Package b3ed25519 implements EdDSA over blake3 & curve25519.
All messages are prehashed with blake3, to prevent needing to read the
message stream twice; an existing blake3 message hash can be provided for
signing or verification.
This package also implements ECDH over edwards curve25519.
You shouldn't use this. Instead, use ed25519 for signatures and x25519 for
DH. If you have a burning desire to use the same key for signing and key
exchange, see filippo.io/edwards25519#Point.BytesMontgomery for converting an
ed25519 public key to a x25519 public key. The private keys will be the same,
though note the ed25519 private key as defined by the RFC is not used
directly; it is first hashed with sha512, and then the first 32 bytes of that
are clamped to produce the final key. See
filippo.io/edwards25519#Scalar.SetBytesWithClamping for more info.