. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.