mirror of https://github.com/serai-dex/serai.git synced 2024-11-17 01:17:36 +00:00

History

Luke Parker 7a05466049 3.6.2 Test nonce generation There's two ways which this could be tested. 1) Preprocess not taking in an arbitrary RNG item, yet the relevant bytes This would be an unsafe level of refactoring, in my opinion. 2) Test random_nonce and test the passed in RNG eventually ends up at random_nonce. This takes the latter route, both verifying random_nonce meets the vectors and that the FROST machine calls random_nonce properly.		2023-02-28 21:02:12 -05:00
..
src	3.6.2 Test nonce generation	2023-02-28 21:02:12 -05:00
Cargo.toml	Add test vectors for Ciphersuite::hash_to_F	2022-12-25 02:50:10 -05:00
LICENSE	Create a dedicated crate for the DKG (#141 )	2022-10-29 03:54:42 -05:00
README.md	3.5.2 Add more tests to ff-group-tests	2023-02-24 06:03:56 -05:00

README.md

Ciphersuite

Ciphersuites for elliptic curves premised on ff/group.

Secp256k1/P-256

Secp256k1 and P-256 are offered via k256 and p256, two libraries maintained by RustCrypto.

Their hash_to_F is the IETF's hash to curve, yet applied to their scalar field.

Ed25519/Ristretto

Ed25519/Ristretto are offered via dalek-ff-group, an ff/group wrapper around curve25519-dalek.

Their hash_to_F is the wide reduction of SHA2-512, as used in RFC-8032. This is also compliant with the draft RFC-RISTRETTO. The domain-separation tag is naively prefixed to the message.

Ed448

Ed448 is offered via minimal-ed448, an explicitly not recommended, unaudited, incomplete Ed448 implementation, limited to its prime-order subgroup.

Its hash_to_F is the wide reduction of SHAKE256, with a 114-byte output, as used in RFC-8032. The domain-separation tag is naively prefixed to the message.